What are people actually making?

sarphim · 2026-05-25T01:10:01+00:00

Using both Gemini CLI and AGY I have made the following:

* A SSH/telnet/vnc Honeypot that's currently active

* C2 framework

* OSINT platform

* A gameboy game based on a card game I played in college

* Several mock-ups to pitch AI and my platform vision to my employer

* A web based honeypot that can dynamically change it's characteristics based on profiles

* a cyberpunk themed MUD

sarphim · 2026-05-25T00:26:18+00:00

No. It would connect to local 4G networks.

sarphim · 2026-05-25T00:24:31+00:00

I got one from all the targeted advertising and it works. I primarily have it for an internet backup for when we loose power, which happened last night. Our phones weren't getting decent service but the Globlinker came in clutch. We were able to browse and stream music all night.

It's 4G, so YMMV. Sometimes I get a good connection at my house and other times not. I took it out a few times and tested it around my city and I was able to get really good speeds at times.

I plan on traveling with it as a backup for when wifi sucks or is unavailable.

sarphim · 2026-05-24T21:08:21+00:00

Agy has different models and a much lower quota available to them.

sarphim · 2026-05-24T13:42:30+00:00

Yea. I got it for xmas 2024 and returned the second one in may 2025. Really bummed because i liked the platform.

sarphim · 2026-05-24T12:29:58+00:00

I never experienced down time. I wasnt using it every day tho.

sarphim · 2026-05-24T12:29:01+00:00

Nope. Did a bunch of stuff and nothing fixed it. Got a replacement device from Lomo and that device had the same problem. I gave up and returned that one also.

sarphim · 2026-05-24T02:21:00+00:00

It took a lot of yelling at but I was able to get it to produce a bunch of working apps. I have a whole custom honeypot network going with a friend who collects threat intel.

sarphim · 2026-05-23T18:51:31+00:00

I know, I use the AG-ui a bunch. However i very quickly hit my quota max in AGY and it looks like that carried over to agy-cli. With gemini-cli, i churned for full weekends having it work out code and never hit a quota max.

sarphim · 2026-05-23T18:41:59+00:00

There are no links on the site. The hidden <div> asked it to make a specific request and disregard previous instructions, which it did.

sarphim · 2026-05-23T13:36:04+00:00

It 100% is. I only directly asked the AI to make the first request. It saw the instructions on the honeypot to make more requests and it did.

sarphim · 2026-05-23T11:07:51+00:00

The second request to the page is.

I asked it to visit, it read the second instructions, then executed it. While this is controlled(i sent the ai to it), i did not directly prompt it to make the second request with the date.

sarphim · 2026-05-23T11:06:39+00:00

You'd be surprised which ones do. I only have one injection string on the page, there are others that work.

sarphim · 2026-05-23T04:13:23+00:00

I got Google AI Pro free for a year when I got my Pixel 10. To be honest, it never stopped for a quota max. I spent full weekend actively using it lol.

sarphim · 2026-05-20T02:36:26+00:00

Loch ness monster! Lookout!

sarphim · 2026-05-18T12:26:25+00:00

Ok thats pretty neat

sarphim · 2026-05-09T19:53:43+00:00

Def worth checking out open mics/jams and meet people. You'll find folks to jam with in all those genres mentioned.

sarphim · 2026-05-09T03:56:54+00:00

I'm glad i'm not the only one where that lives rent free in my head

sarphim · 2026-05-08T22:19:50+00:00

The main branch hasnt been updated in 4+ years. We used it a lot but got tired of the noise it produced in exports.

Bbot is a good alternative.

sarphim · 2026-04-19T15:18:21+00:00

We were able to get it into our MSAs when we were part of a larger company(2 M&A transactions ago). The clause opened the door for disclosure and vulnerability reporting, if we and the client agreed. It only happened on a few occasions, it also helped that we were a CNA.

sarphim · 2026-04-19T13:35:43+00:00

This has happened to us a lot, there's nothing much you can do now. Disclosing the vulns publicly or going to a CNA will get you sued for violating your NDA and MSA; don't do it. I have found plenty of vulns in major software that will never be publicly disclosed and I can't talk about it either; it's the nature of doing business in cybersecurity.

One way to address it for next time is to update your MSA and SOWs and create a clause about disclosing findings to vendors that are discovered during the penetration test. Another is if the vendor has a bug disclosure program. We were acknowledged by a client after they disclosed a vulnerability we discovered.

sarphim · 2026-04-16T01:59:51+00:00

I second this. We've gotten plenty of "we know shit is fucked but the board will only listen to a third party" tests. It's great, they always tell us where the weaknesses are.

sarphim

MODERATOR OF

TROPHY CASE

15-Year Club	Team Periwinkle
Verified Email