*cough* blog.ajxchapman.com/posts/2017/0... *cough*
10.03.2026 18:45
π 2
π 0
π¬ 0
π 0
Every bug hunter / vulnerability researcher / pentester should have to write their own blind or timing based SQL injection tool. It's like a rite of passage, if you've taken the time to understand and produce your own you'll probably make it in this world, if not π¬
x.com/slonser_/sta...
Last BSidesNYC I sat behind a guy doing the CTF with ChatGPT. Ctrl-a paste page source and a screenshot, hit enter, repeat. User totally not reading the output. LLM got the flag (flappybird-style JS challenge) after maybe ten rounds of this.
Last message dude sent in the session was "We did it!".
Yeah this is 100% what I'm talking about, it _is_ happening, and a whole lot of people are going to be voluntarily less knowledgeable because of it.
LLMs are a tool of the future, but we don't need to stop learning because of it.
I think it's highly likely we'll end up in a split tier future of those that use LLMs without learning, and those that seek to understand what the LLM is doing and learn from it.
I believe the latter is the much more desirable camp to be in.
This post on LLM use in CTFs sums up my feelings on the subject nicely.
vt.social/@lina/116198...
When simply directing LLMs for development / security research / CTFs it's quick, often accurate, often useful, but I don't inherently learn anything other than how to direct the LLM.
What I'm waiting for: Email updates to 5 separate Bug Bounty reports
What I get: Email notifications of 3 year old reports being closed
π
I wouldn't even attempt to report a bug to a company without at least a VDP / security.txt / security@ these days. The amount of effort for sometimes less than 0 appreciation is just not worth it.
redstopgringo Follow β’β’β’ Are Pinky and the Brain still trying to take over the world? Because at this point, I'm willing to hear the Brain's platform. the-other-sandy ε°±@ β’β’. At this point, I'm willing to hear Pinky's platform. 56 22,966 25,029
Same.
To be fair, dinosaurs rule.
If you are selling a mirror and your ad creative includes images of the product with impossible reflections, I'm going to have to go ahead and assume your product doesn't work very well!
I'm sympathetic to corporate policy "patch gaps", but when it's framed as "acceptable exploitation window" it hits on a different level π€
Dadβs books are full of empathy, common sense, and a healthy suspicion of the powerful. But at its heart his work is also about how systems keep people poor while pretending itβs their own fault. So I hope Kemiβs taking notes as well as reading the jokes.
"Despite repeated warnings over X's evolution into what some might describe as a wretched hive of scum and villainy, governments and organizations are still reluctant to leave the social media platform" π₯
An in depth summary of the consequence of Google VRP increasing bounties in 2024.
"We observe statistically significant increases in the reporting
of high-value bugs, especially in the highest impact tiers and high merit submissions." π₯
arxiv.org/abs/2509.16655
An in depth summary of the consequence of Google VRP increasing bounties in 2024.
"We observe statistically significant increases in the reporting
of high-value bugs, especially in the highest impact tiers and high merit submissions." π₯
arxiv.org/abs/2509.16655
The new favourite fidget toy on my desk is the Zippo lighter I've had since I was a teenager. There is something about the noise of the cap flipping open and flint sparking. This has replaced the ever popular poker chips.
Needless to say, I am not a great example for my kids π¬
Hackers tops the list of films that have influenced my life. Without seeing this film as a young teen I may not have misspent my youth in front of a computer trying to understand how it all worked. Which, despite what my parents suggested at the time, seems to have worked out well for me π
Back in the day when I was hopping around flats in London I got all of them though scraping rental and roomshare adverts (mostly Gumtree at the time) so I could be the first person to respond and see a place. It's definitely an underrated technique!
That feeling when you finally read that blog post you've had open in a browser tab for 3 months, and it's complete garbage π
It's honestly embarrassing!
My previous yearly posts were on the other site, linked below for anyone who wishes to read them, or read ChloΓ«'s story.
x.com/ajxchapman/s...
I nearly didn't post ChloΓ«'s birthday this year. I feel like after 7 years I should be able to handle the pain better (I can't) or be over it somehow (I'm not). I decided that it's a way I choose to remember her, and I don't want to ever forget.
It's been another year since my wife and I lost our first daughter ChloΓ«. She would have been 7 today. With each passing year I can't help but think about what her life would have been like, what our life would have been like, had she been given a chance. I love her so much, but don't even know her.
This jaw dropping write-up of an LLM solving a DEF CON CTF challenge(!) with minimal human interaction π€― It seems like "vibe-reversing" is becoming a viable option now...
I'll add it to the list
bsky.app/profile/ajxc...
Simpsons meme "Old Man Yells At Cloud"
There is something quite depressing about many of the advertised agentic AI use cases being posting "viral" content to social media. It stinks of one person assuming their time is inherently worth more than everyone else.
I've said it before and I'll say it again, Windows 11 is _such_ a hostile user experience, it's like they've actively tried to make it unpleasant to use π
Can Bluesky say every word in the dictionary?
I dunno but I plan to find out!
I made a website that tracks every single word said on bluesky (as of yesterday).
