cR0w 
🏴☠️"AI is giving attackers a huge advantage!"
"Yes, it is. It's amazing how quickly it has destroyed dev, sec, ops, management, company missions and priorities, regulations, information literacy, and civil society, making everyone more vulnerable."
Ron Bowes@cR0w Also trust! I remember when certain small companies used to set themselves apart and build a lot of goodwill by having humans create things for the community.. now it's all slop all the time coming from their social accounts
David Schuetz ** looking for work **@iagox86 @cR0w I used to love writing short blog posts for my company. Nothing earth shattering, but just interesting enough that it kept our name circulating and maybe, just maybe, helped out a few people interested in the same problems.
Then we got bought, and the blog was all shaped by marketing from then on. (same at the company after, as great as it was in other ways). Community engagement became just plain engagement.
Find me another small company of nerds who just want to help out others, and share bits of what they've learned for the community, and I'll be happy.
@darthnull @iagox86 Seems to be the way most of the current orgs that claim community involvement are already heading too.
@cR0w @darthnull Then labs/research makes their own blog, then that ALSO gets filled with AI slop because more quantity = better right?
I'm gonna start embedding one of those "email me for a $100 gift card" into every slop post to prove that nobody reads them
da_667@iagox86 @cR0w @darthnull If I had a dollar for every time I was looking up PoC/exploits for a given CVE, and its some slop report from a website that just seems to scrape cve.org and regurgitate it along with very generic remediation recommendations, I probably wouldn't be rich, but like, I could have a fairly nice lunch.
@da_667 @cR0w @darthnull omg, it's the worst.
The WORST part is that I've found that an LLM is the best way to deal with that shit.. it's way better at filtering results down to just useful PoCs (having to use AI to fight AI makes me incredibly sad though :( )
@iagox86 @cR0w @darthnull what's incredibly fun is looking at nuclei-templates repo, thinking you've found something that can serve as a proof of concept for some thing you really needed, and its a GET request that they parse with regex for version strings.
Thanks for that, I guess.
Viss@da_667 @iagox86 @cR0w @darthnull i keep getting the impression that nuclei is just nmap nse with extra steps
Cybarbie@Viss @da_667 @iagox86 @cR0w @darthnull I shudder to think what it's like now but in the beginning people did add defanged exploits or proper detections not just grabbing the banner. But build it and they will come and now I suppose the kudos miners can times AI their bullshit. It's a shame because projectdiscovery have made some good stuff. Actually AI might be better because at least it will read the researcher's report and be able to extract the key signatures.
@nf3xn @da_667 @iagox86 @cR0w @darthnull the whole zerg-rush of bounty hunters invited all the riffraff. all the people who barely knew enough about computers but put mr. robot on in the background on repeat 24/7 were desperate to be leet haxors and brag to their friends that they were leet haxors. then the various scam artists wired it all up to produce scary-sounding but complete bullshit reports to knee-jerk people out of an extortion-flavored bounty, and dev has gone that direction
@iagox86 @da_667 @cR0w @darthnull ive found making gpt 5.4 do research for me and force it to provide sources seems to take marginally less time than slogging through websites by hand and clicking through the 200 modal popups, login with google, youve reached your free article limit, solve this capacha to see the blogpost, 10 second timer newsletter popup modal bullshits
Tindra@iagox86 @cR0w @darthnull I’m working really hard to sell “the value of my team is that you’re getting feedback from a real human expert” when we talk to brokers.
Because that absolutely is a differentiator in my business.