Junkyard was an absolute pleasure to host again, it was awesome to see it take off... we even had a Roller Coaster Tycoon exploit this year!
In case you missed the show, @caseyjohnellis gave a great writeup of the EOL targets and exploits shared: cje.io/2026/02/07/f...
screenshot of VSCode's integrated terminal auto-suggest
VSCode has leaned forward on a lot of fantastic usability enhancements...
But their recent "terminal autocomplete suggestion" setting has definitely been a mixed bag for me (distracting and suggests bad completions).
To disable: settings > "terminal suggest" and uncheck
Screenshot of the 3D repository visualizer showing AIxCC challenge code and associated bug
Want to see the vulnerabilities added for AIxCC?
Interested in seeing how well-known C & Java repositories differ in structure/distribution of code?
Check out the interactive repo visualizer we made for exploring the scale & detail of AIxCC challenges: archive.aicyberchallenge.com/repoviz/
Finally ran my own experiment on 2 LiveCTF challenges after seeing an AI bot beat top players on them.
Granted, these are the 2 we saw AI solve, but I was still surprised by the success of current models with a single prompt.
Sharing so others can try it themselves: seeinglogic.com/posts/livect...
Team Atlanta's report explains how their CRS took first in AIxCC: team-atlanta.github.io/papers/TR-Te...
And you can just read the code! github.com/Team-Atlanta...
The report covers a ton: LLM usage, orchestration, and patching... but really shines in its coverage of practical fuzzing issues.
Interested in Submitting to Junkyard? Want to hang out with fellow researches? Workshopping ideas? Come hang out with the Junkyard Team for a Virtual Happy Hour!
Wednesday October 1, 8pm ET (5pm PT) (1, maybe 2 hours?)
RSVP: luma.com/949joy6c
ICYMI: 5 systems built to compete in DARPA's AI Cyber Challenge are now Open Source: archive.aicyberchallenge.com
Everything from prompt templates, to terraform code, to implementations of very recent research techniques, it's all there.
Our Call for Papers is officially OPEN!
We are looking for
- Hacking Magic πΎπͺ (cool research, novel TTPs, tool releases, etc.)
- Policy Roundtable Topics βοΈ (specific cyber topics focused on geopolitics, ethics, legal frameworks, governance, etc.)
www.districtcon.org/cfp
districtcon.org/junkyard Call for Bugs is still open! Initial submissions close on Oct 24 - submit your best bug in an old deprecated system today π
Cover art from the DEF CON special hardcopy release of Phrack issue #72.
The #defcon hardcopy of @phrack.org is a thing of beauty!
As usual, the content has excellent technical depth & spirit... I really felt a connection reading Orange Tsai's musings on CTF and his role as a "bug archeologist."
Hats off to everyone involved; it will always have a spot on my bookshelf.
Logo for LiveCTF (livectf.com)
If you're not at #defcon right now and feeling some CTF FOMO, you can still tune in and watch the semifinal and final matches of LiveCTF at livectf.com
Scroll down for a bracket with matches in your local time, and tune in!
Live-streamed head-to-head speed CTF sidecar to the DEF CON CTF... it's gonna be awesome!
If youβre headed to DEF CON, donβt miss the AIxCC exhibit.
Not just to see me; though Iβll be there and at LiveCTF...
But to meet with some great minds in AI/cybersecurity space, and hear how the data from the competition will might drive a lot of future research.
But yes, also come by to see me!
Just got back from speaking at @summerc0n.bsky.social which was great fun!
They really have a unique vibe that's only possible from a small conference with a loyal following.
Personally I appreciate the conference's sense of style and personality, and their meme game is impeccable! π
Extremely interesting comparisons in cybersecurity...
The 1οΈβ£ thing to focus on? Talent.
Talented people have outsize impacts in software and cybersecurity. And expertise drives better policy (eventually)!
Pipelines to build more experts pay compounding returns.
Had a great time talking with @zardus.bsky.social about getting started in cybersecurity: www.youtube.com/watch?v=n9QW...
Primary thrust: Try something that interests you, then keep trying things.
Every time, you'll either succeed, learn something, or meet new people, and this builds over time.
Dear Bluesky friends: where do you buy hacker shirts?
Looking for something fresh, and there's definitely a line between cool and trying too hard.
π¨ CALLING ALL VULNERABILITY RESEARCHERS π¨
The Junkyard is officially open!
This is our live, on-stage pwnathon dedicated to end-of-life systems. Submit your bugs!
Prizes range from $100 to $5,000 for categories like:
βοΈ Most Impactful System
πΎ Best Meme Target
π Most Engaging Presentation
Someone said to me recently "we're going to need people to babysit LLMs that do the work people used to do"...
And my knee-jerk response was "I dunno, that sounds like a certain kind of hell to me."
Apparently some folks are already testing the waters... github.com/dotnet/runti...
We're thrilled to announce we're coming back for DistrictCon Year 1!
ποΈ Jan 24-25, 2026
πCapitol Hilton
Early bird tickets will be sold in September, and GA tickets in November! Call for Talks, Policy roundtables, and Bugs coming soon π
www.districtcon.org
Wrapping up my posts on Python #fuzzing by going through different ways to generate structured/complex inputs: seeinglogic.com/posts/struct...
I focused on Python because there isn't as much written on it, but the concepts apply to any language and across tools!
Skip the hype, watch top CTF players for whether LLMs are changing the game (or not).
@hgarrereyn.bsky.social tells it like it is and shares his code to boot π
@livectf.bsky.social just posted their challenges and the solutions from the DEF CON quals: github.com/Live-CTF/Liv...
This means 6β£ challenges to replay, with solutions from some of the best CTF teams in the world.
Challenge-4 (sokobin) lets you push bits around on the stack to get the flag π€―
*tap*, *tap* This thing on?
It's that time again! Prepare yourself for another DEF CON CTF qualifiers with a LiveCTF component this weekend! Thanks to @Nautilus_CTF for having us back and running another year! Keep an eye out here and at livectf.com for more details.
Enjoyed this deep-dive on attempting to exploit AIxCC's NGINX heap bugs: roundofthree.github.io/posts/nginx-...
Dense material, but enjoyed that they:
- Gave detailed allocator comparison
- Tried application-specific approaches
- Combined bug primitives
- Used a now-public vulnerability dataset!
Thanks for kind words, and thank you for reading!
It has been a minute since I wrote this, and you bring up a good point with LLMs being much more present in the coding environment now than when I wrote it. Maybe worth revisiting!
Heard a lot of people wondering how good RE//Verse
would be, and I can say...
It's been awesome.
Similar in vibe to Infiltrate and OffensiveCon, plus a super positive hosting crew.
Great talks so far, I'm biased but really liked @mahal0z.bsky.social 's on improving decompilation β΅
What an amazing crew, everyone was great and a pleasure to work with.
Unbelievable resolve and effort... to run a con with the lights out!
Just pushed an update to Ariadne that makes it compatible with Binary Ninja's dev branch.
Thanks to unknowntrojan on GitHub for the PR!
github.com/seeinglogic/...
Reaching out to you both!
