Mark Griffin

95 Followers
27 Following
85 Posts
Dev/hacker | Improving human understanding of code | A picture's worth 1KLOC
websitehttps://seeinglogic.com
GitHubhttps://github.com/seeinglogic
twitterhttps://twitter.com/seeinglogic

The Junkyard Call for Bugs is officially open! 👾
www.districtcon.org/junkyard

For additional information, please reference our Disclosure Guidance doc: lnkd.in/ewjswJyf

And if you missed last years presentations, check them out on YouTube now: https://www.youtube.com/@DistrictCon/shorts

DistrictCon

DistrictCon is a DC hacker con, focusing on hacking together and exchanging ideas over typical talk tracks. We want to grow the community through action and engagement that focuses on the greater good, while also enlightening policymakers. Topics will range from classic hacking topics (binary exploitation and reverse engineering) to infosec policy and geopolitics. We’re creating a DC hacker con while keeping it, above all else, a hacker con.

YouTube
Feb. 6-7, 2027 | See you there 🪩✌️

For my #reverseengineering fan friends, if you missed it: RE//verse talks now live on YouTube: https://youtube.com/playlist?list=PLBKkldXXZQhD1hzCkhhMQXjEQ_qWnFtQn&si=lG1F0j2loNd6Psjl

Some great presentations on that list, including two really fun keynotes, reversing AoE2 with @ZetaTwo , and a tour-de-force Xbox One hack from @gaasedelen !

~6 months ago I posted about how a LiveCTF competitor won a few challenges with a an AI bot in the background.

Since then, I've been seeing versions of the "LLMs have ruined CTFs" discussion occur in bits and pieces, but haven't found anything consolidated... are there any good writeups or discussions out there?

Particularly interested in the area of "what LLMs are not good at" or even anti-LLM techniques beyond attempting prompt injection.

Junkyard was an absolute pleasure to host again, it was awesome to see it take off... we even had a Roller Coaster Tycoon exploit this year!

In case you missed the show, @caseyjohnellis gave a great writeup of the EOL targets and exploits shared: https://cje.io/2026/02/07/for-the-love-of-the-game-districtcons-year-1-junkyard/

VSCode has leaned forward on a lot of fantastic usability enhancements...

But their recent "terminal autocomplete suggestion" setting has definitely been a mixed bag for me (distracting and suggests bad completions).

To disable: settings > "terminal suggest" and uncheck

The interactive repo visualizer we made for exploring the scale & detail of #AIxCC challenges just went live on the archive site: https://archive.aicyberchallenge.com/repoviz/

AFAIK, this is the only way currently to see some of the details (like actual code diffs) of the vulnerabilities added for competitors to find.

This was an interesting challenge to design because we wanted it to be visually engaging & interactive, technically honest, and appeal to both security newcomers and experts.

If you find this sort of thing interesting, pass it on!

Finally ran my own experiment on the two LiveCTF challenges where an #AI bot beat the top human competitors.

Granted, these were the challenges that we knew that AI was successful against...

But I was still surprised by the success of current models with a single prompt, which certainly is not the most effective way to use LLMs.

Sharing so others can learn and try things themselves: https://seeinglogic.com/posts/livectf-ai-debut/

Team Atlanta's report breaks down how their CRS found and fixed bugs to take first place in AIxCC: https://team-atlanta.github.io/papers/TR-Team-Atlanta.pdf

The report covers a ton: LLM usage & strategies, orchestration, automatic patch generation... but to me it really shines in its broad coverage of issues that arise when trying to fuzz large real-world codebases.

And the best part is that you can just go read the code! https://github.com/Team-Atlanta/aixcc-afc-atlantis

This level of transparency is frankly amazing, and one of the best things about AIxCC.

ICYMI: 5 systems from AIxCC are now Open Source: https://archive.aicyberchallenge.com/

An unprecedented opportunity to peek into the toolkit of top teams like Team Atlanta (Georgia Tech, Samsung Research), Theori, Trail of Bits, Shellphish/ASU, etc...

Everything from prompt templates, to terraform code, to implementations of very recent research techniques, it's all there 👀

If you prefer watching talks to reading code, check out the recordings from the stage talk each team gave about their CRS and the competition at https://aicyberchallenge.com/def-con-33/ (just scroll down to "Stage Talks" and click "Competitors").

AIxCC Competition Archive | AIxCC Competition Archive

The comprehensive archive of DARPA's Artificial Intelligence Cyber Challenge