*sigh* I'm sad.
-
*sigh* I'm sad.
I wrote a really cool Windows kernel exploitation challenge for $employer's blog. I put a ton of work into designing and validating it.
just finished triaging the submissions.
almost everyone who submitted a response used an LLM and did no further analysis. none of these submissions solved the fun parts of the challenge.
the few people who didn't obviously use an LLM mostly sent in a 2-3 sentence summary of the bug, and didn't solve the fun parts of the challenge.
@gsuberland Bummer. Half the fun of making challenges is seeing others have fun with it (and the other half is seeing them learn from the experience).
Sounds like you got very little of either.
-
R relay@relay.infosec.exchange shared this topic
-
really puts a damper on me wanting to put effort into these in future.
@gsuberland motivated to do some work
open up RSS feed
every fucking story for the past week is AI horse shit.
eyes the bottle of vodka in the kitchen
-
@gsuberland Bummer. Half the fun of making challenges is seeing others have fun with it (and the other half is seeing them learn from the experience).
Sounds like you got very little of either.
@darthnull yeah it's pretty demotivating to see people lacking the curiosity to experiment and learn when someone gives them an opportunity to do so.
in fact the answers I appreciated the most were the few that said "I have no idea but I'm looking forward to reading the writeup".
-
@gsuberland motivated to do some work
open up RSS feed
every fucking story for the past week is AI horse shit.
eyes the bottle of vodka in the kitchen
@da_667 @gsuberland i'm past the vodka and nearing the "huffing spraypaint in a parking lot" stage
-
@darthnull yeah it's pretty demotivating to see people lacking the curiosity to experiment and learn when someone gives them an opportunity to do so.
in fact the answers I appreciated the most were the few that said "I have no idea but I'm looking forward to reading the writeup".
@gsuberland @darthnull someone highlighted a difference that feels right to me based on what I've seen in myself and good friends I respect and trust:
There's two classes of people, those who like the art/practice of software development and get enrichment out of that process, and those who enjoy building and shipping a thing.
The former finds AI revolting, the other finds AI extremely enticing.
-
@da_667 @gsuberland i'm past the vodka and nearing the "huffing spraypaint in a parking lot" stage
@neurovagrant @gsuberland
let's do whippets together to forget everything. -
@neurovagrant @gsuberland
let's do whippets together to forget everything.@da_667 @gsuberland i'm just coming to the conclusion that our problem is we have too many braincells, so it's time to punish them.
-
@neurovagrant @gsuberland
let's do whippets together to forget everything. -
@da_667 @gsuberland i'm just coming to the conclusion that our problem is we have too many braincells, so it's time to punish them.
@neurovagrant @da_667 @gsuberland just remember that punishing brain cells doesn't have to mean punishing your tongue. Get the *good* stuff. On the company card.
-
@da_667 @gsuberland i'm just coming to the conclusion that our problem is we have too many braincells, so it's time to punish them.
@neurovagrant @da_667 @gsuberland minor recreational drug use is not bad and in this economy probably mandatory #moderation #soft cell #precursors
-
*sigh* I'm sad.
I wrote a really cool Windows kernel exploitation challenge for $employer's blog. I put a ton of work into designing and validating it.
just finished triaging the submissions.
almost everyone who submitted a response used an LLM and did no further analysis. none of these submissions solved the fun parts of the challenge.
the few people who didn't obviously use an LLM mostly sent in a 2-3 sentence summary of the bug, and didn't solve the fun parts of the challenge.
@gsuberland
Security research doesn't feel the same after I searched "how to exploit windows" and forgot the n at the end. -
*sigh* I'm sad.
I wrote a really cool Windows kernel exploitation challenge for $employer's blog. I put a ton of work into designing and validating it.
just finished triaging the submissions.
almost everyone who submitted a response used an LLM and did no further analysis. none of these submissions solved the fun parts of the challenge.
the few people who didn't obviously use an LLM mostly sent in a 2-3 sentence summary of the bug, and didn't solve the fun parts of the challenge.
@gsuberland would you feel comfortable linking it? I would like to read it even if I likely can't finish it
-
although if you're the person who cockily submitted the one declaring that it was done autonomously: lol, lmao, reality check time
one person got the Linux challenge correct and then wrote "I'm not a Windows person but I'm really looking forward to seeing the writeup on this" for the Windows challenge.
this was by far my favourite answer and I am pushing to get them some swag to reward having an excellent attitude.
-
@gsuberland would you feel comfortable linking it? I would like to read it even if I likely can't finish it
-
although if you're the person who cockily submitted the one declaring that it was done autonomously: lol, lmao, reality check time
@gsuberland The phenomena of people play acting GAI agents is weird
-
really puts a damper on me wanting to put effort into these in future.
@gsuberland Same with a CTF I built back in '15. Zero interest from anyone who said they'd be interested.
-
@gsuberland oh I do know appsec.guide, will have a look at the WDF specific stuff since I still use WDM in $current_year
Dunno how much of a consolation it is but your efforts are appreciated.
-
@gsuberland oh I do know appsec.guide, will have a look at the WDF specific stuff since I still use WDM in $current_year
Dunno how much of a consolation it is but your efforts are appreciated.
@sharkfie I wrote the majority of the Windows C++ stuff in there, so feel free to poke if you have questions
-
*sigh* I'm sad.
I wrote a really cool Windows kernel exploitation challenge for $employer's blog. I put a ton of work into designing and validating it.
just finished triaging the submissions.
almost everyone who submitted a response used an LLM and did no further analysis. none of these submissions solved the fun parts of the challenge.
the few people who didn't obviously use an LLM mostly sent in a 2-3 sentence summary of the bug, and didn't solve the fun parts of the challenge.
@gsuberland @darthnull I suspect this is the same feelings DMs feel when they write up their homebrew scenarios.....
-
@neurovagrant @da_667 @gsuberland just remember that punishing brain cells doesn't have to mean punishing your tongue. Get the *good* stuff. On the company card.
@rootwyrm @neurovagrant @da_667 @gsuberland Remember that good Jenkem comes from the Jenkem region of the internet, otherwise it's just sparkling poop-gas.
