Google could literally give 50ms of dark pattern money to ffmpeg (like incognito mode) without even feeling it and have the project funded for the next 200 years and probably should given, well, Youtube.

had some decent homies affected by the amzn layoffs any seceng sde or tpm roles you need to fill and want people that don’t suck reply to thread i’ll feed you souls

nothing has cured me of so many anxiounesses of life like marriage + kids. I get to truly feel alive because life is no longer about what i want, but about the very real needs of people who depend on me that i love with a love i did not believe i was capable of

@ArchAngelDDay Bucharest drivers see you putting on your seat belt and take it as a personal insult

This one resonated hard

I think it’s a good time to throw my money somewhere else

ChatGPT5 is so useless now

I also feel that engineering tools with a scripting ability (like Python in IDA) is much more powerful if you just create a CLI tool to pipe the interpreter directly to the model rather than attempt to abstract (and constrain) every action into an MCP tool

@halvarflake Actually an project interesting idea would be an MCP to Cli tool converter for all programatic API use cases (not just LLM)

I don't understand mcp. Is there anything mcp can do that a cli tool can't do better?

📢 Time for an update on my workflow. This one's a 23 min read, so buckle up. 100% organic and hand-written, like an animal.

I’m kind of sick of ChatGPT 5 complimenting my questions, do we really need to waste the output tokens for the sake of flattery?

Wrote a blogpost today about getting Lucid fuzzing on a "real" target, all of the work that it took and the changes we made along the way. Next, we'll take a more earnest bug-finding approach and conduct a serious fuzzing campaign with Lucid:

FalseCrashReducer - LLMs being used to generate constraints and and analyze crash feasibility for LLM-generated bottom-up fuzz drivers in OSS-Fuzz-Gen. https://t.co/O2G51LGfUI

Lucid is alive! it's fuzzing its first real target and found it's first 0day already, an 00B read. had to patch it to keep fuzzing. this + some modifications is going to be blog post 1 in a series about iterating on the fuzzer until it's vastly improved.

Between pwn2own, bug bounty and countless amount of sec eng hours invested in securing the web browser, meticulously locking down APIs and other client side exploits just to have product designers slap in an AI subsystem without a proper security review 😂 🍿

@oegerikus @Xbow If you are gonna use H1 as a marketing platform and hint about ”use use instead of humans! just look at out stats” I would please ask of you to start releasing the cost of running this tool. It starts to feel like you are eroding the trust of researchers on these platforms

I can’t tell if the creator of curl is just not privy to kettle’s reputation or really just hates exploit logos that much

The man produces cutting edge research for blackhat 10 years in a row conducting proper disclosure each step of the way including 3 other desync related talks resulting in highly impactful data/tools for all of infosec and people still lose their minds over logos and websites 🤷‍♂️

Even mature products hide critical flaws – and @XBOW just found another one. CVE-2025-49493: XXE in Akamai CloudTest discovered during our climb to #1 on HackerOne. A complete technical breakdown from an error-based detection to a full exfiltration by @djurado9