[Research] smart contracts auditing 101 for pwners - PART 1 (EN) https://t.co/NKVMl4qYLq Hello, this is d4tura. In this research post, I summarize the core concepts required to solve the smart contract wargame "Damn Vulnerable DeFi." From the perspective of a 'pwner' more

All web3 security researchers should read this 10/10 report on all web3 security incidents in 2024 and stats around them. Great job by @ChainLight_io. Read below👇 https://t.co/rxtn8n4dQO

a senior engineer at google just dropped a 400-page free book on docs for review: agentic design patterns. the table of contents looks like everything you need to know about agents + code: > advanced prompt techniques > multi-agent patterns > tool use and MCP > you name it

Checkout this open-sourced handy MCP server for JEB decompiler by us: https://t.co/LXSEFtSbFx . Contributions and use cases are always welcomed.

⚡ Going beyond the baseline, we forked Jazzer with LibAFL to push Java fuzzing further under AIxCC pressure — lessons learned. 👉 https://t.co/PF1XQow9rs #AIxCC #Cybersecurity #CTF #AI #LLM #GenAI #AICyberChallenge #DARPA #DEFCON #Security #Vulnerability

HITCON CTF 2025 Date: UTC 08/22 14:00 ~ 08/24 14:00 https://t.co/QDdiyGlv3y Thanks to @vinami from DeFiHackLabs for creating the web3 challenges for HITCON.

This is just the beginning, more technical stuff coming up!

First, we use an LLM classifier. We provide the vuln report and relevant source code, requesting a single output token: whether the vulnerability is "likely" or "unlikely" to be real. By inspecting the logprobs of the completion, we can score candidate vulns by likelihood!

Got a knack for security? We've launched a rewards program for OSV-SCALIBR and want your help! Earn cash 💰 for creating new plugins that detect vulnerabilities, secrets, or extract software inventory. https://t.co/jvtVTSpCXs

🚀 Proud to be part of DARPA #AIxCC Winner - @TeamAtlanta24 ! Our sub-team built one of the key components: Multilang LLM Agents for vulnerability detection.

Here’s the source code of our #AIxCC winning team @TeamAtlanta24, enjoy! https://t.co/jSA4H7mH4U More things TBA

We did it!!!!!!!!!!!!!!!!!!!!

Team Atlanta wins the AIxCC Grand Final! 🏆

많은 기업들이 희망퇴직을 실시하기 시작했습니다. 4050 날아가기 시작하네요. [헤럴드경제] 40대~50대 ‘날벼락’…“9000명 해고합니다” 최악 ‘희망퇴직’ 결국 터졌다 https://t.co/jBilQ248IZ

When you make a Bank ACH transaction, it’s literally just an SFTP upload. Sent as a NACHA file, it's 940 bytes of ASCII text. Bank-to-Bank transactions cost ~0.2 cents. As long as it travels via encrypted tunnel; it’s compliant! Here’s how the quirky system works:

Documented instructions for setting up KGDB on Pixel 8. Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc. https://t.co/vb4mgLDJrl

How much profits does MEV bots 🤖 really make from CEX-DEX Arbitrage? No one can answer this question before, but we are excited to share a new paper measuring it with formal methods finally! (We got accepted by AFT25' !🥳) I summarized all the alpha in one pic for you 😃

We found a new container escape affecting all container runtimes using @NVIDIA GPUs. The crazy part? The exploit is just three lines long 🤯 This is the story of #NVIDIAScape 🧵👇

Again an interesting bug, an excellent and very detailed report with PoC & exploit from 303f06e3🔥🔥🔥 [$50000][403211343][turboshaft]Improper Error Handling in LateLoadElimination for String Map -> RCE https://t.co/UWeDbeVNYh

Here is our 0day for kernelCTF🩸 - 82k bounty - quickest submission ever - all instances pwned😎 https://t.co/0sb11m8ITD Disclaimer: We apologize for abusing the red black tree family. Turning grandparents against grandchildren is only acceptable in the context of pwn😤