i got paid to overflow a buffer on a nintendo 64 (arbitrary code execution on mario golf via transfer pak)

I cannot overstate how powerful codex is for cybersecurity work. I'd encourage all defenders to sign up for Trusted Access for Cyber (chatgpt.com/cyber) and give it a shot for their workflows. If orgs are slow to get TAC approvals, please reach out to me.

Hacking Google with A.I. for $500,000 brutecat.com/r/hacking-googl…

This guy sucks. At my first Pwn2Own he asked me over and over if it was my first CVE. I said no but he kept insisting, in front of everyone, he’d never seen my name credited before. Turns out he was confusing me with another woman in infosec. In charge of security research engagement for MSRC btw

i got paid to overflow a buffer on a nintendo 64 (arbitrary code execution on mario golf via transfer pak)

Inspired by Mythos finding 20-year old bugs in open source projects, we pointed Opus 4.8 at an esteemed 20 year old closed source target: 1999 Mario Golf on N64

we got Opus 4.8 for @sshell_ and in a few hours he made Mario Golf do uncouth things, thanks @AnthropicAI

we got early access to Opus 4.8 and used it to hack a Nintendo 64 game you forgot about. here's what it didn't find: 1/

real ones know I’d never call myself an ethical hacker 🤏🏼

Stop blaming AI slop for what bug bounty platforms did to themselves. 👇 wrote down some thoughts about the state of triage clawd.it/posts/14-to-kara-al…

Adam (@hash_kitten) posted the solution for the XSS challenge he made earlier in the week on our Searchlight Cyber blog here: slcyber.io/research-center/t… - pretty interesting behaviour in Chrome's sanitizer API!

Every company is going to have its customer data hacked by an AI agent in the next 5 years. The question is: will you run the agent on yourself, or will you wait for an adversary to? @runsybil (founder @adversariel) is one of the most compelling pitches I’ve come across recently: run agents that continuously attack yourself 24/7, rather than running a penetration test a few times a year. Every company needs this ASAP. I grew up as a hacker kid who watched The Matrix too many times. I never caused harm and always reported my findings, but I was fascinated by breaking and bending software. The key ingredient in hacking is not brilliance, it’s patience. If you try everything, eventually something breaks. As a teenager I had all the time in the world. AI agents have 1000x more patience and time than a bored 15 year old. We don’t need Mythos for agents to be a massive security threat. The threat is already here. It is just a matter of time until virtually every company on earth gets hacked by an agent. The only question is whether you will be the one running the agent, or whether someone else will. You should talk with @adversariel at @runsybil!

Our Friday sitdown started with new headshots and ended with this. We're hiring. Come join the swamp 1/

Mind blown 🤯 Some smartphones sold in mainland China (like certain OPPO models) can read MIFARE Classic cards, crack the keys in seconds, store them, and then fully emulate the card directly on the phone. No extra hardware. Just the phone. Access control, transit cards, hotel keys… game over. Huge thanks to Ian for showing me this in person. Really eye-opening how far NFC capabilities have gone in some regions. Who else has seen this in the wild? #NFC #MIFARE #TechSecurity​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​ #oppo

I’m really proud of this. The code we audited will be on millions if not billions of machines and containers. Thanks to @Canonical for working with us on this.

Wild things happening today in the MEV world on Solana. This transaction solscan.io/tx/5wY3V7v8ALqB5h… swapped 4,000,000,000 ANB for 885000 USDC. This lead to almost 1.5 million USD in arbitrages by 4 bots.

Recently I've been spending a lot of time in the Solana ecosystem. This led to the discovery of two critical vulnerabilities in a popular router that allowed stealing all funds from router owned token accounts. Writeup here: atlas-it.consulting/post/sol…

can confirm, I’ve been all three guys

We prompted Sybil to introduce themselves. What came back was methodical, opinionated, and included an astrological chart.