*sigh* I'm sad.
-
*sigh* I'm sad.
I wrote a really cool Windows kernel exploitation challenge for $employer's blog. I put a ton of work into designing and validating it.
just finished triaging the submissions.
almost everyone who submitted a response used an LLM and did no further analysis. none of these submissions solved the fun parts of the challenge.
the few people who didn't obviously use an LLM mostly sent in a 2-3 sentence summary of the bug, and didn't solve the fun parts of the challenge.
@gsuberland
Security research doesn't feel the same after I searched "how to exploit windows" and forgot the n at the end. -
*sigh* I'm sad.
I wrote a really cool Windows kernel exploitation challenge for $employer's blog. I put a ton of work into designing and validating it.
just finished triaging the submissions.
almost everyone who submitted a response used an LLM and did no further analysis. none of these submissions solved the fun parts of the challenge.
the few people who didn't obviously use an LLM mostly sent in a 2-3 sentence summary of the bug, and didn't solve the fun parts of the challenge.
@gsuberland would you feel comfortable linking it? I would like to read it even if I likely can't finish it
-
although if you're the person who cockily submitted the one declaring that it was done autonomously: lol, lmao, reality check time
one person got the Linux challenge correct and then wrote "I'm not a Windows person but I'm really looking forward to seeing the writeup on this" for the Windows challenge.
this was by far my favourite answer and I am pushing to get them some swag to reward having an excellent attitude.
-
@gsuberland would you feel comfortable linking it? I would like to read it even if I likely can't finish it
-
although if you're the person who cockily submitted the one declaring that it was done autonomously: lol, lmao, reality check time
@gsuberland The phenomena of people play acting GAI agents is weird
-
really puts a damper on me wanting to put effort into these in future.
@gsuberland Same with a CTF I built back in '15. Zero interest from anyone who said they'd be interested.
-
@gsuberland oh I do know appsec.guide, will have a look at the WDF specific stuff since I still use WDM in $current_year
Dunno how much of a consolation it is but your efforts are appreciated.
-
@gsuberland oh I do know appsec.guide, will have a look at the WDF specific stuff since I still use WDM in $current_year
Dunno how much of a consolation it is but your efforts are appreciated.
@sharkfie I wrote the majority of the Windows C++ stuff in there, so feel free to poke if you have questions
-
*sigh* I'm sad.
I wrote a really cool Windows kernel exploitation challenge for $employer's blog. I put a ton of work into designing and validating it.
just finished triaging the submissions.
almost everyone who submitted a response used an LLM and did no further analysis. none of these submissions solved the fun parts of the challenge.
the few people who didn't obviously use an LLM mostly sent in a 2-3 sentence summary of the bug, and didn't solve the fun parts of the challenge.
@gsuberland @darthnull I suspect this is the same feelings DMs feel when they write up their homebrew scenarios.....
-
@neurovagrant @da_667 @gsuberland just remember that punishing brain cells doesn't have to mean punishing your tongue. Get the *good* stuff. On the company card.
@rootwyrm @neurovagrant @da_667 @gsuberland Remember that good Jenkem comes from the Jenkem region of the internet, otherwise it's just sparkling poop-gas.
-
@gsuberland @darthnull I suspect this is the same feelings DMs feel when they write up their homebrew scenarios.....
@Diami03 @darthnull ... I am currently doing exactly that
-
one person got the Linux challenge correct and then wrote "I'm not a Windows person but I'm really looking forward to seeing the writeup on this" for the Windows challenge.
this was by far my favourite answer and I am pushing to get them some swag to reward having an excellent attitude.
@gsuberland As someone who does windows EXE ctfs with wine (and strace and gdb), I am so liking this person.
-
@gsuberland As someone who does windows EXE ctfs with wine (and strace and gdb), I am so liking this person.
@AMS we are indeed giving them swag
-
R relay@relay.publicsquare.global shared this topic
