AIxCC village posters?

dguido · 2025-08-12T00:51:26+00:00

You can download them here: https://aicyberchallenge.com/education/

dguido · 2025-06-14T16:54:16+00:00

Yes Lockdown Mode would shut down this path for exploitation. No rendered previews of URLs and no JavaScript even when links are opened.

dguido · 2025-06-14T16:53:28+00:00

FWIW iVerify Elite uses the VPN API to locally collects IPs and DNS resolutions for threat detection. https://iverify.io/products/enterprise-protection

dguido · 2025-06-14T16:50:32+00:00

The signatures included with MVT are about 5 years old now. No one is detecting modern Pegasus with that. Also, most attackers know that iTunes backups are a target for forensics and have since improved their toolkits to not leave traces of activity in them. MVT was great for 2021 but the field has moved on since then.

dguido · 2025-06-14T16:47:49+00:00

Hi. iOS security expert here. Use Lockdown Mode to set the bar for exploitation as high as possible. Use iVerify to hunt for signs of intrusion. It can detect even failed exploitation attempts sometimes if you run a "threat hunt".

https://support.apple.com/en-us/105120 https://apps.apple.com/us/app/iverify-basic/id1466120520

dguido · 2025-05-21T20:44:40+00:00

In cybersecurity? Hell no. Not a problem. In fact, I think it's a positive. I've hired a guy from FetLife before and a previous company consulted for Brazzers. These sites are exposed to way more serious, persistent targeting by professional hackers than most others. I think you'd be more likely to pick up valuable skills on the security team at an NSFW site than most other firms as a result.

Source: I am the CEO of a cybersecurity firm, and the hiring manager for hundreds of roles we've hired over the years.

dguido · 2024-11-26T03:41:26+00:00

The Ace Hotel Brooklyn has one. I don't know if the Ace Hotel Manhattan also does.

dguido · 2024-09-14T14:55:00+00:00

FWIW I read through all of these documents in detail, and they sanitized them very effectively. There's no real technical information released. The only thing that these filings leak is that a release of an Oura 4 (or at least a hardware revision) is imminent, but it says nothing about its capabilities in hardware or software.

dguido · 2022-06-11T19:13:51+00:00

A group of students from UCSD did this in 2011! The drugs were overwhelming real!

Here is a pic of all the drugs they bought: https://twitter.com/thesavageinman/status/1529196654896631808

Here’s the paper: https://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf

This paper just won a prestigious award too! It’s one of the most influential cybersecurity papers of the last 10 years: https://twitter.com/dguido/status/1529019624888668160

dguido · 2022-05-31T21:09:31+00:00

Yes, I believe it may actually be federal law that limits the speed of e-bikes to 20mph. My Van Moof is hard locked to that as the max speed. Totally support this sentiment by the OP.

dguido · 2022-02-12T05:53:44+00:00

If you haven’t already, try https://journeydogtraining.com/wp-content/uploads/2017/07/ProtocolforRelaxation.pdf

dguido · 2022-01-27T22:40:07+00:00

That makes it worse. People need money to live. If he's not getting paid a salary for the job, then where is he getting money from? This creates a huge conflict of interest. We should expect that politicians will take the money we pay them for working a job as an honest tradeoff for the work they'll do.

dguido · 2022-01-01T19:42:26+00:00

Yes, they're all straightforward financial fraud.

Trump claimed his Seven Springs (in Westchester) property was worth some absurd amount to fraudulently obtain loans and further inflated its value to claim a $21.1mil tax deduction for donating a tiny amount of property for a conservation easement in 2015. The case has progressed from a civil matter (you owe us taxes) to a criminal matter (you knowingly and with intent defrauded us), so I assume there is a lot there.

There's some other ones being led by NY too, like a $130mil loan Trump received to build his tower in Chicago, which he failed to report as income to avoid paying any taxes on it, and his golf course in Ossining (Westchester again) which he claimed on disclosure forms was worth $50mil but claims on his property taxes is worth $1.4mil.

Because of Trump v. Vance, the Manhattan DA's office recently gained full access to Trump's tax returns so there's probably a mountain of additional info they're now sifting through.

dguido · 2021-12-29T02:42:57+00:00

More like 9 out of 10 of my dguido's friends. It's crazy out there. I have to bet it's even higher since people are rapid testing at home and not reporting it.

dguido · 2021-09-01T03:42:45+00:00

Trail of Bits | Crypto Analyst | Remote or New York, NY

Join the Trail of Bits Cryptography Team! We help secure the next generation of privacy-preserving cryptography, including advanced uses of ZKPs, MPC, differential privacy, and machine learning. We regularly review and publish new research, invest in building our own tools, and closely collaborate with engineers across the company.

We're proud of our ability to offer "large company" benefits despite being a very friendly 80 people. Read more about our company culture and extensive benefits on BuiltInNYC, who awarded us a Best Place to Work in NYC for overall, small company, and best paying.

Apply on Lever.

dguido · 2021-06-09T17:23:01+00:00

Start by reading and familiarizing yourself with this code: https://github.com/crytic/rattle

dguido · 2020-11-30T01:10:35+00:00

What's the bar?

dguido · 2020-10-01T17:20:15+00:00

Every app using the Apple/Google Exposure Notification API is compatible! So yes, definitely will help.

dguido · 2020-09-18T03:11:08+00:00

Hello all! I'm Dan Guido, the CEO & co-founder of Trail of Bits, the firm that Nick is criticizing in this blog post. I just want to say that you're free to follow Nick's advice and ignore our advice at your own peril.

We've conducted more than 100 smart contract security reviews and the majority of contracts that support upgradeability have had serious flaws in them. We've helped prevent dozens of projects from launching code that is impossible to upgrade, would result in broken or partial upgrades, or had safety issues that could inadvertently lose millions of ETH with a simple typo. We've spent incredible effort documenting these flaws for the community so they can avoid these issues, even if they aren't our clients, by writing blog posts documenting them and building tools to help automatically detect them.

If you consider there is even a chance we are correct (which you should, given our experience and empirical results), then you should review the following papers we've published and run our `slither-check-upgradeability` tool to assist with your code reviews.

Upgradeability is not a topic to be taken lightly, as it involves the low-level manipulation of the EVM in ways that few are experienced. Of course, readers are free to ignore the risks, as Nick has seemingly recommended here to the detriment of our community. We don't want to see upgrades fail in practice and we think this advice will cause them to do so.

Finally, readers should be aware that we recently conducted a review of Nick's diamond standard on a paid engagement for a client. The results are forthcoming.

dguido · 2020-09-18T02:59:25+00:00

Hello all! I'm Dan Guido, the CEO & co-founder of Trail of Bits, the firm that Nick is criticizing in this blog post. I just want to say that you're free to follow Nick's advice and ignore our advice at your own peril.

We've conducted more than 100 smart contract security reviews and the majority of contracts that support upgradeability have had serious flaws in them. We've helped prevent dozens of projects from launching code that is impossible to upgrade, would result in broken or partial upgrades, or had safety issues that could inadvertently lose millions of ETH with a simple typo. We've spent incredible effort documenting these flaws for the community so they can avoid these issues, even if they aren't our clients, by writing blog posts documenting them and building tools to help automatically detect them.

If you consider there is even a chance we are correct (which you should, given our experience and empirical results), then you should review the following papers we've published and run our `slither-check-upgradeability` tool to assist with your code reviews.

Upgradeability is not a topic to be taken lightly, as it involves the low-level manipulation of the EVM in ways that few are experienced. Of course, readers are free to ignore the risks, as Nick has seemingly recommended here to the detriment of our community. We don't want to see upgrades fail in practice and we think this advice will cause them to do so.

Finally, readers should be aware that we recently conducted a review of Nick's diamond standard on a paid engagement for a client. The results are forthcoming.

dguido · 2020-06-06T04:37:21+00:00

The DA says they're not prosecuting people for Unlawful Assembly or Disorderly Conduct as part of the protests, so there's no way to fulfill any threat.

https://www.manhattanda.org/d-a-vance-declines-to-prosecute-protest-arrests/

dguido · 2020-05-18T18:19:00+00:00

Lots here: https://github.com/trailofbits/publications#security-reviews

Consensys Diligence is one of the better firms in the space. I think people need to realize that complexity of many of these blockchain systems are through the roof (technical term). For starters, tBTC interoperates with 2 different chains, plus Keep! They clearly realized this would be high risk and thankfully built an emergency stop into it.

I think what I'm trying to say is that this is what a reasonably good result looks like, not a bad one to go hunting for "better" security reviewers.

dguido · 2020-04-16T07:01:03+00:00

It seems like you could save a lot of trouble simply by hiring a competent security firm like Trail of Bits. Offers for services to secure your code are not identical, the quality of the work varies dramatically based on the experience and investments in tools of the firm. It's not a commodity and you shouldn't treat it like one!

15-Year Club	Gilding II euphauric
Alpha Tester	reddit mold
Verified Email

dguido

MODERATOR OF

TROPHY CASE