OffsecPedia_QF

Loop Engineering is the next step after prompt engineering. Most people still use Claude Code, Codex, Cursor, or Grok like a chat box: Prompt. Wait. Copy. Fix. Prompt again. This repo shows the next step: You stop prompting the agent. You design the loop that prompts the agent for you. Inside: → Daily triage loops → PR babysitter loops → CI sweeper loops → Dependency sweeper loops → Changelog drafter loops → Post-merge cleanup loops → Issue triage loops It also gives you CLIs to: • Scaffold a loop • Estimate token cost • Audit if your repo is ready • Add memory/state • Add human handoff • Add verification gates • Run agents safely through GitHub Actions The wild part is the shift in thinking. Prompt engineering was about writing better instructions. Loop engineering is about building a system where agents keep working, checking, fixing, and escalating without you babysitting every step. This is what AI coding looks like when it stops being a chat session and starts becoming an operating system for software teams. Repo: https://t.co/2USzC6KHUt

I genuinely don't understand why everyone isn't using this yet Andrej Karpathy, a co-founder of OpenAI, posted a simple idea that hit 16 million views: stop using AI to write code, use it to build a second brain. You point Claude Code at a folder, drop in any source, an article, a transcript, a PDF, and Claude reads it, links it, and files it into a living wiki of everything you know. It compounds like interest, the more you feed it, the smarter it gets. Here's the whole thing: > Install Obsidian, create a vault, open it in Claude Code > Paste Karpathy's wiki idea file and tell Claude to build it > Claude makes three folders: raw for sources, wiki for its pages, a CLAUDE.md that runs it > Drop any source into raw and say "ingest this" > Ask questions across everything, forever Five minutes to set up, and you never start from a blank chat again. Full step-by-step guide with Claude and Obsidian, link below. Bookmark this

CocoIndex Code is a semantic code search engine for your codebase that plugs into Claude Code, Codex, and Cursor. Your coding agent currently searches your code the way grep does - by text. CocoIndex Code gives it AST-based semantic search instead. It indexes code structure and meaning. Your agent finds the right functions by describing what they do, not by guessing what they're named. The result: 70% fewer tokens on codebase searches. Here is what that looks like in practice: ccc search "find how user sessions are managed" => returns session management logic even if the word "session" never appears in function names. ccc search "authentication error handling" => returns the three relevant functions instead of every file mentioning "auth." ccc search "database connection pooling" => finds ConnectionManager, not 400 grep results. Install as a Claude Code skill: npx skills add cocoindex-io/cocoindex-code The skill handles everything - initialization, indexing, keeping the index current as files change. You don't need any config file or database to manage. No API key required for local embeddings. Built on CocoIndex, a Rust-based indexing engine. Supports 28+ languages. Works via Skill or MCP. 80k downloads per month. Apache 2.0. Open-source. Here's the GitHub Repo: https://t.co/bQ2MjyJmNW

Kernel-Exploit-Dojo 📍 Curated archive of 100+ Linux kernel exploitation CTF challenges, organized by bug class, exploitation primitive, final technique, difficulty, and solve count. The goal is to organize practical kernel pwn techniques such as UAF, heap spraying, pipe_buffer abuse, msg_msg, modprobe_path overwrite, and cred overwrite. Resource: https://t.co/h1F2CD70Oc

this is insane, if you have a money-printing machine and can max out tokens, then sure, it is worth keeping an agent in the loop and feeding it every single file. a better harness, cheaper models, and a strong group of security researchers can produce the same results, or even better ones, at a fraction of the cost.

We’re opening the Exodus research vault. Over the coming weeks, we’ll publish technical writeups highlighting vulnerability research, exploit development, and deep reverse engineering from our team. First up: Michele Campa’s Adobe Acrobat Reader Escript.api use-after-free RCE. https://t.co/iycMuZQLix #VulnerabilityResearch #ExploitDevelopment #ReverseEngineering #OffensiveSecurity #CyberSecurity

My IoT Firmware Hacking playlist is live. The full series: 🔌 Dump firmware with a $15 CH341A programmer 🔬 Extract squashfs with binwalk and dd 🔑 Find hardcoded AES keys in Ghidra 🥷 Same analysis in Binary Ninja - then decrypt the files 🤖 EMBA scan → 2,732 CVEs in one camera From zero hardware knowledge to exploitation. 🎥 https://t.co/qa1ijUhgNz #IoTHacking #FirmwareHacking #HardwareHacking #Binwalk #Ghidra #CH341A #CyberSecurity