I already checked ahead of time that an LLM couldn't solve it, because I knew that people would try it.

really puts a damper on me wanting to put effort into these in future.

*sigh* I'm sad.

I wrote a really cool Windows kernel exploitation challenge for $employer's blog. I put a ton of work into designing and validating it.

just finished triaging the submissions.

almost everyone who submitted a response used an LLM and did no further analysis. none of these submissions solved the fun parts of the challenge.

the few people who didn't obviously use an LLM mostly sent in a 2-3 sentence summary of the bug, and didn't solve the fun parts of the challenge.

really puts a damper on me wanting to put effort into these in future.

@gsuberland Bummer. Half the fun of making challenges is seeing others have fun with it (and the other half is seeing them learn from the experience).

Sounds like you got very little of either.

@gsuberland motivated to do some work

open up RSS feed

every fucking story for the past week is AI horse shit.

eyes the bottle of vodka in the kitchen

@darthnull yeah it's pretty demotivating to see people lacking the curiosity to experiment and learn when someone gives them an opportunity to do so.

in fact the answers I appreciated the most were the few that said "I have no idea but I'm looking forward to reading the writeup".

@da_667 @gsuberland i'm past the vodka and nearing the "huffing spraypaint in a parking lot" stage

@neurovagrant @gsuberland let's do whippets together to forget everything.

@neurovagrant @gsuberland let's do whippets together to forget everything.

@da_667 @gsuberland i'm just coming to the conclusion that our problem is we have too many braincells, so it's time to punish them.

@da_667 @gsuberland i'm just coming to the conclusion that our problem is we have too many braincells, so it's time to punish them.

*sigh* I'm sad.

I wrote a really cool Windows kernel exploitation challenge for $employer's blog. I put a ton of work into designing and validating it.

just finished triaging the submissions.

almost everyone who submitted a response used an LLM and did no further analysis. none of these submissions solved the fun parts of the challenge.

the few people who didn't obviously use an LLM mostly sent in a 2-3 sentence summary of the bug, and didn't solve the fun parts of the challenge.

*sigh* I'm sad.

I wrote a really cool Windows kernel exploitation challenge for $employer's blog. I put a ton of work into designing and validating it.

just finished triaging the submissions.

almost everyone who submitted a response used an LLM and did no further analysis. none of these submissions solved the fun parts of the challenge.

the few people who didn't obviously use an LLM mostly sent in a 2-3 sentence summary of the bug, and didn't solve the fun parts of the challenge.

although if you're the person who cockily submitted the one declaring that it was done autonomously: lol, lmao, reality check time

@gsuberland would you feel comfortable linking it? I would like to read it even if I likely can't finish it

although if you're the person who cockily submitted the one declaring that it was done autonomously: lol, lmao, reality check time

really puts a damper on me wanting to put effort into these in future.

@sharkfie https://blog.trailofbits.com/2026/04/09/master-c-and-c-with-our-new-testing-handbook-chapter/

@gsuberland oh I do know appsec.guide, will have a look at the WDF specific stuff since I still use WDM in $current_year

Dunno how much of a consolation it is but your efforts are appreciated.