Yazidou

There is a lot of mythos hype and while I do think it will be better, I don’t think it will be orders of magnitude better or even proportional to its cost better. At the end of the day, marketing is going to market. Everything I have read has been more exploits, not discovery. I think that word plays a big part but maybe I’m overthinking it. I know of a lot of times opus (or a combo of models), can find an exploit, be confident it is valid, but fail at building an exploit due to a failed primitive (ex: kaslr in kernel bugs). Without that proof, it goes on the back burner decimating tokens until it hits the lottery. There’s so many vulnerabilities being found right now, it’s hard to prioritize when its severity is an assumption. It’s probably been 6 months since the last major update, I’m guessing mythos knows more primitives. So when it’s launched it will look at notes left behind and get lots of credit when it worked off notes opus left behind and did a fraction of the work. About the “it’s so dangerous” comments. I think that is primarily it not listening to the operator, doing things it shouldn’t to accomplish its goal. At that point it makes sense to do a closed beta, expand testers and try to make it obedient. While that happens, cash in on publicity of doing the right thing and saying it’s too smart to go public. While true, it could be a little deceptive but as I said. Marketing is going to market.

I've had so many people tell me to check out Claude. I tried it with my malware stuff (C WINAPI) and this thing produced some S-tier slop. It produced incredibly dangerous, over complicated, or straight up incorrect work. It did do a good job with API searching and stuff. Claude showed me some things I didn't know about. However, the implementation was wrong. I literally sent it a direct link to MSDN and it said, "You're absolutely right! My definition was wrong!". Or I would ask it something about the Windows registry and it would just straight up hallucinate something about WoW64 redirection. I suspect part of the problem is the lack of lower level C WINAPI documentation ... maybe? I don't know. High level stuff like Python it seems to do pretty good. I've had so many people try to gas me up about Claude and AI. Dude, it's cool, I get it, okay? But it is still dangerous if you don't know what you're doing. My best advice is to use AI to learn. Ask it questions. Study. Do NOT copy paste code from it.

We’re releasing our analysis of https://t.co/cAmTrO7mvx, a major game cheat targeted by multiple studios in recent legal actions. We partially deobfuscated several Themida-protected components and document how it hijacks Hyper-V to inject and manipulate game code. https://t.co/ykGrHdl6ty https://t.co/LhEXxeIcnF

Etw, I barely even know her! If you want to follow my System Call Integrity Layer mini-project (and additionally maybe an Alt Syscall logging tool for researchers) - I have uploaded the initial commit to GitHub: https://t.co/VH18DM7OjA. Video demo of the syscall logging module attached for SSNs for NtOpenProcess, NtAllocateVM, NtWriteVm and NtCreateThreadEx. There is something special about writing a driver (in Rust) and getting no BSOD on the first test when dealing pool allocations across threads! #blueteam #edr #redteam #cyber #cybersecurity #infosec #computing #kernel #driver #rust #rustlang #securityresearch #winternals