banner
seeinglogic.bsky.social
Mark Griffin
@seeinglogic.bsky.social
58 followers 40 following 30 posts
Dev/hacker | Improving human understanding of code | A picture's worth 1KLOC
Posts Media Videos Starter Packs
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · 9d
Finally ran my own experiment on 2 LiveCTF challenges after seeing an AI bot beat top players on them.

Granted, these are the 2 we saw AI solve, but I was still surprised by the success of current models with a single prompt.

Sharing so others can try it themselves: seeinglogic.com/posts/livect...
The Beast Opens its Eye: AI at LiveCTF 2025
In the most recent LiveCTF event, we witnessed a turning point: a player brought a custom AI bot that beat both human competitors to the punch… and in the two matches that the bot won, it wasn’t even ...
seeinglogic.com
3
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · 18d
Team Atlanta's report explains how their CRS took first in AIxCC: team-atlanta.github.io/papers/TR-Te...

And you can just read the code! github.com/Team-Atlanta...

The report covers a ton: LLM usage, orchestration, and patching... but really shines in its coverage of practical fuzzing issues.
GitHub - Team-Atlanta/aixcc-afc-atlantis
Contribute to Team-Atlanta/aixcc-afc-atlantis development by creating an account on GitHub.
github.com
Reposted by Mark Griffin
districtcon.bsky.social
DistrictCon @districtcon.bsky.social · 21d
Interested in Submitting to Junkyard? Want to hang out with fellow researches? Workshopping ideas? Come hang out with the Junkyard Team for a Virtual Happy Hour!

Wednesday October 1, 8pm ET (5pm PT) (1, maybe 2 hours?)

RSVP: luma.com/949joy6c
What The Hack? · Luma
Chris 'flyingtoasters' Holt will host a virtual happy hour to kick off cyber security awareness month, and start the final countdown for Junkyard submissions.…
luma.com
4 3
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Aug 19
ICYMI: 5 systems built to compete in DARPA's AI Cyber Challenge are now Open Source: archive.aicyberchallenge.com

Everything from prompt templates, to terraform code, to implementations of very recent research techniques, it's all there.
AIxCC Competition Archive | AIxCC Competition Archive
The comprehensive archive of DARPA's Artificial Intelligence Cyber Challenge
archive.aicyberchallenge.com
1 1
Reposted by Mark Griffin
districtcon.bsky.social
DistrictCon @districtcon.bsky.social · Aug 15
Our Call for Papers is officially OPEN!

We are looking for
- Hacking Magic 👾🪄 (cool research, novel TTPs, tool releases, etc.)
- Policy Roundtable Topics ⚖️ (specific cyber topics focused on geopolitics, ethics, legal frameworks, governance, etc.)

www.districtcon.org/cfp
1 9 13
Reposted by Mark Griffin
districtcon.bsky.social
DistrictCon @districtcon.bsky.social · Aug 13
districtcon.org/junkyard Call for Bugs is still open! Initial submissions close on Oct 24 - submit your best bug in an old deprecated system today 🐛
5 4
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Aug 12
The #defcon hardcopy of @phrack.org is a thing of beauty!

As usual, the content has excellent technical depth & spirit... I really felt a connection reading Orange Tsai's musings on CTF and his role as a "bug archeologist."

Hats off to everyone involved; it will always have a spot on my bookshelf.
Cover art from the DEF CON special hardcopy release of Phrack issue #72.
6
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Aug 10
If you're not at #defcon right now and feeling some CTF FOMO, you can still tune in and watch the semifinal and final matches of LiveCTF at livectf.com

Scroll down for a bracket with matches in your local time, and tune in!
Logo for LiveCTF (livectf.com)
1 2
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Aug 8
Live-streamed head-to-head speed CTF sidecar to the DEF CON CTF... it's gonna be awesome!
livectf.bsky.social
livectf.bsky.social @livectf.bsky.social · Aug 7
Who's ready for hacker summer camp?! The LiveCTF team is excited to be joining Nautilus Institute again for the DEF CON CTF finals starting tomorrow! Check out the schedule showing our streaming links and live bracket!

livectf.com
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Aug 4
If you’re headed to DEF CON, don’t miss the AIxCC exhibit.

Not just to see me; though I’ll be there and at LiveCTF...

But to meet with some great minds in AI/cybersecurity space, and hear how the data from the competition will might drive a lot of future research.

But yes, also come by to see me!
1
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Jul 15
Just got back from speaking at @summerc0n.bsky.social which was great fun!

They really have a unique vibe that's only possible from a small conference with a loyal following.

Personally I appreciate the conference's sense of style and personality, and their meme game is impeccable! 😂
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Jun 25
Extremely interesting comparisons in cybersecurity...

The 1️⃣ thing to focus on? Talent.

Talented people have outsize impacts in software and cybersecurity. And expertise drives better policy (eventually)!

Pipelines to build more experts pay compounding returns.
winnona.bsky.social
Winnona @winnona.bsky.social · Jun 25
🚨 NEW PAPER on the 0day Supply Chain 🚨:
I gathered open source data & interviewed Gov employees, VR and china researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China.

key findings below ⬇️- 0/🧵 
www.atlanticcouncil.org/in-depth-res...
Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace
If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.
www.atlanticcouncil.org
1 3
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Jun 20
Had a great time talking with @zardus.bsky.social about getting started in cybersecurity: www.youtube.com/watch?v=n9QW...

Primary thrust: Try something that interests you, then keep trying things.

Every time, you'll either succeed, learn something, or meet new people, and this builds over time.
seeinglogic and zardus talk about getting into the cybersecurity industry
YouTube video by pwn.college
www.youtube.com
1 1
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Jun 6
Dear Bluesky friends: where do you buy hacker shirts?

Looking for something fresh, and there's definitely a line between cool and trying too hard.
Reposted by Mark Griffin
districtcon.bsky.social
DistrictCon @districtcon.bsky.social · May 28
🚨 CALLING ALL VULNERABILITY RESEARCHERS 🚨

The Junkyard is officially open!

This is our live, on-stage pwnathon dedicated to end-of-life systems. Submit your bugs!

Prizes range from $100 to $5,000 for categories like:
☄️ Most Impactful System
👾 Best Meme Target
👏 Most Engaging Presentation
1 18 20
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · May 22
Someone said to me recently "we're going to need people to babysit LLMs that do the work people used to do"...

And my knee-jerk response was "I dunno, that sounds like a certain kind of hell to me."

Apparently some folks are already testing the waters... github.com/dotnet/runti...
[iOS][globalization] Implement CompareInfo.Version for hybrid globalization by Copilot · Pull Request #115762 · dotnet/runtime
Issue Currently, CompareInfo.Version throws a PlatformNotSupportedException on iOS/macCatalyst when running in hybrid globalization mode. This implementation provides the Unicode version informatio...
github.com
1
Reposted by Mark Griffin
districtcon.bsky.social
DistrictCon @districtcon.bsky.social · May 6
We're thrilled to announce we're coming back for DistrictCon Year 1!

🗓️ Jan 24-25, 2026
📍Capitol Hilton

Early bird tickets will be sold in September, and GA tickets in November! Call for Talks, Policy roundtables, and Bugs coming soon 😎

www.districtcon.org
DistrictCon
www.districtcon.org
12 24
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Apr 28
Wrapping up my posts on Python #fuzzing by going through different ways to generate structured/complex inputs: seeinglogic.com/posts/struct...

I focused on Python because there isn't as much written on it, but the concepts apply to any language and across tools!
Pattern in the Noise: Structured Fuzzing with Python
“What happens if I need to fuzz something that doesn’t take strings or buffers as inputs” is the question I’ve come to dislike most when talking to people about fuzzing.
seeinglogic.com
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Apr 23
Skip the hype, watch top CTF players for whether LLMs are changing the game (or not).

@hgarrereyn.bsky.social tells it like it is and shares his code to boot 👏
hgarrereyn.bsky.social
hgarrereyn.bsky.social @hgarrereyn.bsky.social · Apr 17
POC code is available here: github.com/hgarrereyn/...
GitHub - hgarrereyn/nfuncs-agent: Proof of concept agentic solver for nfuncs from DEF CON Quals 2025
Proof of concept agentic solver for nfuncs from DEF CON Quals 2025 - hgarrereyn/nfuncs-agent
github.com
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Apr 16
@livectf.bsky.social just posted their challenges and the solutions from the DEF CON quals: github.com/Live-CTF/Liv...

This means 6⃣ challenges to replay, with solutions from some of the best CTF teams in the world.

Challenge-4 (sokobin) lets you push bits around on the stack to get the flag 🤯
GitHub - Live-CTF/LiveCTF-DEFCON33
Contribute to Live-CTF/LiveCTF-DEFCON33 development by creating an account on GitHub.
github.com
1 2
Reposted by Mark Griffin
livectf.bsky.social
livectf.bsky.social @livectf.bsky.social · Apr 10
*tap*, *tap* This thing on?

It's that time again! Prepare yourself for another DEF CON CTF qualifiers with a LiveCTF component this weekend! Thanks to @Nautilus_CTF for having us back and running another year! Keep an eye out here and at livectf.com for more details.
LiveCTF
Past events:
livectf.com
3 4
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Mar 30
Enjoyed this deep-dive on attempting to exploit AIxCC's NGINX heap bugs: roundofthree.github.io/posts/nginx-...

Dense material, but enjoyed that they:
- Gave detailed allocator comparison
- Tried application-specific approaches
- Combined bug primitives
- Used a now-public vulnerability dataset!
Exploitation of AIxCC Nginx bugs: Part I
This blog post will analyse the exploitability of the temporal safety vulnerabilities in Nginx AIxCC. AIxCC is a DARPA competition to find vulnerabilities in codebases using AI. The competitors are no...
roundofthree.github.io
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Mar 11
Thanks for kind words, and thank you for reading!

It has been a minute since I wrote this, and you bring up a good point with LLMs being much more present in the coding environment now than when I wrote it. Maybe worth revisiting!
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Feb 28
Heard a lot of people wondering how good RE//Verse
would be, and I can say...

It's been awesome.

Similar in vibe to Infiltrate and OffensiveCon, plus a super positive hosting crew.

Great talks so far, I'm biased but really liked @mahal0z.bsky.social 's on improving decompilation ⛵
1 5
seeinglogic.bsky.social
Mark Griffin @seeinglogic.bsky.social · Feb 23
What an amazing crew, everyone was great and a pleasure to work with.

Unbelievable resolve and effort... to run a con with the lights out!
districtcon.bsky.social
DistrictCon @districtcon.bsky.social · Feb 22
That’s a wrap on DistrictCon Year 0! Thank you to all of our attendees, sponsors, speakers, and villages! We are so proud of to be part of the hacker community in DC!

Peace & love,
DisCo Team 🪩💕💙
1