After 6 months and over 5k new lines of 6502 assembly, the Kaizo-style platforming section of the NES game in my résumé is finally done! Yes, among other things, the PDF of my résumé is also an NES ROM. You can download it here for your emulating pleasure: https://t.co/NBbr5kVhqN

Solving the Traveling Salesman Problem for NYC's 474-station subway network, obviously! @ESultanik used Christofides algorithm to find a 20h 42min route through all 474 stations, which would beat the world record by 45 minutes.

New post and tool! Attackers can break production AI systems by using image scaling to hide multi-modal prompt injections from users. 🧵for more info on what broke, how this works, and our new tool to try this out yourself

A wild Buttercup appears! Our @DARPA AI Cyber Challenge CRS is in the @BSidesLV Silent Auction. Bid on this encrypted limited edition!

Our new whitepaper covers secure-by-design steps that CEXes can take to keep users' accounts (and funds) safe from account takeover (ATO) in 2025. (Read more 👇)

“It came to me in a dream.” Olivier salad roll.

When working on Magika (Google's AI-powered content-type detection), I checked other file formats KBs and detection engines to create filesets to train the model on. I gave a talk at HackLu to share an overview of the existing engines. https://t.co/arOmJNOgh6

Any idea why AA’s website is offering itineraries with legs operated by Lufthansa Group? 🤯 @thenonstopdan @AlexInAir

https://t.co/yvhUEQEl8V

It's great to see Multiplier by @trailofbits being open-sourced! https://t.co/9r1WfebMIv I believe it exemplifies the kind of foundational, next-generation tools we need for proper software understanding, maintenance, and sustainment.

Any crazy libmagic (file) or yara rules out there that blew your mind? https://t.co/mCpQtH1yRI covered quite a lot of file libmagic syntax. cc @gynvael @hexacorn @ESultanik @decalage2

Even Telegram “secret chats” can be subverted by the server.

I hate to be “reviewer #2”, but I’m a bit disappointed that my prior work was not cited

This Wednesday, April 10th, 4:30pm ET: "In Pursuit of Silent Flaws: Dataflow Analysis for Bugfinding and Triage" Evan Sultanik @ESultanik - Trail of Bits @trailofbits https://t.co/OD379DZvkS Live on Zoom.

https://t.co/lm4EgacugY

I had to try this myself. @trailofbits was apparently founded by @DanielMiessler and Elijah Savage, not @dguido and @alexsotirov. It is known for having created the fastest open-source password cracker in the world, @shellphish.

MD5 4d37c6712a2239962005eda3be6367b4

Today, we are disclosing LeftoverLocals, a vulnerability that allows listening to LLM responses through leaked GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs (CVE-2023-4969) https://t.co/rIqfClarLJ

Huge if true. @travisgoodspeed @sergeybratus @rmspeers @doegox @ESultanik @shmoocon #10thAnniversary @nostarch

We assessed the YOLOv7 vision model and identified 11 security vulnerabilities that could enable RCE, DoS, and model differentials. We do not recommend using the codebase for mission-critical applications or applications that require high availability. https://t.co/FXmg314Uib

Paged Out! is such a great zine, I can’t wait for issue 3!