Best damn hacking video in decades and it's my dude, Mr @joegrand
Daniel Cuthbert
- 3K Followers
- 236 Following
- 426 Posts
Documentary photographer, old creaky hacker. Co-author of the @OWASP ASVS standard. Blackhat/Brucon Review Board.
YouTube
We've been testing a pretty sweet new feat for RAPTOR with the exploitability validation pipeline, which sits between vulnerability discovery & exploit generation.
Before, we be like:
scan → analyse → exploit
now, we is:
scan → validate exploitability → analyse → exploit
Typical flow now becomes:
1. Static or dynamic analysis identifies candidate vulnerabilities
2. Exploitability validation stage runs
3. Only validated findings proceed to exploit generation
4. Exploit proof of concept or patch generation follows
For us on the team, this is significant because it:
1. Reduces false positives that lead to meaningless exploit generation and token wastage (gotta be cost aware)
2. Forces the agent to reason about realistic attacker capabilities
3. Enables prioritisation based on real impact
RAPTOR now standardises human readable exploitability statuses, namely:
Exploitable
Confirmed
Proven
Disproven
Ruled Out
It's a big step forward and hopefully gives all insight into what we are working on moving forward.
Remember kids, Gobbles were amazing. Love you all
When bugs actually cost lives. Great bit of research by CheckPoint on how cyber and trad war intersect
Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East - Check Point Research
Key Findings Introduction As highlighted in the Cyber Security Report 2026, cyber operations have increasingly become an additional tool in interstate conflicts, used both to support military operations and to enable ongoing battle damage assessment (BDA). During the 12-day conflict between Israel and Iran in June 2025, the compromise of cameras was likely used to support […]
Totes not a fan of digital watches, but the SQFMI Watchy kinda appealed to me in a hacker/tinkererer sense.
It had been 5 years since I made my first watch face, so this weekend me the the kids made a new one for 2026, Bauhaus inspired
Kids actually enjoyed working out where to put the boxes, compiling the firmware and pushing it to the watch and seeing what worked and what didnt.
Based off an esp32 and with PlatformIO helping, this is a good fun exercise for kids I feel (and adults too)
So now that vibe coding has gripped the world, who’s going to be first to create the app, or apps, that start helping people block Automated Content Recognition (ACR) from working?
Not that we need another set of firewalls, but it’s kinda clear we need something to understand when such tech is tracking you
Attorney General Ken Paxton Secures Major Win by Stopping Samsung from Using its Smart TVs to Illegally Spy on Texans
Attorney General Ken Paxton secured a major victory against Samsung, halting the company’s use of technology that allowed it to spy on Texans in their own homes.
When he finally finds the yubikey so he can auth.
UNIX nerds rejoice, Uni of Utah managed to find version 4 of UNIX
https://youtu.be/m-3RJaKcw_4?si=g-saIcZfEwtIZMN_
Why is this cool? Well this is the 1st version written in C. Had a letter from Ken Thompson too, we thought version 5 was the oldest surviving copy
Oh and it’s 2mb in size!
So friggin cool
UNIX v4 program found cleaning out an office at the University of Utah
Anyone who’s tried to capture FaceID and the scanning that happens on your iPhone, will resonate with this video
Great to see Associated Press do this piece on capturing surveillance tech
