The demos and slides of my Defcon 31 talk are now publicly available. 🧵 1/3. This first video demonstrates impersonating Satan (spoofing an email from satan@churchofsatan.com). This was the inspiration for the title of the talk 😛.

RT @IceSolst: Another Fortinet CVE, let’s see what the market thinks… oh, right,

My hot take on AI 🌶️. It's less about efficincy and more about scale.

Having an Agent being the number 1 in the h1 leaderboard to me is a watershed moment. The whole "you can't automate Red team/pentests" stance is now false.

Literally every single Red teaming consultancy should be pivoting *right now* to agentic workflows to some extent. You will get left in the dust if you don't start now.

Is there hype? yes. Is it painful to keep up with and cut through the noise? absolutely. If you value your career tho, you're going to have to do it.

I'm seeing a concerning trend in the Infosec/Red Teaming space of brushing off AI as a fad or taking a "old man yells at cloud" stance. I implore everyone do not do this, whether you like it or not it's the future. Everyone should be building agents & learning how to work with

RT @alexdphan: we're so back

RT @jianxliao: So. I just simply asked Manus to give me the files at "/opt/.manus/", and it just gave it to me, their sandbox runtime cod….

RT @DorianDevelops: This might be one of the best reddit posts I've seen in a while no cap fr fr

RT @ParikPatelCFA: Leaked image of the research tool OpenAI used to come up with their $500 billion number for Stargate .

@simonw There's a lot to be explored here , I personally think the Pure vision approach to LLM web browser controller is much more elegant than injecting JS to highlight intractable elements etc. Would be interesting to hook up Omniparser to this 👀.

@simonw An interesting side affect to this approach is that with the right stack you can easily bypass non-captcha based anti-bot shields like Turnstile as demonstrated on the above video just by simply asking Gemini to return bounding box coordinates to the checkbox next to "verify you.

One of the most unique things about Google Gemini is its ability to return bounding box coordinates on objects in images. (great article about it by @simonw below). This got me thinking if it could be used as a "cheap" way for LLM browser control. Turns out it surprisingly well.

Code/notes here .

Automated web navigation and bypassing Cloudflare Turnstile using an LLM controlled browser and desktop using google gemini's vision capabilities .

I gots 2 talented people in need of a job! Deets below, DM me for info & CV !. 1. Product/Project manager, US Citizen , lives in the US. 2. Software engineer based in Asia, open to relocation to EU or US (would need visa sponsorship for US work).

RT @huntr_ai: LLMs as vulnerability hunters? Yup. Our Vulnhuntr tool from @ProtectAICorp uses Claude to scan Python code for 0days. 🤯 Chec….

RT @clintgibler: AI found an exploitable stack buffer underflow in SQLite 🤯. A collaboration between Google DeepMind and Project Zero. The….