Juno

almost 4 years ago

gg

Theori

@theori_io

almost 4 years ago

This effectively makes # of unsolved challenges to be 0 for The Duck :) It was a fun weekend activity that allowed Theori researchers to show off their deep knowledge and strong skills in Web3 security. Thanks to @paradigm_ctf for hosting the CTF!

theori_io's tweet photo. This effectively makes # of unsolved challenges to be 0 for The Duck :) It was a fun weekend activity that allowed Theori researchers to show off their deep knowledge and strong skills in Web3 security.

Thanks to @paradigm_ctf for hosting the CTF! https://t.co/RUdqlF3etE

7

119

8

3

0

15

0

2

0

junorouse retweeted

Tim Becker

@tjbecker

2 days ago

Can finally share the details of a really nice Redis RCE found by @xint_official back in December. IMO, the bug is really cool! In short, carefully crafting eviction parameters and blocking on a key can cause a client to self-evict during unblocking, leading to a use-after-free!

2

76

12

20

6K

junorouse retweeted

Brian Pak

@brian_pak

about 1 month ago

Surfaced by Xint Code — our AI vuln research platform — pointed at the kernel's crypto/ for about an hour, on a starting hunch from @5unKn0wn. Came back with CopyFail (plus others, still in coordinated disclosure). Write-up + PoC (exploit): https://t.co/RgEXCiqzE5 Xint Code: https://t.co/BDYUap5huu

4

282

32

155

58K

junorouse retweeted

Taeyang Lee, a security researcher at @theori_io.

about 1 month ago

Patch your Linux boxes! https://t.co/VWOUDbLAn2 is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. Found by the teams at @theori_io and @xint_official More details below https://t.co/9f6T96PvPX

24

966

362

456

249K

Who to follow

Taeyang Lee

@5unkn0wn

bincat

@_bincat

Mining KRW at @theori_io in @dreamhack_io, @xint_official team; playing CTF with The Duck, MMM

Donghyun Lee

@donghyunlee00

CS & Bio @SeoulNatlUni | Research intern @gladyshev_lab

about 1 month ago

https://t.co/UcWbWOgI2T

about 1 month ago

Patch your Linux boxes! https://t.co/VWOUDbLAn2 is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. Found by the teams at @theori_io and @xint_official More details below https://t.co/9f6T96PvPX

24

966

362

456

249K

0

29

1

8

17K

about 1 month ago

Full write-up (CVE-2026-31431): https://t.co/2BXZlh8aTj

2

128

17

58

19K

junorouse retweeted

about 1 month ago

'Before [Xint security researcher @tjbecker] started working on automatic bug finding with AI, he worked on vulnerability research, finding zero days and reporting them to maintainers. He said it used to take him weeks or months to find a high-impact vulnerability in a brand-new codebase, and now it only takes hours. “I just drop the code into our AI bug-finding tool [Xint] and in a couple hours I get a report with a bunch of candidate vulnerabilities, and most of them end up checking out and being real issues,” he said. “The bar to diving into a new million-line codebase and finding a bug is so much lower than it used to be.”' Great report from @verge looking into the new era of cybersecurity, where even non-technical attackers can use AI to find the weaknesses in the apps and networks of organizations faster and at a scale never thought possible before. https://t.co/NsfEVbfnI8

1

34

5

21

9K

junorouse retweeted

about 1 month ago

Join award-winning security researcher @tylerni7 on @TechstrongTV for this hands-on workshop for product security practitioners. In this workshop he will: 1) go deep into how AI-native AppSec differs from traditional tools and methods 2) share the pitfalls of poorly harnessed AI bug finding 3) and provide a demonstration of how the scaffolding (and not the model) is what will provide superior results for what product security looks like in the real world https://t.co/15pRJNpuDY

xint_official's tweet photo. Join award-winning security researcher @tylerni7 on @TechstrongTV for this hands-on workshop for product security practitioners. In this workshop he will:
1) go deep into how AI-native AppSec differs from traditional tools and methods
2) share the pitfalls of poorly harnessed AI bug finding
3) and provide a demonstration of how the scaffolding (and not the model) is what will provide superior results for what product security looks like in the real world
https://t.co/15pRJNpuDY

0

10

2

9

2K

about 1 month ago

@tjbecker VIBE

0

114

about 1 month ago

@cal_nix Thank you ser

0

1

0

35

about 1 month ago

💻💻📲📲🔒🔒

about 1 month ago

Big news: Samsung Electronics selected Xint as a strategic tool to overcome the limitations of traditional manual security audits and to eliminate security blind spots. Leveraging AI on top of Theori's expertise as world class hackers, Xint autonomously analyzes the structure and context of services within complex infrastructures. This allows it to identify potential penetration paths from an actual attacker's perspective, even within frequently updated hybrid cloud environments. https://t.co/gXqERYZezp

xint_official's tweet photo. Big news: Samsung Electronics selected Xint as a strategic tool to overcome the limitations of traditional manual security audits and to eliminate security blind spots. Leveraging AI on top of Theori's expertise as world class hackers, Xint autonomously analyzes the structure and context of services within complex infrastructures. This allows it to identify potential penetration paths from an actual attacker's perspective, even within frequently updated hybrid cloud environments.

https://t.co/gXqERYZezp

0

17

5

2

4K

1

9

2

3K

about 2 months ago

@lj1nu lol

0

100

LayerZero @LayerZero_Core

about 2 months ago

Sounds like there's an insider? NUKE every K8s cluster 💣💣💣💣💣💣 > Rather, the attacker was able to gain access to the list of RPCs our DVN uses, compromise two of them – which were independent nodes running on separate clusters without direct connection to each other – and swap out binaries running the op-geth nodes.

about 2 months ago

https://t.co/3vIHs3Xgs4

376

2K

471

831

2M

1

6

2

1K

junorouse retweeted

Florian Roth ⚡️

@cyb3rops

about 2 months ago

. @mubix shared this on LinkedIn and thought some of you might find it useful: “A Practical Reprioritization Guide for CISOs Entering the AI Vulnerability Era” https://t.co/UaJUb82ecG

cyb3rops's tweet photo. . @mubix shared this on LinkedIn and thought some of you might find it useful: “A Practical Reprioritization Guide for CISOs Entering the AI Vulnerability Era”

https://t.co/UaJUb82ecG https://t.co/J1xh5g0uIF

6

385

88

450

58K

junorouse retweeted

Tim Becker

@tjbecker

about 2 months ago

Our AI code scanner, Xint Code, finds all 4 featured Mythos vulnerabilities (OpenBSD, FreeBSD, firecracker, FFmpeg) using its default pipeline (no custom prompts or configuration). These same scans found over 10 new vulnerabilities in OpenBSD, FFmpeg, and FreeBSD.

3

74

6

50

10K

about 2 months ago

@Jeyffre what do you say on zip slip type bugs? path traversal is a spec issue, and i believe those are hard to be modeled (unless AI understands the specs and the threat models), and FV probably won’t catch it. so feels like there's still room for humans here.

0

3

0

541

about 2 months ago

@kaijieguigui @cbwang505 @carmen_cqq You're assuming CC/Codex trusts the target dir? idk if that’s their threat model.

0

244

about 2 months ago

@smaury92 @Black2Fan Pretty sure the reporter can pick it lol

1

0

143