Olivia
Online
Manfred Paul
@_manfp
Security but not as in "national security". Playing CTFs with @redrocket_ctf (and @Sauercl0ud). Pwn2Own Vancouver 2020..=2024\{2023}. @[email protected]
Outside of computed bounds
Joined January 2020
311 Following
5.3K Followers
92 Posts
@_0xTen @LiveOverflow @_mixy1 (ofc some might argue "that means those challs won't exist in the long run". but that's just putting the burden on authors too to reject lots of good ideas, spend big money on AI tooling to test, plus the mental burden if "oh it got slopped anyways" happens)
@_0xTen @LiveOverflow @_mixy1 It's not just about the learning, 90% of the challenges being irrelevant is also unsustainable because that means 90% of the challenge author effort is "wasted". High quality challenges have *always* been the bottleneck of CTF.
@gynvael If it's a different game for different people, at least call it something different too?
@LiveOverflow @_mixy1 Some of the most fun CTF challenges I've seen were also the most detached from the real world. Who needs to pwn an apollo guidance computer or analyze minesweeper logic gates? These are "CTFy" because they value fun over practical use, not despite of it.
Who to follow
sakura
@eternalsakura13
Lead Security Researcher @zellic_io. Top 3 Chrome VRP. Top 2 Facebook Whitehat. MSRC MVRs 9th. BlackHat Asia/USA & Zer0Con & OffensiveCon speaker.
acez
@amatcama
AI Extension
Alex Plaskett 
@alexjplaskett
Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
@LiveOverflow @_mixy1 I do object to the "CTFs are not a 'game'". Sure, they teach valuable skills. But that was never an invitation to see them as a value extraction tool or tie their worth to that. People didn't spend (unpaid) labor of creating challenges or writeups to make shareholders happy
@LiveOverflow @_mixy1 If FIFA allowed robot players, and 99% of accomplished soccer players said "we hate this, this ruins our sport", would we all go "this is just what the the word 'soccer' means now"?
The community gets some say in what the word "CTF" means. And nearly noone there enjoys AI v. AI.
@LiveOverflow @luminaryxd And "flag is flag" has not been the only beautiful (unwritten) principle of CTFs. CTFs are about rewarding deep technical understanding, not outsourcing thinking; being (relatively) accessible to anyone with skills+motivation+time, not requiring investment of money.
@LiveOverflow @luminaryxd I don't think the numbers matter if the community isn't there. The bottleneck was always top players willing to put in the effort to build high-quality challenges for a handful of top tier CTFs, and I feel like motivation is starting to drain fast there.
If you're a security researcher and in Germany, consider signing https://t.co/6x5ajjZSxq . Decriminalizing research might not be the top political priority right now, but it's still important!
More important than ever!!
@ecsc2024 @MITAmalta @MITAmalta, this is not how you build up a cybersecurity community in your country. It was great to see a lot of ECSC players show their support people like @_mixy1 who faced both disqualification and legal action. As the vulnerability research community, we should do the same.
@ecsc2024 @MITAmalta @MITAmalta, this is not how you build up a cybersecurity community in your country. It was great to see a lot of ECSC players show their support people like @_mixy1 who faced both disqualification and legal action. As the vulnerability research community, we should do the same.
Had a great time playing for the German team at @ecsc2024, shout out to the organizers for putting on a really great competition!
@ecsc2024 Only low point though was the lack of a Maltese team, apparently due to @MITAmalta blocking some of the (already qualified) team from coming after they were arrested for responsibly disclosing(!) a vulnerability in a student app in 2022. https://t.co/aWjzs9Md2F
This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n
@seanhn And while we're making accusations about "being unable to contemplate the wider consequences": There should be a red line there for a reason. It's the same line that says intentional backdoors are not OK. Or that some country you don't like shouldn't be allowed to do the same.
@seanhn I really don't get how that wouldn't be a "executive decision about a counter terrorism operation" then. If you don't want tech company to play on that stage, then them following a consistent rule of "if we learn about a bug, we fix it" is the only way to have that.
@seanhn I'm confused, do you want them to make decisions about the operation (and not just the bugs) or not?
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers