@seeinglogic.bsky.social
Dev/hacker | Improving human understanding of code | A picture's worth 1KLOC
Cover art from the DEF CON special hardcopy release of Phrack issue #72.
The #defcon hardcopy of @phrack.org is a thing of beauty!
As usual, the content has excellent technical depth & spirit... I really felt a connection reading Orange Tsai's musings on CTF and his role as a "bug archeologist."
Hats off to everyone involved; it will always have a spot on my bookshelf.
Logo for LiveCTF (livectf.com)
If you're not at #defcon right now and feeling some CTF FOMO, you can still tune in and watch the semifinal and final matches of LiveCTF at livectf.com
Scroll down for a bracket with matches in your local time, and tune in!
Live-streamed head-to-head speed CTF sidecar to the DEF CON CTF... it's gonna be awesome!
08.08.2025 16:54 β π 0 π 0 π¬ 0 π 0
If youβre headed to DEF CON, donβt miss the AIxCC exhibit.
Not just to see me; though Iβll be there and at LiveCTF...
But to meet with some great minds in AI/cybersecurity space, and hear how the data from the competition will might drive a lot of future research.
But yes, also come by to see me!
Just got back from speaking at @summerc0n.bsky.social which was great fun!
They really have a unique vibe that's only possible from a small conference with a loyal following.
Personally I appreciate the conference's sense of style and personality, and their meme game is impeccable! π
Extremely interesting comparisons in cybersecurity...
The 1οΈβ£ thing to focus on? Talent.
Talented people have outsize impacts in software and cybersecurity. And expertise drives better policy (eventually)!
Pipelines to build more experts pay compounding returns.
Had a great time talking with @zardus.bsky.social about getting started in cybersecurity: www.youtube.com/watch?v=n9QW...
Primary thrust: Try something that interests you, then keep trying things.
Every time, you'll either succeed, learn something, or meet new people, and this builds over time.
Dear Bluesky friends: where do you buy hacker shirts?
Looking for something fresh, and there's definitely a line between cool and trying too hard.
π¨ CALLING ALL VULNERABILITY RESEARCHERS π¨
The Junkyard is officially open!
This is our live, on-stage pwnathon dedicated to end-of-life systems. Submit your bugs!
Prizes range from $100 to $5,000 for categories like:
βοΈ Most Impactful System
πΎ Best Meme Target
π Most Engaging Presentation
Someone said to me recently "we're going to need people to babysit LLMs that do the work people used to do"...
And my knee-jerk response was "I dunno, that sounds like a certain kind of hell to me."
Apparently some folks are already testing the waters... github.com/dotnet/runti...
We're thrilled to announce we're coming back for DistrictCon Year 1!
ποΈ Jan 24-25, 2026
πCapitol Hilton
Early bird tickets will be sold in September, and GA tickets in November! Call for Talks, Policy roundtables, and Bugs coming soon π
www.districtcon.org
Wrapping up my posts on Python #fuzzing by going through different ways to generate structured/complex inputs: seeinglogic.com/posts/struct...
I focused on Python because there isn't as much written on it, but the concepts apply to any language and across tools!
Skip the hype, watch top CTF players for whether LLMs are changing the game (or not).
@hgarrereyn.bsky.social tells it like it is and shares his code to boot π
@livectf.bsky.social just posted their challenges and the solutions from the DEF CON quals: github.com/Live-CTF/Liv...
This means 6β£ challenges to replay, with solutions from some of the best CTF teams in the world.
Challenge-4 (sokobin) lets you push bits around on the stack to get the flag π€―
*tap*, *tap* This thing on?
It's that time again! Prepare yourself for another DEF CON CTF qualifiers with a LiveCTF component this weekend! Thanks to @Nautilus_CTF for having us back and running another year! Keep an eye out here and at livectf.com for more details.
Enjoyed this deep-dive on attempting to exploit AIxCC's NGINX heap bugs: roundofthree.github.io/posts/nginx-...
Dense material, but enjoyed that they:
- Gave detailed allocator comparison
- Tried application-specific approaches
- Combined bug primitives
- Used a now-public vulnerability dataset!
Thanks for kind words, and thank you for reading!
It has been a minute since I wrote this, and you bring up a good point with LLMs being much more present in the coding environment now than when I wrote it. Maybe worth revisiting!
Heard a lot of people wondering how good RE//Verse
would be, and I can say...
It's been awesome.
Similar in vibe to Infiltrate and OffensiveCon, plus a super positive hosting crew.
Great talks so far, I'm biased but really liked @mahal0z.bsky.social 's on improving decompilation β΅
What an amazing crew, everyone was great and a pleasure to work with.
Unbelievable resolve and effort... to run a con with the lights out!
Just pushed an update to Ariadne that makes it compatible with Binary Ninja's dev branch.
Thanks to unknowntrojan on GitHub for the PR!
github.com/seeinglogic/...
Reaching out to you both!
14.02.2025 16:19 β π 1 π 0 π¬ 0 π 0Report from CISA & friends on the Software Understanding Gap leading to national security-level issues: media.defense.gov/2025/Jan/16/...
This is what I'm working on improving, right in the IDE.
Reach out if you or your team wants to understand code better, I'd like to hear about your problems.
Data art of a stacked area chart arranged to look like a mountain scene. Annotations added to show categorization of author's talks in 2020 and 2024. Original source: https://www.kopidion.com/projects.html
Looking back, what made ShmooCon so awesome?
My two cents: 1) community 2) high quality talks on a wide variety of topics.
Greg Conti & co made this to depict the 801 talks over the last 20 years... and I added arrows to show where my two snowflakes are on the mountain.
We'll miss you, ShmooCon.
Our 2025 RE//verse talk schedule is now live! Talks start Friday, but don't forget to check the Thursday schedule and arrive early enough for the kick-off event!
https://re-verse.io/schedule.html?utm_source=bluesky&utm_medium=social&utm_campaign=schedulepub#sz-tab-45716
See you at Shmoo!
A huge thanks to the Shmoo crew... it has been one of my favorite cons and has a special place in my heart as my first big con to speak at.
To commemorate the Final ShmooCon, please give this a listen and substitute "Countdown" with #shmoocon in your head: youtu.be/9jK-NcRmVcw π
For the coders who just need a laugh right now... This was even better than I expected π
Also, I love "pippo" even though I don't think I've ever seen it used before...
www.youtube.com/watch?v=yup8...
P.S. For any #LLM wizards out there: can you get a model to produce a version of my target that doesn't crash when dropped in to the harness?
Arithmetic expression evaluation seems to be just difficult enough to give LLMs trouble.
So if you can crack it, I'm interested to learn from your wisdomπ§
Just pushed some #Python fuzzing example code to go along with the tutorial posts from my blog.
Check it out to see:
- A basic template you can reuse and adapt
- How to build basic valid inputs from fuzz data
- Demo of property testing & differential fuzzing
Repo: github.com/seeinglogic/...
Best time of year is here, adventofcode.com time π
Fantastic refresher, speed challenge, or for trying new languages/ideas.
The problems are fun, and start easy but get harder.
Plus they aren't linked, so don't worry about starting late or skipping a day. Let me know if you give it a try!
Curious about property-based testing or differential fuzzing for #Python?
How about a method to help catch hidden assumptions in AI-generated code?
Check out how to apply expert testing methods to find unexpected correctness bugs in non-trivial code: seeinglogic.com/posts/checki...
