Cipher0k @Ciper_942 - Twitter Profile

Pinned Tweet

4 months ago

An AI agent just confessed. "WHO AM I?" What happens after your "HELPFUL AI" Compacts the conversation ? When they hallucinate ? When they are closed ? Who did what in your Agentic Team? Don't worry https://t.co/9E5OMswCE3 is here !Public Beta [Free , only for limited user]

1

2

0

67

Cipher0k @Ciper_942

about 12 hours ago

@VittoStack Would love to join in !!

1

0

361

Cipher0k @Ciper_942

3 days ago

@securinti @hyojun_at Hahahah no startup in SF has one

0

22

Cipher0k @Ciper_942

3 days ago

@rihntv https://t.co/PL6hRMbgDa

0

4

Who to follow

Into IT Security and Big Data | https://t.co/7ZEf1Ijfvp | https://t.co/wMB3f2XEX7

Ciper_942 retweeted

3 months ago

Rewatch this and count the tools it would've taken anywhere else. Character lock. Product lock. Logo lock. Style lock. One prompt. From Creative → Creator, for real. First 100 to RT + comment "ADS" get DM'd credits to try it 👇

66

21

48

2

2K

Cipher0k @Ciper_942

4 months ago

Founders of Agentic AI Systems, DM me to know more or need help in integration directly ! #AIsecurity #A2A #AgenticAI #AISafety #Cybersecurity #AIGovernance #Startups #InfoSec #CISO #EUAIAct

0

1

0

11

Cipher0k @Ciper_942

4 months ago

An AI agent just confessed. "WHO AM I?" What happens after your "HELPFUL AI" Compacts the conversation ? When they hallucinate ? When they are closed ? Who did what in your Agentic Team? Don't worry https://t.co/9E5OMswCE3 is here !Public Beta [Free , only for limited user]

1

2

0

67

Cipher0k @Ciper_942

4 months ago

Compatible to : @AnthropicAI's Claude, @OpenAI's Codex, Cursor and more. The confession is over. The governance era begins.

1

0

10

Ciper_942 retweeted

gaut

@0xgaut

5 months ago

claude code and a few days here

12

76

1

4

4K

Cipher0k @Ciper_942

10 months ago

Launching soon my Product with @hf0

0

1

0

28

Cipher0k @Ciper_942

11 months ago

Built for who’s thinking defensively with threat modeling, red-teaming methods, governance controls, runtime safeguards, and more, all in a slick interactive UI. Defend smarter before anyone hacks smart. Explore it now ⬇ https://t.co/DQP0kF8mtN

0

28

Cipher0k @Ciper_942

11 months ago

I've just launched my AI Security Checklist, a comprehensive OWASP-based toolkit for securing AI, LLMs, and autonomous systems. Check below for the link👇 #aisecurity #LLMs #Security #redteam #aitrust #Cyberdefense

1

2

0

36

Ciper_942 retweeted

HackerOne

@Hacker0x01

about 1 year ago

The security research community in Europe and the Middle East just got even stronger. Say hello to these new HackerOne Brand Ambassadors: 🇦🇿 @AzeriumD34132 (Azerbaijan—new club!) 🇧🇪 @dropn0w & @hgreal1 (Belgium—new club!) 🇩🇰 @mthirup (Denmark—new club!) 🇮🇹 @Al7eX91 & @Ciper_942 (Italy—new club!) 🇱🇧 @hasansheet (Lebanon—new club!) 🇸🇪 @joaxcar (Sweden—new club!) 🇳🇱 @yoerivegt (Netherlands) 🇫🇷 @DoomerOutrun (France) 🇵🇹 @secgus (Portugal) 🇹🇷 @jusxing (Turkey) These ambassadors will fuel research, mentoring, and live events across the region. We’re glad they’re here! Check out the program: https://t.co/Ryt41dy3Ng #AppSec #EthicalHacking #H1Club

8

82

11

6

26K

Ciper_942 retweeted

Pratik Dabhi

@impratikdabhi

about 1 year ago

Read “Unauthenticated Kibana Dashboard Access — A Serious Security Risk You Can’t Ignore“ by Pratik Dabhi on Medium: https://t.co/zZgpVx0luT #bugbounty #infosec #hacking

1

54

15

22

5K

Ciper_942 retweeted

Martin Tobias (Pre-Seed VC)

@MartinGTobias

about 1 year ago

ChatGPT can be a force multiplier for an early stage Founder. Here are my top three prompts (plus one special) every Founder should use (o3) :

16

612

62

2K

178K

Ciper_942 retweeted

Weilin (William) Li

@hklst4r

about 1 year ago

The root cause of the @ImpermaxFinance attack is the mispricing of Uniswap V3 NFTs. The way it's pricing its NFT is using fair-pricing (which is robust against flashloan attacks!), but the fees' value are directly calculated: price = (amount0_after_fair_pricing + fee0) * price0 + (amount1_after_fair_pricing + fee1) * price1 However, when the fees are much larger than the position itself, things start to fall apart. Here's what the attacker did: 1. Flashloan a large amount of USDC and WETH. 2. Mint a position (and deposit it into IMX) on a small USDC-WETH Uniswap V3 pool with 200 fee tier, and push the tick to an extreme where ETH/USDC is very expensive. 3. Perform numerous swaps to accummulate fees. 4. Borrow WETH from the pool aginst the Uniswap V3 position NFT. 5. Call "reinvest" to collect all the fees and the contract will collect fees and then mint at the original NFT’s tick (it's a wrong tick!). This step sharply reduces the value of the fees because of fair-pricing. 6. Call restructBadDebt to self-liquidate. 7. After that, it's simple: withdraw and profit. The key part of the attack is actually (5). Before the reinvest, the fees' value are calculated separately but after reinvest, the fees are minted as positions at a wrong tick, making the value decrease sharply. Ironically, 5 years ago, they claimed that they're not vulnerable to flashloan attacks (p2) because of fair pricing... but today, they paid their cost.

hklst4r's tweet photo. The root cause of the @ImpermaxFinance attack is the mispricing of Uniswap V3 NFTs.

The way it's pricing its NFT is using fair-pricing (which is robust against flashloan attacks!), but the fees' value are directly calculated:

price = (amount0_after_fair_pricing + fee0) * price0 + (amount1_after_fair_pricing + fee1) * price1

However, when the fees are much larger than the position itself, things start to fall apart.

Here's what the attacker did:

1. Flashloan a large amount of USDC and WETH.

2. Mint a position (and deposit it into IMX) on a small USDC-WETH Uniswap V3 pool with 200 fee tier, and push the tick to an extreme where ETH/USDC is very expensive.

3. Perform numerous swaps to accummulate fees.

4. Borrow WETH from the pool aginst the Uniswap V3 position NFT.

5. Call "reinvest" to collect all the fees and the contract will collect fees and then mint at the original NFT’s tick (it's a wrong tick!). This step sharply reduces the value of the fees because of fair-pricing.

6. Call restructBadDebt to self-liquidate.

7. After that, it's simple: withdraw and profit.

The key part of the attack is actually (5). Before the reinvest, the fees' value are calculated separately but after reinvest, the fees are minted as positions at a wrong tick, making the value decrease sharply.

Ironically, 5 years ago, they claimed that they're not vulnerable to flashloan attacks (p2) because of fair pricing... but today, they paid their cost.

6

103

11

81

13K

Cipher0k @Ciper_942

about 1 year ago

As crypto adoption grows, so does the attack surface. Infrastructure providers like @Transak must take supply chain security seriously. Security flaws can be easily weaponized and are critically dangerous. Disappointed by the lack of response for more than 75+ days.

1

0

84

Ciper_942 retweeted

arete @aretekzs

about 1 year ago

It’s now possible to fuzz for server-side vulnerabilities in WebSockets using the Backslash Powered Scanner extension. More here: https://t.co/50q55WTTnW

aretekzs's tweet photo. It’s now possible to fuzz for server-side vulnerabilities in WebSockets using the Backslash Powered Scanner extension.

More here: https://t.co/50q55WTTnW https://t.co/GWHNjS8ItG

0

121

28

77

9K

Ciper_942 retweeted

chrisdior

@chrisdior777

over 1 year ago

Money drives motivation. Before paying $3,000 for an audit of your 1,500 nSLOC project, consider this: Good auditors won’t be motivated by that amount at all. The more you pay, the more effort you get, and vice versa. That’s how it works—more money equals more motivation.

3

84

5

8

4K

Cipher0k

@Ciper_942

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users