@da_667 @gsuberland i'm just coming to the conclusion that our problem is we have too many braincells, so it's time to punish them.

*sigh* I'm sad.

I wrote a really cool Windows kernel exploitation challenge for $employer's blog. I put a ton of work into designing and validating it.

just finished triaging the submissions.

almost everyone who submitted a response used an LLM and did no further analysis. none of these submissions solved the fun parts of the challenge.

the few people who didn't obviously use an LLM mostly sent in a 2-3 sentence summary of the bug, and didn't solve the fun parts of the challenge.

*sigh* I'm sad.

I wrote a really cool Windows kernel exploitation challenge for $employer's blog. I put a ton of work into designing and validating it.

just finished triaging the submissions.

almost everyone who submitted a response used an LLM and did no further analysis. none of these submissions solved the fun parts of the challenge.

the few people who didn't obviously use an LLM mostly sent in a 2-3 sentence summary of the bug, and didn't solve the fun parts of the challenge.

although if you're the person who cockily submitted the one declaring that it was done autonomously: lol, lmao, reality check time

@gsuberland would you feel comfortable linking it? I would like to read it even if I likely can't finish it

although if you're the person who cockily submitted the one declaring that it was done autonomously: lol, lmao, reality check time

really puts a damper on me wanting to put effort into these in future.

@sharkfie https://blog.trailofbits.com/2026/04/09/master-c-and-c-with-our-new-testing-handbook-chapter/

@gsuberland oh I do know appsec.guide, will have a look at the WDF specific stuff since I still use WDM in $current_year

Dunno how much of a consolation it is but your efforts are appreciated.

*sigh* I'm sad.

I wrote a really cool Windows kernel exploitation challenge for $employer's blog. I put a ton of work into designing and validating it.

just finished triaging the submissions.

almost everyone who submitted a response used an LLM and did no further analysis. none of these submissions solved the fun parts of the challenge.

the few people who didn't obviously use an LLM mostly sent in a 2-3 sentence summary of the bug, and didn't solve the fun parts of the challenge.

@neurovagrant @da_667 @gsuberland just remember that punishing brain cells doesn't have to mean punishing your tongue. Get the *good* stuff. On the company card.

@gsuberland @darthnull I suspect this is the same feelings DMs feel when they write up their homebrew scenarios.....

one person got the Linux challenge correct and then wrote "I'm not a Windows person but I'm really looking forward to seeing the writeup on this" for the Windows challenge.

this was by far my favourite answer and I am pushing to get them some swag to reward having an excellent attitude.

@gsuberland As someone who does windows EXE ctfs with wine (and strace and gdb), I am so liking this person.