Richard Johnson
@richinseattle.bsky.social
Fuzzing; Vulnerability Research;
Deep Learning; Reverse Engineering
Training & Publications @ http://fuzzing.io
Hacking the planet since 1995
Undercurrents.io BOFH
I'll stop the world and melt with you
Deep Learning; Reverse Engineering
Training & Publications @ http://fuzzing.io
Hacking the planet since 1995
Undercurrents.io BOFH
I'll stop the world and melt with you
Well the initial vibe check isn’t great but I need a larger sample set. QwenCoder 2.5 did an okay zero shot but since it's not a thinking model I followed up with a prompt of "are there any bugs in the harness?" and it went off the rails producing incoherent output
March 14, 2025 at 4:00 AM
Well the initial vibe check isn’t great but I need a larger sample set. QwenCoder 2.5 did an okay zero shot but since it's not a thinking model I followed up with a prompt of "are there any bugs in the harness?" and it went off the rails producing incoherent output
Generated a few fuzz harnesses using new local models, OlympicCoder was best, fixing own bugs zero-shot & few hallucinations
Open R1 OlympicCoder 32B
DeepSeek R1 Distill Qwen 32B
QwQ 32B
Gemma-3-27b-it
All 4bit quant. Coder was by bartowski, the rest were Unsloth dynamic quant
Open R1 OlympicCoder 32B
DeepSeek R1 Distill Qwen 32B
QwQ 32B
Gemma-3-27b-it
All 4bit quant. Coder was by bartowski, the rest were Unsloth dynamic quant
March 13, 2025 at 4:19 AM
Generated a few fuzz harnesses using new local models, OlympicCoder was best, fixing own bugs zero-shot & few hallucinations
Open R1 OlympicCoder 32B
DeepSeek R1 Distill Qwen 32B
QwQ 32B
Gemma-3-27b-it
All 4bit quant. Coder was by bartowski, the rest were Unsloth dynamic quant
Open R1 OlympicCoder 32B
DeepSeek R1 Distill Qwen 32B
QwQ 32B
Gemma-3-27b-it
All 4bit quant. Coder was by bartowski, the rest were Unsloth dynamic quant
My new APPLIED DEEP LEARNING AI FOR CYBERSECURITY training class is now available for sign ups at @reconmtl for 5500 CAD ($3838 USD) early bird pricing
Full syllabus and registration here:
recon.cx/2025/trainin...
Full syllabus and registration here:
recon.cx/2025/trainin...
February 10, 2025 at 11:08 PM
My new APPLIED DEEP LEARNING AI FOR CYBERSECURITY training class is now available for sign ups at @reconmtl for 5500 CAD ($3838 USD) early bird pricing
Full syllabus and registration here:
recon.cx/2025/trainin...
Full syllabus and registration here:
recon.cx/2025/trainin...
My Applied Deep Learning AI for Cybersecurity training will be at RECON’s 20th anniversary con! I have a fuzzing harness gen section but will also cover model training/tuning & AI agents w/ applications in malware, RE, bug hunting, and web app pen-testing. There are also 3 other fuzzing trainings!
February 8, 2025 at 1:17 AM
My Applied Deep Learning AI for Cybersecurity training will be at RECON’s 20th anniversary con! I have a fuzzing harness gen section but will also cover model training/tuning & AI agents w/ applications in malware, RE, bug hunting, and web app pen-testing. There are also 3 other fuzzing trainings!
Mount up, time to ride!
January 28, 2025 at 7:29 PM
Mount up, time to ride!
New Year, New Life.
January 6, 2025 at 7:47 PM
New Year, New Life.
Did anyone else get a blue box for Christmas?
December 24, 2024 at 7:32 AM
Did anyone else get a blue box for Christmas?
I need some 2d sprite animations for a project. Dall-e knows what that means but is being stubborn. Anyone know a good resource besides fiverr?
December 9, 2024 at 5:18 AM
I need some 2d sprite animations for a project. Dall-e knows what that means but is being stubborn. Anyone know a good resource besides fiverr?
Polymorphic Log4J exploit that is a valid JSON REST API request (credit tw:@d0znpp)
November 26, 2024 at 2:54 AM
Polymorphic Log4J exploit that is a valid JSON REST API request (credit tw:@d0znpp)
Dario Amodi (Anthropic CEO) on forging your own path and hiring a great team
lexfridman.com/dario-amodei...
www.youtube.com/watch?v=ugvH...
lexfridman.com/dario-amodei...
www.youtube.com/watch?v=ugvH...
November 19, 2024 at 3:38 AM
Dario Amodi (Anthropic CEO) on forging your own path and hiring a great team
lexfridman.com/dario-amodei...
www.youtube.com/watch?v=ugvH...
lexfridman.com/dario-amodei...
www.youtube.com/watch?v=ugvH...
NIST enumerates hardware threat models with 98 different failure scenarios
www.nist.gov/publications...
www.nist.gov/publications...
November 19, 2024 at 1:48 AM
NIST enumerates hardware threat models with 98 different failure scenarios
www.nist.gov/publications...
www.nist.gov/publications...
The 3rd segment of @lexfridman.bsky.social's podcast with Anthropic AI focuses on mechanistic interpretability - the analysis of what weights in a model are activated by a particular input. Part of it mentions identifying weights that map to vulnerabilities and backdoors
youtu.be/ugvHCXCOmm4?...
youtu.be/ugvHCXCOmm4?...
November 19, 2024 at 12:31 AM
The 3rd segment of @lexfridman.bsky.social's podcast with Anthropic AI focuses on mechanistic interpretability - the analysis of what weights in a model are activated by a particular input. Part of it mentions identifying weights that map to vulnerabilities and backdoors
youtu.be/ugvHCXCOmm4?...
youtu.be/ugvHCXCOmm4?...
piping websocat to jq had weird buffering, so here's an ugly bash oneliner that infinitely listens to jetstream for some seconds, writing identity records to a file, then processing them to add bidirectional mappings for DID and Handle to redis
gist.github.com/richinseattl...
gist.github.com/richinseattl...
November 18, 2024 at 9:43 AM
piping websocat to jq had weird buffering, so here's an ugly bash oneliner that infinitely listens to jetstream for some seconds, writing identity records to a file, then processing them to add bidirectional mappings for DID and Handle to redis
gist.github.com/richinseattl...
gist.github.com/richinseattl...
This is a fair critique of the current state of decentralization for Bluesky that made front page of hackernews. One of the key points here is the did->handle mapping is owned by Bluesky but that's easy enough to recover yourself, dump this to CSV or redis cache
November 18, 2024 at 7:54 AM
This is a fair critique of the current state of decentralization for Bluesky that made front page of hackernews. One of the key points here is the did->handle mapping is owned by Bluesky but that's easy enough to recover yourself, dump this to CSV or redis cache
For fun, here's the screenshot from the movie referencing the crc32 vuln. The paper was this one: phrack.org/issues/63/13...
November 11, 2024 at 12:19 PM
For fun, here's the screenshot from the movie referencing the crc32 vuln. The paper was this one: phrack.org/issues/63/13...
If you see this post a robot. Enjoy this ansi collab from me and @level2hree.bsky.social done remotely via multiplexed Moebius ANSI software during covid Toorcamp :)
November 11, 2024 at 11:34 AM
If you see this post a robot. Enjoy this ansi collab from me and @level2hree.bsky.social done remotely via multiplexed Moebius ANSI software during covid Toorcamp :)
While others say it should have been the dog from Duck Hunt!
November 11, 2024 at 7:05 AM
While others say it should have been the dog from Duck Hunt!
I probably should have learned awk at some point..
November 9, 2024 at 1:44 AM
I probably should have learned awk at some point..
Merge entire repos into a single file for use with LLMs or other single file/module program analysis tools.
November 1, 2024 at 11:49 PM
Merge entire repos into a single file for use with LLMs or other single file/module program analysis tools.
Uninformed was later hosted on the same IP, skape and I kicked that off together. It's public knowledge that goatse, dms100/worksucks, dolphinsex, etc were the work of merl1n. Rizo was technically the admin of the box I think. It all ties back to friends hangin out in KC and on irc :)
May 9, 2023 at 5:11 AM
Uninformed was later hosted on the same IP, skape and I kicked that off together. It's public knowledge that goatse, dms100/worksucks, dolphinsex, etc were the work of merl1n. Rizo was technically the admin of the box I think. It all ties back to friends hangin out in KC and on irc :)
Continuing my path to trustworthy LLMs.. search wiki extract embeddings to find candidates, then retrieve the full article and performs its own summary using DistilBART. You can directly ask it questions instead of having a good keyword match like on wikipedia's normal search
May 2, 2023 at 11:20 PM
Continuing my path to trustworthy LLMs.. search wiki extract embeddings to find candidates, then retrieve the full article and performs its own summary using DistilBART. You can directly ask it questions instead of having a good keyword match like on wikipedia's normal search