RE//verse 2026 talks are live on YouTube! Want to revisit a talk or catch the ones you missed? The full playlist is now available:
youtube.com/playlist?lis...

For the Love of the Game: DistrictCon's Year 1 Junkyard Notes from judging DistrictCon's Junkyard Year 1 — a Pwn2Own-style exploit contest targeting end-of-life devices. Disco balls, DNA sequencers, gym treadmills, and self-propagating game worms. Includes...

Junkyard was an absolute pleasure to host again, it was awesome to see it take off... we even had a Roller Coaster Tycoon exploit this year!

In case you missed the show, @caseyjohnellis gave a great writeup of the EOL targets and exploits shared: cje.io/2026/02/07/f...

screenshot of VSCode's integrated terminal auto-suggest

VSCode has leaned forward on a lot of fantastic usability enhancements...

But their recent "terminal autocomplete suggestion" setting has definitely been a mixed bag for me (distracting and suggests bad completions).

To disable: settings > "terminal suggest" and uncheck

Screenshot of the 3D repository visualizer showing AIxCC challenge code and associated bug

Want to see the vulnerabilities added for AIxCC?

Interested in seeing how well-known C & Java repositories differ in structure/distribution of code?

Check out the interactive repo visualizer we made for exploring the scale & detail of AIxCC challenges: archive.aicyberchallenge.com/repoviz/

The Beast Opens its Eye: AI at LiveCTF 2025 In the most recent LiveCTF event, we witnessed a turning point: a player brought a custom AI bot that beat both human competitors to the punch… and in the two matches that the bot won, it wasn’t even ...

Finally ran my own experiment on 2 LiveCTF challenges after seeing an AI bot beat top players on them.

Granted, these are the 2 we saw AI solve, but I was still surprised by the success of current models with a single prompt.

Sharing so others can try it themselves: seeinglogic.com/posts/livect...

GitHub - Team-Atlanta/aixcc-afc-atlantis Contribute to Team-Atlanta/aixcc-afc-atlantis development by creating an account on GitHub.

Team Atlanta's report explains how their CRS took first in AIxCC: team-atlanta.github.io/papers/TR-Te...

And you can just read the code! github.com/Team-Atlanta...

The report covers a ton: LLM usage, orchestration, and patching... but really shines in its coverage of practical fuzzing issues.

What The Hack? · Luma Chris 'flyingtoasters' Holt will host a virtual happy hour to kick off cyber security awareness month, and start the final countdown for Junkyard submissions.…

Interested in Submitting to Junkyard? Want to hang out with fellow researches? Workshopping ideas? Come hang out with the Junkyard Team for a Virtual Happy Hour!

Wednesday October 1, 8pm ET (5pm PT) (1, maybe 2 hours?)

RSVP: luma.com/949joy6c

ICYMI: 5 systems built to compete in DARPA's AI Cyber Challenge are now Open Source: archive.aicyberchallenge.com

Everything from prompt templates, to terraform code, to implementations of very recent research techniques, it's all there.

Our Call for Papers is officially OPEN!

We are looking for
- Hacking Magic 👾🪄 (cool research, novel TTPs, tool releases, etc.)
- Policy Roundtable Topics ⚖️ (specific cyber topics focused on geopolitics, ethics, legal frameworks, governance, etc.)

www.districtcon.org/cfp

districtcon.org/junkyard Call for Bugs is still open! Initial submissions close on Oct 24 - submit your best bug in an old deprecated system today 🐛

Cover art from the DEF CON special hardcopy release of Phrack issue #72.

The #defcon hardcopy of @phrack.org is a thing of beauty!

As usual, the content has excellent technical depth & spirit... I really felt a connection reading Orange Tsai's musings on CTF and his role as a "bug archeologist."

Hats off to everyone involved; it will always have a spot on my bookshelf.

Logo for LiveCTF (livectf.com)

If you're not at #defcon right now and feeling some CTF FOMO, you can still tune in and watch the semifinal and final matches of LiveCTF at livectf.com

Scroll down for a bracket with matches in your local time, and tune in!

Live-streamed head-to-head speed CTF sidecar to the DEF CON CTF... it's gonna be awesome!

If you’re headed to DEF CON, don’t miss the AIxCC exhibit.

Not just to see me; though I’ll be there and at LiveCTF...

But to meet with some great minds in AI/cybersecurity space, and hear how the data from the competition will might drive a lot of future research.

But yes, also come by to see me!

Just got back from speaking at @summerc0n.bsky.social which was great fun!

They really have a unique vibe that's only possible from a small conference with a loyal following.

Personally I appreciate the conference's sense of style and personality, and their meme game is impeccable! 😂

Extremely interesting comparisons in cybersecurity...

The 1️⃣ thing to focus on? Talent.

Talented people have outsize impacts in software and cybersecurity. And expertise drives better policy (eventually)!

Pipelines to build more experts pay compounding returns.

seeinglogic and zardus talk about getting into the cybersecurity industry YouTube video by pwn.college

Had a great time talking with @zardus.bsky.social about getting started in cybersecurity: www.youtube.com/watch?v=n9QW...

Primary thrust: Try something that interests you, then keep trying things.

Every time, you'll either succeed, learn something, or meet new people, and this builds over time.

Dear Bluesky friends: where do you buy hacker shirts?

Looking for something fresh, and there's definitely a line between cool and trying too hard.

🚨 CALLING ALL VULNERABILITY RESEARCHERS 🚨

The Junkyard is officially open!

This is our live, on-stage pwnathon dedicated to end-of-life systems. Submit your bugs!

Prizes range from $100 to $5,000 for categories like:
☄️ Most Impactful System
👾 Best Meme Target
👏 Most Engaging Presentation

[iOS][globalization] Implement CompareInfo.Version for hybrid globalization by Copilot · Pull Request #115762 · dotnet/runtime Issue Currently, CompareInfo.Version throws a PlatformNotSupportedException on iOS/macCatalyst when running in hybrid globalization mode. This implementation provides the Unicode version informatio...

Someone said to me recently "we're going to need people to babysit LLMs that do the work people used to do"...

And my knee-jerk response was "I dunno, that sounds like a certain kind of hell to me."

Apparently some folks are already testing the waters... github.com/dotnet/runti...

We're thrilled to announce we're coming back for DistrictCon Year 1!

🗓️ Jan 24-25, 2026
📍Capitol Hilton

Early bird tickets will be sold in September, and GA tickets in November! Call for Talks, Policy roundtables, and Bugs coming soon 😎

www.districtcon.org

Pattern in the Noise: Structured Fuzzing with Python “What happens if I need to fuzz something that doesn’t take strings or buffers as inputs” is the question I’ve come to dislike most when talking to people about fuzzing.

Wrapping up my posts on Python #fuzzing by going through different ways to generate structured/complex inputs: seeinglogic.com/posts/struct...

I focused on Python because there isn't as much written on it, but the concepts apply to any language and across tools!

Skip the hype, watch top CTF players for whether LLMs are changing the game (or not).

@hgarrereyn.bsky.social tells it like it is and shares his code to boot 👏

GitHub - Live-CTF/LiveCTF-DEFCON33 Contribute to Live-CTF/LiveCTF-DEFCON33 development by creating an account on GitHub.

@livectf.bsky.social just posted their challenges and the solutions from the DEF CON quals: github.com/Live-CTF/Liv...

This means 6⃣ challenges to replay, with solutions from some of the best CTF teams in the world.

Challenge-4 (sokobin) lets you push bits around on the stack to get the flag 🤯

LiveCTF Past events:

*tap*, *tap* This thing on?

It's that time again! Prepare yourself for another DEF CON CTF qualifiers with a LiveCTF component this weekend! Thanks to @Nautilus_CTF for having us back and running another year! Keep an eye out here and at livectf.com for more details.

Enjoyed this deep-dive on attempting to exploit AIxCC's NGINX heap bugs: roundofthree.github.io/posts/nginx-...

Dense material, but enjoyed that they:
- Gave detailed allocator comparison
- Tried application-specific approaches
- Combined bug primitives
- Used a now-public vulnerability dataset!

Thanks for kind words, and thank you for reading!

It has been a minute since I wrote this, and you bring up a good point with LLMs being much more present in the coding environment now than when I wrote it. Maybe worth revisiting!

Heard a lot of people wondering how good RE//Verse
would be, and I can say...

It's been awesome.

Similar in vibe to Infiltrate and OffensiveCon, plus a super positive hosting crew.

Great talks so far, I'm biased but really liked @mahal0z.bsky.social 's on improving decompilation ⛵

What an amazing crew, everyone was great and a pleasure to work with.

Unbelievable resolve and effort... to run a con with the lights out!

GitHub - seeinglogic/ariadne: Ariadne: Binary Ninja Graph Analysis Plugin Ariadne: Binary Ninja Graph Analysis Plugin. Contribute to seeinglogic/ariadne development by creating an account on GitHub.

Just pushed an update to Ariadne that makes it compatible with Binary Ninja's dev branch.

Thanks to unknowntrojan on GitHub for the PR!

github.com/seeinglogic/...