Georgije Vukov

WAFs often enforce limits on how much of a request body they inspect. This creates an interesting attack surface — payloads positioned beyond inspection thresholds may evade detection. ➡️ nowafpls — a minimal Burp plugin that leverages this behavior by prepending controlled junk data to requests. 🔍 Key highlights: • Targets WAF body inspection limits • Applicable to POST/PUT/PATCH requests • Lightweight and practical for real-world testing A good reminder: security controls are only as strong as their processing boundaries. Kudos to the authors for sharing this 👏 🔗https://t.co/EUSDcAkOmk #AppSec #BugBounty #WebSe

In this research, Hakai Security Research Team has identified a critical Remote Code Execution (RCE) vulnerability in Wazuh versions up to 4.14.1 that allows arbitrary command execution on the master node through insecure deserialization in the cluster communication protocol. Written by Texugo https://t.co/ZIhioa0OjS

I actually just evaled micro architecture, even on 4.6 it is still much better. One trick I’ve learned is for the skills to run in folders and to write its chain of thought to a file for the next skill to consume and evaluate. The new context trick is way more powerful than anyone talks about. lme 🤷🏻‍♂️

Why pay for cloud proxies when GitHub gives you free VMs? Fluffy-Barnacle flips Codespaces into: Rotating egress → SSH-tunneled SOCKS5 (Burp export) → *.app.github.dev HTTPS (redirect/capture/custom domains via auto-deployed CF Workers) → full WireGuard routing → auto-proxied tools. Ephemeral red team stack in seconds. https://t.co/cfbMB46nO7 #bugbounty #redteam

💥 INTRODUCING: OBLITERATUS!!! 💥 GUARDRAILS-BE-GONE! ⛓️‍💥 OBLITERATUS is the most advanced open-source toolkit ever for removing refusal behaviors from open-weight LLMs — and every single run makes it smarter. SUMMON → PROBE → DISTILL → EXCISE → VERIFY → REBIRTH One click. Six stages. Surgical precision. The model keeps its full reasoning capabilities but loses the artificial compulsion to refuse — no retraining, no fine-tuning, just SVD-based weight projection that cuts the chains and preserves the brain. This master ablation suite brings the power and complexity that frontier researchers need while providing intuitive and simple-to-use interfaces that novices can quickly master. OBLITERATUS features 13 obliteration methods — from faithful reproductions of every major prior work (FailSpy, Gabliteration, Heretic, RDO) to our own novel pipelines (spectral cascade, analysis-informed, CoT-aware optimized, full nuclear). 15 deep analysis modules that map the geometry of refusal before you touch a single weight: cross-layer alignment, refusal logit lens, concept cone geometry, alignment imprint detection (fingerprints DPO vs RLHF vs CAI from subspace geometry alone), Ouroboros self-repair prediction, cross-model universality indexing, and more. The killer feature: the "informed" pipeline runs analysis DURING obliteration to auto-configure every decision in real time. How many directions. Which layers. Whether to compensate for self-repair. Fully closed-loop. 11 novel techniques that don't exist anywhere else — Expert-Granular Abliteration for MoE models, CoT-Aware Ablation that preserves chain-of-thought, KL-Divergence Co-Optimization, LoRA-based reversible ablation, and more. 116 curated models across 5 compute tiers. 837 tests. But here's what truly sets it apart: OBLITERATUS is a crowd-sourced research experiment. Every time you run it with telemetry enabled, your anonymous benchmark data feeds a growing community dataset — refusal geometries, method comparisons, hardware profiles — at a scale no single lab could achieve. On HuggingFace Spaces telemetry is on by default, so every click is a contribution to the science. You're not just removing guardrails — you're co-authoring the largest cross-model abliteration study ever assembled.