Olivia
Online
Maxwell ꓘ Dulin (Strikeout)
@Dooflin5
God First ✞ | Web3 & Web2 Security Researcher (Hacker) | Gonzaga U & Centralia HS Grad | Wiffleball @ctownwiffle | Dodgeballer |
Seattle/Centralia, WA
Joined February 2013
966 Following
1.4K Followers
3K Posts
Pinned Tweet
I taught a killer training of glibc malloc heap exploitation for several years. After some effort, the content is now open source and mostly ready to consume! Half of the videos are posted for the course. 🔥
https://t.co/4ewnAmO3Z1
@S1r1u5_ To me it feels like there’s more time and bandwidth to execute complex ideas. Pain of tedious time sucking parts largely alleviated. Reminds me of studying math when WolfRamAlpha got rly good. Students that used it to cheat + never learned to derive the equations didnt make it
[2]After our failed competition, we headed to Apple Store and bought the mbp m5 and spent less than half an hour to set it up and found a fixed offset is changed 1 bit on it, so we just change 1 bit on our exp and it worked with a 100% success rate. Yes just 1 bit change, 1 to 2.
![ga1ois's tweet photo. [2]After our failed competition, we headed to Apple Store and bought the mbp m5 and spent less than half an hour to set it up and found a fixed offset is changed 1 bit on it, so we just change 1 bit on our exp and it worked with a 100% success rate. Yes just 1 bit change, 1 to 2. https://t.co/SzYzz0D3Ke](https://pbs.twimg.com/media/HIZRMiTXMAATG2c.jpg)
C4 fan art of the day, credit goes to "Codex-Bugmenot" 😂
That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉
Why does Anthropic need a Bug Bounty?
Why not just point Mythos at their own stuff?
Golang intentionally introduced randomness into map iterations and the keying of maps. This articles discusses why, how, and the consequences of doing so.
https://t.co/B6jrc1EOfy
Today we're launching Crucible, a coverage-guided fuzzing framework for Solana programs. Built for Anchor, with v2 support from day one.
Just one example of what Crucible can find: a years-old bug in Solana's stake program, surfaced in seconds ↓
Max (@Dooflin5) is one of the best in the game at breaking cross-chain bridges. Check out his latest post on an interesting Across bug.
@0xalpharush What a homie! 🤠
New blog post by me! Give it a read if you're interested in Solana or bridge security.
On Solana, events are often reconstructed from transaction traces, and failed transactions still emit data.
@Dooflin5 details a bug in Across that could have allowed attackers to spoof deposit events and trick relayers into filling orders with no real deposit behind them.
Most bugs are pure variants of previous research. This bug, along with many of Felix's other vulns, requires a deep understanding of the codebase and its surrounding ecosystem (Solana runtime in this case). I always appreciate the novelty of his vulns. Great work, Felix!
CU optimizations come with risks.
@_fel1x discusses a critical bug we found in p-token before mainnet, subtle enough to survive in a heavily scrutinized codebase.
Most protocols still think a critical bug is a low-probability event.
93.9% of bug bounty programs that have been live for 5+ years on Immunefi have surfaced at least one confirmed, paid critical bug.
The real question is not whether a critical exists, but who finds it first.
AI is amazing. I am extremely pro-AI
1. It has lowered the barrier of entry for programmers, resulting in hundreds upon hundreds of slop applications vulnerable to everything. This is job security.
2. AI influencers keep saying AI is going to destroy cybersecurity. This is good. AI influencers don't understand the size and scope of cybersecurity, they think it's just smashing a keyboard and making cat noises. This makes people less likely to enter our field, making us more valuable, making us more money. It's job security. Keep telling people cybersecurity is dead.
3. It's given us a new area of research: AI security
4. It's made task automation easier with slop Python scripts.
In summary, cybersecurity is dead. DO NOT try to work in this field. It's all over. Cybersecurity has been solved!
I built a tool to view code coverage of coding agents like claude code and codex. This is especially useful for tracking agent assisted code reviews. The tool is open source and described in the blog post. Would be curious to hear from you if it helps you in your work.
Never delegate critical thinking.
at the risk of sounding like jimmy wales, if the drift hack scares you then please donate to @_seal_org so we can keep on building the security infrastructure that crypto so desperately needs
https://t.co/aMewkofKDa
OSS contributing protip: read the room.
Does your pull request look like a typical pull request that gets merged here?
Do your commits look like typical commits?
Do your code changes…
A person with 4 followers asked
Patrick Collin’s his advice on solving a problem and he responded.
What a true titan of innovation! Gotta love the passion to help others 🫶
@sanskar__77 You’re looking for an indexer. Try out rindexer.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers