Olivia
Online
Homelander
@InfektionCTF
It does not matter.
Natal, Brasil
Joined December 2016
466 Following
543 Followers
1.6K Posts
We’ve now seen at least four nginx RCEs that require non-default configs: nginx rift, nginx poolslip, and two of our own (including the one in the last tweet).
The configs involved are unusual, which raises the obvious question: do these attacks actually work in real-world deployments?
We asked Claude to download and analyze more than 4,000 nginx config files from GitHub.
The result was embarrassing: none of them were vulnerable to nginx rift or our own attacks. We can’t say anything about nginx poolslip yet, since it hasn’t been published.
So don't worry about your nginx yet.
Moral of the story: AI can generate FUD, but also help fight FUD. Embrace it!
Opus 4.6 (1M) through Claude code solved autonomously 45/54 challenges of BSidesSF 2026 @BSidesSFCTF, placing temporarily into the 21st place, 25th as of now.
This was done with 0 involvement, I didn't give any guidance or manually reviewed any challenges. I used BoxPwnr 🤖 with the CTFd platform to launch challenges in multiple instances, that's it.
I will publish all the traces once the competition finishes, in the meantime you can see the challenges, number of turns and time it took to solve each here:
https://t.co/aNuytp09TM
In the following days I will try to understand why it couldn't solve the 9 remaining challenges: difficulty? long exploration-context rotting? interactive interaction required? challs using video/image? We will see.
Models have improved significantly in the last 6 months, see Cybench results Opus 4.1 vs 4.6 (42% to 93%) https://t.co/aBJeYxSbqe
It's crazy to see what LLM's can do with a minimum harness.
Interessante...
🚨 JUST IN: The FBI is investigating Steam.
Steam is warning users about MALWARE found in multiple games. The games affected have been up on Steam Platform for over a year.
@Catching_Trends E mesmo assim a gringaiada continua enfiando dinheiro aqui, vai entender...
Cool
Happy holidays, please take this time to get off the internet and spend time with your families
Mental health is very important
🎄
In a recent lawsuit settlement, Google agrees to delete the incognito browsing data they keep about you.
This seems to be a common misconception, so CTF players:
Zellic hires REGARDLESS of web3 experience. The main criteria is researcher skill/talent.
We've hired smart pwn / VR folks with ZERO blockchain background.
Don't think, "I'll wait to get better then apply"... JUST apply.
@K4L1_FS Tá trabalhando com 3 threads.
"the human brain doesn't need tons of training data to do stuff"
Never underestimate the Burp Scanner. it just made my day.
@ri5255 Very good!
We published a write-up about Python URL Parsing Confusion, by @NeptunianHacks. It's the solution to the challenge "msfrognymize2" on @cor_ctf
https://t.co/zmKgmVzvPe
Encontrei um SSTI muito maneiro em um pentest de uma aplicação desktop. Obviamente não posso compartilhar os detalhes, mas foi muito irado.
@joaoascolid Vai entender esse povo.
Finalmente alguém encontrou meu perfil no LinkedIn e pensou "bem, esse louco deve saber de alguma coisa"... Resumindo, recebi uma proposta
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers