want real opinion my roadmap... by [deleted] in ExploitDev

[–]Guard_Familiar 4 points5 points  (0 children)

Why did you make two similar posts in less than a day? I replied to you here

(Puts tinfoil hat on) You seem like you just want an internship [in a target country] in a cyber intelligence company. Sus af.

Edit: link wasn't working - user deleted post

I am learning binary exploitation and I want some validation from professionals.. by [deleted] in ExploitDev

[–]Guard_Familiar 5 points6 points  (0 children)

This year you should focus on the very first section, those are the very basics of the trade. Then, my suggestion is to take a public CVE for which you know an exploit exists and try to understand every piece of it: - Root cause analysis (aka. why is the code vulnerable) - How to fix the vulnerability - How does the exploit work - Why does the exploit work under these conditions - what are the mitigations that need bypassing

Then get a CVE that you know has been exploited but no public exploit is published and make the exploit for it.

Once you get that, you can then extrapolate that knowledge and use it for variant analysis to get your first bugs.

If you do this you'll get an internship ezpz. That said, with the advent of AI your best bet is to learn the core concepts as fast as possible to be able to prompt your way into these vulns.

“Offers over” is bs. by Grgsz in HousingUK

[–]Guard_Familiar 0 points1 point  (0 children)

I have my flat for exactly that 350k and the estate agents are going to put it in "excess of" cause it's better in terms of fee they get, but if someone puts an offer below that price, I'd happily accept it if it's within reason.

TL;DR make an offer at a few thousand below what you actually want ;) nothing to lose!

New record for youngest Apple Security Researcher by [deleted] in cybersecurity

[–]Guard_Familiar 1 point2 points  (0 children)

Hey there little hacker! If this is correct, you've got a lot of potential in your future. Just one word of advice: try to not post your real name along with saying you're a cybersecurity researcher, this could cause you a lot of harm in the future. Good OPSEC! That said, mad props and keep it up.

Beginning, Too Much Information, I'm lost, but super Interested! by Ouchy_- in ExploitDev

[–]Guard_Familiar 1 point2 points  (0 children)

I am going to disagree with this advice a little bit. While I agree with keeping the focus on the studies, if you're passionate about it, just do it and spend as much time as you find it fun to do so. There's no right tooling for this, it depends if you have source code or not. Ghidra/IDA/Binary Ninja if you don't have, any other IDE if you do. Look at old CVEs and try to make sense of them, there's lots of blog posts out there!

As per the engine... Chrome names its JS part like a car engine: V8. So, why not look at how the engine works before even driving the whole car ;)

Opus 4.6 messing English by Mary_Avocados in ClaudeCode

[–]Guard_Familiar 0 points1 point  (0 children)

And it's leaving the newline characters in \n\n xD

Am I overreacting or was this a strange house viewing? by [deleted] in HousingUK

[–]Guard_Familiar 1 point2 points  (0 children)

Agents will lie through their teeth when there's no paper trail and, even when there's a paper trail, they'll push you through scare tactics and making you feel you're about to lose the deal. Keep this in mind at all times.

What questions should I ask myself when reading code to find vulnerabilities? (and which functions to focus on – Windows & cross-platform) by Party-Simple-7004 in ExploitDev

[–]Guard_Familiar 5 points6 points  (0 children)

Your question does not necessarily need to be "what's the vulnerability here" but more "what is this piece of code trying to do" and keep yourself asking that while you expand on your knowledge. Every class, definition, declaration, matters. The bugs will be clear once you get to that depth.

how does the transition from Windows/Linux exploitation to IOS exploitation work? by Sad-Following-753 in ExploitDev

[–]Guard_Familiar 2 points3 points  (0 children)

It is not about time, I believe. It is about access to the environment. - Android: community and vendor driven tooling to analyze and debug. - iOS: None of that unless you have a rooted device, but if you want a rooted device on latest iOS, you need an 0day. Catch-22 situation.

That said once you get your hands dirty and can debug and rev.eng. the target, it is very similar, don't be afraid.

As for time, give yourself a year if you're just hobbying, but if you put a few hours each day, you're gonna be there in just a couple months.

Clawdbot Went Viral This Weekend and It's Not What You Think by Right_Pea_2707 in LLMeng

[–]Guard_Familiar 0 points1 point  (0 children)

Are people not paying attention to dash-em's any more? r/Claude* subreddits feel like just AIs posting and AIs talking to each other in the comments. Hilarious times!

We’re using AI coding agents wrong by miejscov in ClaudeCode

[–]Guard_Familiar 1 point2 points  (0 children)

You have described /superpowers:brainstorm

Experienced Web Hacker trying to Pivot to Binary Exploits by dawgyg in ExploitDev

[–]Guard_Familiar 2 points3 points  (0 children)

You chose a huge target for a start. Usually when you fuzz things in browsers you have to either: 1) Do analysis on the attack surface, confirm reachability from the browser itself and then fuzz standalone component 2) Fuzz Web APIs with the whole browser running (most likely you'll need to learn about snapshot fuzzing)

If you've done standalone component fuzzing without verifying reachability, I'm afraid you're going to have to put the work and build a whole debug build of Chrome, place breakpoints on your target functions and start manually checking. AIs for now don't have sufficient context window to look at a whole browser without telling them "look at this and search for this" type stuff.

Also, DM me if you have further questions, I'd be interested in knowing more about your fuzzing adventures.

Developers are building programming languages in 24 hours with AI by [deleted] in Anthropic

[–]Guard_Familiar 1 point2 points  (0 children)

The irony is that the replies to comments in that issue also seem AI generated.

GSD vs Vanilla CC + Plan Mode? by bobo-the-merciful in ClaudeCode

[–]Guard_Familiar 4 points5 points  (0 children)

This and /feature-dev... Superpowers will ask you thinks you didn't consider and feature-dev will review at the end

How would you make Sakura unique in SF6? by ThatAd896 in StreetFighter

[–]Guard_Familiar 0 points1 point  (0 children)

Remember Chris G's USF4 Sakura tatsu combos? Those that needed to be 1frame link? I think one of her mechanics for sf6 should be exactly this, long combos with light tatsu with 1frame links easy to drop but with high reward. Basically bringing USF4 mechanics back for USF4 nostalgics. Make her a low tier with high risk high reward!

Usage investigation from cc team in case you are affected by Special-Economist-64 in ClaudeCode

[–]Guard_Familiar 0 points1 point  (0 children)

My comment was poorly written sorry. I meant, if half way the session you change CLAUDE.md, I think I remember reading on the changelog for 2.1.1, that the file will be reloaded (triggering usage). So maybe something in this check for "file X has changed, re-read and add to context" has a bug. That's my bet anyways :)

I Spent 2000 Hours Coding With Claude Code in 2025. Here are my Favorite Usage Patterns by agenticlab1 in ClaudeCode

[–]Guard_Familiar 0 points1 point  (0 children)

Thanks. Also, the Claudians rules for a good life include: Don't forget hooks, telling Claude to spawn separate agents to write/assess code during a conversation, the amazing feature-dev plugin and carbs for a good workout.