Richard Johnson

If you are wondering what it takes to get published in phrack click through to the CFP for areas of interest but tl:dr
the requirements are:
offensive security research
10-20pgs deep dive on internals/theory
Proven practical demo and source code snapshot. submissions@phrack.org

Phrack making the old days look so good! Call for Papers is up and the demoscene intro is brilliant!

H/T to @richinseattle.bsky.social

phrack.org

Spread the word! @phrack.org CFP with demoscene cracktro is live. Turn up the volume and enjoy the awesome stylings of @PiotrBania with some hopefully inspiring text from phrack staff :)
phrack.org

This may be the only offering of my fuzzing class at a conference this year and includes updates for targeting edge devices and arm64!

🚨 In 2026, Richard Johnson - @richinseattle.bsky.social - returns to OffensiveCon with a training on "Advanced Fuzzing and Crash Analysis". More details here🔗https://buff.ly/I8w5EEO

🚀 Don't miss this chance to improve your skills - sign up now!

@richinseattle.bsky.social’s ai agents for cybersecurity course at RE//verse looks neat!

Currently in day 3 of 4 at Hexacon and students have created agents that beat some OverTheWire & CSAW .. a paper a few years ago had 7 authors and 6mo of research partially led by one of the engineers at XBOW, so I’d say we are doing some fun stuff :) gdb, Ghidra, etc automated in agentic loops.

Miss our #defcon panel hosted by @richinseattle.bsky.social @vacci.ne and chompie? It's up on YouTube!

Phrack 40th Anniversary ansi art by Harvest

Phrack turns 40.
The digital drop is live.
Download it. Archive it. Pass it on.
💾 www.phrack.org
#phrackat40 #phrack72

Hackers who exposed North Korean government hacker explain why they did it | TechCrunch The two self-described hacktivists said they had access to the North Korean spy’s computer for around four months before deciding what they had found should be made public.

NEW: Earlier this month, two hackers published their findings in Phrack magazine after earlier breaking into the computer of a North Korean government hacker.

Now, in speaking with @lorenzofb.bsky.social, the two hackers explain why they went public — even though their breach was probably illegal.

defcon 33 main stage sunday aug 10 noon - flyer with sick ascii by x0 and aNACHRONiST

Are you going to @defcon.bsky.social??

We'll be giving away 9500 print copies of Phrack!

Come by main stage Sunday @ noon to see @vacci.ne @richinseattle.bsky.social and chompie talk hacker history! This will mark the first time Phrack staff appear together on DEF CON’s main stage.

AI Agents for Cybersecurity

by Richard Johnson (@richinseattle.bsky.social)

www.hexacon.fr/trainer/john...

Applied Deep Learning AI for Cybersecurity from April 22 to April 23/2025 — secwest.net - secure virtual engagement This class is designed to introduce students to the most effective tools and techniques for applying cutting-edge deep learning–based artificial intelligence to cybersecurity tasks. By leveraging AI-d...

@richinseattle.bsky.social Richard Johnson, at the forefront of AI Security Research for years, is doing a new two day dojo course at CanSecWest2025_newtype, before 24/25 conference.

Check out his presentation last year at CanSecWest "The DL on LLM Code Analysis " at

secwest.net/2024-recordi...

Well the initial vibe check isn’t great but I need a larger sample set. QwenCoder 2.5 did an okay zero shot but since it's not a thinking model I followed up with a prompt of "are there any bugs in the harness?" and it went off the rails producing incoherent output

Hah well the previous benchmark I created was evaluated on a curated vuln identification dataset which made it trivial and allowed me to iterate on the input side which led toward agentic prompt selection. I have other ideas and would incorporate more variables for this task ofc ;)

I was going to include it. Will give it a shot. I need to create a new benchmark to give more empirical measurements. I have a plan for that.

Total awareness, understanding marketability of local models, determining which may be competitive with tuning, etc. Current interest is for which to use for agent dev and tuning for the training I’m developing. Will contrast vs best commercial options as well. Students will have diff applied needs.

Generated a few fuzz harnesses using new local models, OlympicCoder was best, fixing own bugs zero-shot & few hallucinations

Open R1 OlympicCoder 32B
DeepSeek R1 Distill Qwen 32B
QwQ 32B
Gemma-3-27b-it

All 4bit quant. Coder was by bartowski, the rest were Unsloth dynamic quant

My new APPLIED DEEP LEARNING AI FOR CYBERSECURITY training class is now available for sign ups at @reconmtl for 5500 CAD ($3838 USD) early bird pricing

Full syllabus and registration here:
recon.cx/2025/trainin...

My Applied Deep Learning AI for Cybersecurity training will be at RECON’s 20th anniversary con! I have a fuzzing harness gen section but will also cover model training/tuning & AI agents w/ applications in malware, RE, bug hunting, and web app pen-testing. There are also 3 other fuzzing trainings!

Kevin Mitnick Part 01 (Final)

Friends, FBI has responded to my FOIA request for Kevin Mitnick's files, and have made them available to everyone via the FBI public portal here: vault.fbi.gov/kevin-mitnic...

Get your macOS 15.2 xnu CodeQL database here! 🎉

github.com/blacktop/dar...

Visiting family in western Arizona, not too far from Lake Havasu

Mount up, time to ride!

New Year, New Life.

If you say “Pet Cemetary” three times in the mirror.. REDRUM

Happy New Year!

Yep

Nah 3D printed reproduction. I do have an original OKI900 and some red boxes I built in the 90s :)

Support your friendly phreaks! www.etsy.com/listing/1763...