Olivia
Online
nuttsmare
@nuttsmare
Human
Joined June 2016
3.1K Following
82 Followers
635 Posts
Nemotron 3 Ultra is now free on OpenCode
text · 1M context · fully open source
NVIDIA's latest open source model
We red teamed a frontier model in 3 hours. Zero code.
674 attacks, 573 findings, ~85% success rate. The agent picked the attacks, we just described the objective.
📄 Paper + blog: https://t.co/sNKXNr3PSc
We're going live in <4 hours, walking through the research and how we're redefining AI red teaming in the agentic era.
Tune in at 11 AM PT / 2 PM ET, right here on X!
Most people learn security research by reading finished writeups. This one shows the actual process.
The messy, organic, step-by-step reality of reversing an unknown Windows mitigation from scratch. WinDbg. IDA. Hex Rays. Guard page violations. Trap flags. Zero prior knowledge of the target.
If you want to learn how to actually approach unknown Windows internals, start here.
https://t.co/Xq8xbSnG75
Author: @yarden_shafir
#ReverseEngineering #WindowsInternals #InfoSec
Follow every Mythos discovery through our coordinated vulnerability disclosure dashboard.
https://t.co/xri3fTpf77
Round two!
Yesterday was one report, here’s another: an unpatched NTLM coercion via the Windows Search (search-ms://) URI handler.
Same questions about how it got handled. It’s all in the writeup, timeline included.
https://t.co/eMbyEGbx8b
Pavlo is an account you should probably be following you’re in the ML/Local LLM space 🤩
Insane post below on distilling 3 models into 1 👀⬇️
Wrote a blogpost about how you can use the Windows server 2003 source code as a red teamer to make your tools look less like tools.
I also go over and map out the main/important files and practical examples of using it to augment MS-*/RFC specs: https://t.co/HfUYBAdCJJ
Building a kernel driver to play with AV.
A post by Sender (@cerbersec ) and Jonas Bauters.
Source: https://t.co/HxdJzEWNbo
#redteam #blueteam #maldev #malwaredevelopment
One researcher. ~$300 in API tokens. A working PoC against an April Patch Tuesday CVE.
Open-sourcing PatchWatch + Pocsmith, an agentic patch-diffing → exploit pipeline I built from off-the-shelf parts.
https://t.co/J3VwhqB3JY
Awesome talk from @Cyb3rWard0g on AI Agents... this for me is the immediate future of LLM's and it's so exciting! https://t.co/XvuNYsB2Hl
Fundamentally the main issues with arbitrary call patterns if the commingling of allowances and the ability to perform arbitrary calls
In the video we show you the risks and tradeoffs that come with these different patterns
Link in our discord!
I won't normally spend 1hr listening to a podcast, but I've made an exception for @mdowd: https://t.co/VYs4O6TweN
Our next CTF is here and you now have the option to choose between Elastic or Splunk to solve the challenges!
Register here 🔗 https://t.co/u81tsPRqLN
CertiK recently identified a series of critical vulnerabilities in @krakenfx exchange which could potentially lead to hundreds of millions of dollars in losses.
Starting from a finding in @krakenfx's deposit system where it may fail to differentiate between different internal transfer statuses, we conducted a thorough investigation with three key questions:
1/ Can a malicious actor fabricate a deposit transaction to a Kraken account?
2/ Can a malicious actor withdraw fabricated funds?
3/ What risk controls and asset protection might be triggered by a large withdrawal request?
According to our testing result: The Kraken exchange failed all these tests, indicating that Kraken’s defense in-depth-system is compromised on multiple fronts. Millions of dollars can be deposited to ANY Kraken account. A huge amount of fabricated crypto (worth more than 1M+ USD) can be withdrawn from the account and converted into valid cryptos. Worse yet, no alerts were triggered during the multi-day testing period. Kraken only responded and locked the test accounts days after we officially reported the incident.
Upon discovery, we informed Kraken, whose security team classified it as Critical: the most serious classification level at Kraken.
After initial successful conversions on identifying and fixing the vulnerability, Kraken’s security operation team has THREATENED individual CertiK employees to repay a MISMATCHED amount of crypto in an UNREASONABLE time even WITHOUT providing repayment addresses.
In the spirit of transparency and our commitment to the Web3 community, we are going public to protect all users' security. We urge @krakenfx to cease any threats against whitehat hackers.
Together, we can face risks and safeguard the future of Web3. #Web3 #Security #Transparency
Redis is no longer open source?
I guess they gave up on their key values 🥁
Almost a year and a half since I posted this, and it’s more true than ever.
It’s an especially lonely feeling when things seem to be going well. Feels like a dirty secret I’m hiding. Sure that bug/exploit was cool or whatever, but it’s the last one I’ll ever find!
This humor touches on mathematics and psychology. https://t.co/ZHapQIElRi
Sometimes, a thank you messages from a random person is enough to end a tough year in a good way 🙏
"The Convergence of Source Code and Binary Vulnerability Discovery – A Case Study"
A super-interesting study on applying static analysis tools on decompiler output. A step towards bridging the gap between binary and source analysis
https://t.co/hW2aXQQ1nG
Today is a big day for us!
We are launching REVEN Free Edition.
Read the announcement and get it.
https://t.co/1pWqRrh1Vw
Last Seen Users on Sotwe
Thế Giới Khuyên & Bi - Mr. Doãn 
Seen from Vietnam
Kontol
Seen from United States
Κόκκινη🖍️Μπογιά
Seen from Greece
عنـتيل الزقازيق
Seen from Oman
Thuỳ Dương 1999
Seen from Vietnam
Sananeolum
Seen from Turkey
anne Entest
Seen from Germany
Külotlu Çorap
Seen from Turkey
Filthy Breeder
Seen from Australia
CUCKOLDTR
Seen from United States
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers