I was looking for proof of concept code for some IoT botnet stuff, and came across this.

Reply to I was looking for proof of concept code for some IoT botnet stuff, and came across this. on Wed, 15 Apr 2026 20:06:17 GMT

reverseics@infosec.exchange — Wed, 15 Apr 2026 20:06:17 GMT

@da_667 @rootwyrm @Dio9sys @vulncheck they don't appear to store poc, but they do provide links. I'm not sure if they auto-submit links to archive.org or how often they verify that the links are live. interesting questions...

Reply to I was looking for proof of concept code for some IoT botnet stuff, and came across this. on Wed, 15 Apr 2026 19:58:38 GMT

da_667@infosec.exchange — Wed, 15 Apr 2026 19:58:38 GMT

@reverseics @rootwyrm @Dio9sys @vulncheck which is part of why I wrote IoT_Hunter to have a function to submit reference urls for an exploit to the internet archive. Because I'm seriously tired of that shit.

Reply to I was looking for proof of concept code for some IoT botnet stuff, and came across this. on Wed, 15 Apr 2026 19:57:20 GMT

rootwyrm@weird.autos — Wed, 15 Apr 2026 19:57:20 GMT

@da_667 @reverseics @Dio9sys I would straight up guarantee all of the ones sitting at the top of the DDG/Kagi/WTF-even-try results are doing no such thing.

I can spot them from a mile away because they're *ALL* the exact same obvious slop that is literally pure LLM regurgitation with no human review at all.

e.g. Ameeba doesn't even DO that shit, they're allegedly a 'private workspace for modern work' 'built on encrypted identity.' With LLMs and vibe-coding, of course.

Reply to I was looking for proof of concept code for some IoT botnet stuff, and came across this. on Wed, 15 Apr 2026 19:51:31 GMT

da_667@infosec.exchange — Wed, 15 Apr 2026 19:51:31 GMT

@reverseics @rootwyrm @Dio9sys @vulncheck do they actually archive public proof of concept code or something like that? because if they do... IoT exploits are fucking notorious for "I got my CVE number, time for me delete this entire github repo." bullshit.

Reply to I was looking for proof of concept code for some IoT botnet stuff, and came across this. on Wed, 15 Apr 2026 19:34:38 GMT

reverseics@infosec.exchange — Wed, 15 Apr 2026 19:34:38 GMT

@rootwyrm @Dio9sys @da_667 i checked this specific CVE in @vulncheck and I'm happy to report that they report no PoCs for the vuln.

They are a paid service but I suspect 'you get what you pay for' is the name of the game. Free search results? full of slop, because it makes you keep searching.

I only hope they can keep up with all the slop that is incoming, without getting overwhelmed themselves.

Of course if you happen to find one that works, then they are wrong in the other direction ;-). So far though they have been pretty good for identifying vulns that have actual, functioning poc.

Reply to I was looking for proof of concept code for some IoT botnet stuff, and came across this. on Wed, 15 Apr 2026 19:00:22 GMT

rootwyrm@weird.autos — Wed, 15 Apr 2026 19:00:22 GMT

@Dio9sys @da_667 (DDG and Kagi are both very eagerly eating up and aggressively ranking at the top slop sites of every flavor, while pretending reporting it as 'AI generated' will get them to remove it or downrank it.)

Reply to I was looking for proof of concept code for some IoT botnet stuff, and came across this. on Wed, 15 Apr 2026 18:57:47 GMT

rootwyrm@weird.autos — Wed, 15 Apr 2026 18:57:47 GMT

@Dio9sys @da_667 but it's not like Google, DDG, and every other search engine is eating this shit up and promoting these sites, right?
Right?

Reply to I was looking for proof of concept code for some IoT botnet stuff, and came across this. on Wed, 15 Apr 2026 18:57:04 GMT

da_667@infosec.exchange — Wed, 15 Apr 2026 18:57:04 GMT

@Dio9sys this is probably something to put up on my blog to scream about. if only to shit-talk the massive number of orgs doing this.

Reply to I was looking for proof of concept code for some IoT botnet stuff, and came across this. on Wed, 15 Apr 2026 18:56:49 GMT

dio9sys@haunted.computer — Wed, 15 Apr 2026 18:56:49 GMT

@da_667
I hate it so so so bad. That and when dudes post "proof of concept" on github and it's just a markdown file with them guessing at how it might work. Feedly always thinks that those repos are the real mccoy

Reply to I was looking for proof of concept code for some IoT botnet stuff, and came across this. on Wed, 15 Apr 2026 18:55:32 GMT

da_667@infosec.exchange — Wed, 15 Apr 2026 18:55:32 GMT

@Dio9sys aqua security, ameeba, cyfirma, and a few others all just do this shit whereby they either just vomit the exact same description on cve.org, or they'll extrapolate on it with generic and/or sometimes incredibly WRONG advice, or shit a bunch of graphs on to the page that mean NOTHING. hell, one of these "helpful sites" output a "remediation" section that was blurred out. "Pay for remediation advice, nerd."

Reply to I was looking for proof of concept code for some IoT botnet stuff, and came across this. on Wed, 15 Apr 2026 18:51:04 GMT

dio9sys@haunted.computer — Wed, 15 Apr 2026 18:51:04 GMT

@da_667
it's downright infuriating

Reply to I was looking for proof of concept code for some IoT botnet stuff, and came across this. on Wed, 15 Apr 2026 18:45:21 GMT

da_667@infosec.exchange — Wed, 15 Apr 2026 18:45:21 GMT

I'm so fucking tired of websites that just take the slop generated from the NVD and regurgitate it like the worthless slop they are. But shit like this? where they just fucking make up a proof of concept? Nah. Get absolutely fucked.