tylerni7
@tylerni7
Followers
4,806
Following
621
Media
74
Statuses
2,272
Hacker, scientist, and most things in between. PPP ( @PlaidCTF ) member for life. @theori_io he/his maybe at @tylerni7 @infosec .exchange
California
Joined October 2008
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
América
• 991243 Tweets
#Debate2024
• 664130 Tweets
Springfield
• 479207 Tweets
Colombia
• 380867 Tweets
Haitians
• 361116 Tweets
Yunes
• 321402 Tweets
The ABC
• 320115 Tweets
Moderators
• 289197 Tweets
Morena
• 257024 Tweets
PS5pro
• 254314 Tweets
Fact Check
• 187233 Tweets
Project 2025
• 137686 Tweets
ANILPIN FALLING IN LOVE
• 109417 Tweets
ABC News
• 96736 Tweets
Bolivia
• 84006 Tweets
Dibu
• 80362 Tweets
David Muir
• 61274 Tweets
Dave Grohl
• 58153 Tweets
Uruguay
• 53928 Tweets
Marxist
• 49808 Tweets
#WWENXT
• 42095 Tweets
Fired by 81
• 41244 Tweets
THEY'RE EATING THE DOGS
• 38776 Tweets
Charlottesville
• 37415 Tweets
Gareca
• 32749 Tweets
Paraguay
• 29749 Tweets
#VamosChile
• 27627 Tweets
Linsey Davis
• 26465 Tweets
Roe v Wade
• 22261 Tweets
Run Spot Run
• 20853 Tweets
Mr. President
• 18192 Tweets
Nancy Pelosi
• 17228 Tweets
Donnie
• 16572 Tweets
ゲーミングPC
• 16399 Tweets
Abortion in the 9th
• 16219 Tweets
Senado
• 14486 Tweets
Hannibal Lecter
• 13567 Tweets
Flight Attendant: is there a doctor on board?
Parent: *nudging* That should've been you
Me: Not now, this is serious
Parent: Not asking for a hacker to help, are they?
Me: AAAAAAAA\x00\xd0X?\xfc\x7fBBBBj\x0bX\x99Rfh-p\x89\xe1Rjhh/bash/bin\x89\xe3RQS\x89\xe1\xcd\x80
Parent:~#
20
539
2K
fwiw here is the ionospheric data from the hour around the launch
I don't see any large disturbances as I would expect. Even a "rapid unscheduled disassembly" should produce something, unless it happened at very low altitude.
So either bugs in my code or broke up quickly?
(2nd LD) N. Korea fires what it claims to be 'space launch vehicle' southward: S. Korean military
0
5
14
9
53
151
Perhaps not surprisingly, the launch and subsequent self destruct of Japan's H3 rocket generated a VERY strong ionospheric disturbance
The H3 rocket has failed to reach orbit on its first test flight.
Range control at Tanegashima Space Center in Japan have sent a destruct command to the H3 rocket after determining there was "no possibility of achieving the mission."
8
79
192
4
65
150
I guess my thing now is posting videos of ionospheric stuff when there are launches in the Korean Peninsula or Japan.... so
NHK, citing defense ministry, reports the North Korean missile was launched at 7:09am and is expected to fall at 8:18am. Will land about 550 km east of the Korean Peninsula, outside of Japan's EEZ.
5
38
92
5
17
129
Geohot finally released his secret tool for winning CTFs (okay, not exactly, but it's still a neat project)
0
68
75
@ArmsControlWonk
@michaelnute
In the spirit of OSINT, the code is also open-source (though can be a bit finicky to run)
The data for this test is from
7
18
72
My talk from
@enigmaconf
is up: It's a mixture of PPP history and some general advice on how to get started in CTFs
2
45
74
14
17
67
Thank you so much
@DefconRaffle
! I'm so glad I stuck around after the closing ceremonies to win the first ever
#BlackBadgeRaffle
. Looking forward playing again at
@defcon
next year!
3
8
68
Our final nomination for Lamest Vendor Response goes to:
Google TAG for “unilaterally shutting down a counterterrorism operation”.
9
11
45
0
7
67
Very happy we qualified for
#AIxCC
! Between our tiny team and Defcon CTF, we had no time to do a blog or PR release
First, the
@theori_io
CRS was made by
@tjbecker_
and myself. I’m so thankful to work at a company that believes in us and was happy to let us do this
🧵
3
11
66
Can we skip the part where everyone makes bad jokes about NSA and backdoors and move to the part where everyone is happy a tool with undo, collaborative editing, decompilation, function similarity, and extensions was released for free and open sourced?
4
10
64
In addition to maintaining pwntools and pwndbg which lots of folks know and love, and on top of being a great CTF player,
@ebeip90
was also just a super nice person.
This has definitely not been a good year for the infosec community :(
I learnt that Zach Riggle, the author of pwndbg, passed a few days ago.
We weren't close friends, but acquaintances, and discussed stuff in Twitter DMs.
I am sad. My Twitter DMs have lost multiple good folks in the last years :(
22
79
358
0
12
57
Holy crap, just saw this from
@NedWilliamson
: the lead character in a major Chinese teledrama is a CTF player? Does this mean CTFs have finally gone mainstream?
3
9
53
How much money do you think I can get for my new self driving car startup?
1
7
53
Wow this is really awesome: CTF with live, auditable zero-knowledge proof based flag checking
0
24
50
This is a kinda fun read (from Eugenio Benincasa at ETHZ) for people in the CTF scene:
It's quite interesting to see someone look so deeply at CTF team lineages and memberships, and it's extra entertaining for those of us who "lived" it.
1
9
48
This is an excellent point.
We should offer every student a choice between a class in sex education or blockchain education.
It's not like anyone would ever need both
1
9
46
Previous space launch with a breakup (T+14' in Japan's H3) was really visible.
Obviously different size and other parameters. But assuming similar results and no software bugs (😅), maybe suggests breakup was very early (like 5 minutes?)
Perhaps not surprisingly, the launch and subsequent self destruct of Japan's H3 rocket generated a VERY strong ionospheric disturbance
4
65
150
2
10
44
Finally
@eryeh
and I found something to do with some of our conference badges!
#conferencetree
1
7
44
Since I'm bad at PR or whatever: if any reporters/podcasters/whatever want to talk about
#AIxCC
, feel free to reach out!
Theori was first place in achievements (actual scores TBA), and we were a tiny, unfunded team. Happy to talk about the contest/our team/automated security!
4
13
45
Will post a little more after Defcon (busy with the CTF), but if anyone is curious about the Theori CRS for AIxCC, it was made by just
@tjbecker_
and myself. It looks like it did pretty well!
3
0
44
I think I finally found the trick to a great night's sleep: stay awake for 36 hours first.
1
1
43
Then we can all get back to what really matters: joking about how much we don't like radare
3
0
44
Attempting to sue the security researchers reporting vulnerabilities in your products
🐝🐝🐝
0
17
43
I made some motivational posters for these trying times. I encourage everyone to print them and hang them at their home, office, place of worship, public bulletin boards, etc.
0
12
36
@thebradhawkins
@ArmsControlWonk
@michaelnute
The data for this animation is from an hourly dump from Japan's GEONET. There are ~realtime data sources available, but the code isn't written (yet? 😉) to take advantage of those.
8
6
35
The LK-99 superconductor saga is really reinforcing my beliefs that:
1) prediction markets are dumb
2) social media influencers are terrible
3) the only ones who really get things done are silent (at least quiet) professionals (and maybe catgirls, I guess)
2
3
35
This whole topic is such a mess. There are literally women who are XY who have had children naturally
The idea that we can bucket men and women into binary categories is old and dumb.
Seems like a good time to re-post my older (now edited) post about athletes with XY DSDs (Disorder, or Difference of Sex Development). Lots of graphs and detail about the relevant biology at the end.
* * *
First: People living with DSDs
863
5K
16K
2
2
34
I'm beginning to wonder if I may, perhaps, have a slight chocolate problem...
7
3
32
Super cool! Since someone did the hard part, an easy way to replicate this:
youtube-dl -x --audio-format wav -o 'helicopter.%(ext)s'
sox helicopter.wav channel_r.wav remix 2
minimodem -q 1200 -f channel_r.wav
That'll grab the vid and dump the data :)
People keep DMing me about Proto17’s work on demodulating helicopter telemetry data from live YouTube protest feeds. SDR work is his ninjitsu to be clear, I guided the discussion a bit. Several noted it can be used for what/where/when accountability…
1
19
42
0
11
30
Things that make me feel like a hacker:
❌ hacking computers
✅ typing with fingerless gloves to keep my hands warm
1
2
29
I guess also worth noting: here is a "normal" space launch, from the South Korean Nuri launch last week
1
6
28
Can we all take a moment to appreciate how 🔥🔥🔥US intelligence is for getting the names and specific mission roles of GRU operatives in what are presumably covert Russian operations?
4
2
28
Wow, I can't wait until the Pwnie Awards at Defcon China award TAG the lamest vendor response for shutting down their watering holes against Hong Kong and Taiwan!
Our final nomination for Lamest Vendor Response goes to:
Google TAG for “unilaterally shutting down a counterterrorism operation”.
9
11
45
1
2
27
I wrote about the setup FAS used for live streaming CTF stuff. Videos included, they came out pretty well :)
2
18
26
Apparently there's a solid chance the next release of the Linux kernel after 4.19 is going to be 5.0 rather than 4.20.
How much money would
@elonmusk
need to donate to the
@linuxfoundation
to make sure we don't skip 4.20? And to make sure the release name is "Blaze It"?
0
1
25
This is just cheating: pay an employee $1M to install ransomware on a corporate network, then ask for a $5-10M ransom?
That's not even hacking! Where's the skill? the pizzazz?
Doesn't need to be 0days but at least find an unpatched system or phish someone!
4
4
24
@__tinygrad__
I kinda hate the style and line count obsession. BUT there's no other objective way to measure complexity. "Keep lines under X" is enforceable vs "cyclomatic complexity and needs to be less than (unintelligible number)"
PyTorch pulls in literally gigabytes of cruft!
2
0
25
Looks like someone finally made a fuzzcoin!
It looks centralized and not really a cryptocurrency, so I'd call it more of a fuzzing
@home
though
Either way, cool/fun work
@SSLab_Gatech
!
0
8
24
Came out a bit late, but still a very clean launch signal from the DPRK launch
0
8
21
So today Googlers posted a
#SHA1collision
and an insanely bad bug in Cloudflare (
#cloudbleed
)...
3
14
23
Truly Crown Sterling is the infosec drama gift that keeps on giving. 🤣
They're now suing Blackhat because them being a sponsor didn't stop people from calling them out on sucking? 💯
2
4
23
@dguido
@CSAW_NYUTandon
@realGeorgeHotz
lol I wasn't in the video (it was after I graduated and was no longer at CSAW). But:
(playback should work. I also have a download locally if it doesn't play for you)
3
1
22
Since some people asked for it, here is the
@ionplotbot
animation of the
#SpaceX
#Starship
launch this morning. I don't think there is coverage in the Indian Ocean to attempt to look for the splashdown though.
7
6
21
@oooverflow
@defcon
@thedarktangent
"It's like they took breakthrough points and made them even worse somehow" -
@thebluepichu
1
1
20
I don't think I agree with the conclusions here, but this is a great article and it's still something everyone should read and be thinking about
New blog post "Google: Stop Burning Counterterrorism Operations"
My reflection on an incident where Project Zero and TAG knowingly shut down an active Western counterterrorism cyber operation, and the real-world harm that could have resulted from it.
80
141
573
1
1
21
The international politics aspect of this is beyond my expertise. But PT has great security researchers that release useful, public reports.
Russians working with Russia by itself doesn't seem like enough to justify sanctions--many big companies do work with their government
1
5
19
Verifying myself: I am tylerni7 on . LUCBfYOwgIUJM3xbytBdYw_wO5DwQ-1yuWhB /
Oh sorry, is now not a good time for this?
1
0
20
Expect quite a few blogposts from all of us at
@ForAllSecure
on our
#CGC
tech soon. Now that it's over we have more we are able to share :)
1
7
20
Well, that was a fun experiment! Thanks geohot and
http://t.co/S3gNSenjms
for the first shot at hacking as an e-sport
http://t.co/3JkG79Qy0I
1
14
19
I'm just loving watching people online pretending to have domain knowledge in increasingly more obscure areas of expertise
First political science
then virology/epidemiology
then hedge funds and option market makers
now Suez canal giant boat removal
Can't wait for what is next!
1
1
19
Me auditing code: "psh, look at all these bugs, these developers must have been terrible"
Me writing code: "it's impossible to design a schema to structure arbitrary international addresses" ( )
I think this whole "coding" thing may have been a mistake
2
0
18
Hardest part about getting older: getting rid of your dutifully collected cables and converters because they aren't useful anymore.
Thank you for your service DVI, IDE, and USB-B cables
6
2
18
@sirdarckcat
I just read it quickly, but this looks like a great guide! I'm not sure if those that need it most will see it... but it's always great to have better resources for CTF organizers!
PPP has a much less ambitious/detailed guide from a few years ago as well:
1
2
17
After last weekend's success, there's going to be more hacking games done on twitch. See
http://t.co/vHuz5Ghk7d
for more details!
1
27
17
We use a lot of LLMs and some fuzzing. But due to engineering and time constraints, we only use 1 of the 3 machines we were given. After the finals the source for all teams CRSs will be made available so watch for that! (I really can’t wait to see the approaches everyone took)
1
1
16
I'm just glad we beat Snapchat
The 50 Smartest Companies of 2017 include some you already know and some you should get to know -
#TR50
5
94
141
0
2
16
Wow, DPRK is getting really desperate to start doing better at CTFs
#ESETresearch
discovered a trojanized IDA Pro installer, distributed by the
#Lazarus
APT group. Attackers bundled the original IDA Pro 7.5 software developed by
@HexRaysSA
with two malicious components.
@cherepanov74
1/5
19
966
2K
1
2
16
Looks like a signal at the end there (18:55ish) presumably from
(spotted by an ACW slack member 😁 )
1
3
14
This will be fun: geohot is going to do a Smash the Stack "speed run" using qira, live streamed at
http://t.co/loqWvvFJqC
Sunday 9am PST
1
21
15
Honestly I'm just surprised we haven't heard from Elon Musk yet about how he will provide 100 Cybertrucks or a rocket ship or something which will tow the boat clear
I'm just loving watching people online pretending to have domain knowledge in increasingly more obscure areas of expertise
First political science
then virology/epidemiology
then hedge funds and option market makers
now Suez canal giant boat removal
Can't wait for what is next!
1
1
19
2
0
15
Sorry I missed seeing so many folks at Defcon! I barely left our team's room to venture out to the actual conference/CTF floor. Hopefully I'll see everyone I missed soon (or next year)!
0
0
15
Just a bit of unpacking from
@nwchocolate
Pro tip: always be sure to leave extra space in your luggage for chocolate
3
1
14
* The rules were superseded by 300+ issues on Github
* We’re still waiting on explanations for things like “unannounced extension of the submission deadline”
* Infra was actively changing until July
* We don’t know how the event was run, and might not get logs of what happened
2
0
13
Whether
@ForAllSecure
wins today at
#DARPACGC
or not, I'm proud to be a part of this historic contest and to have helped build
@MayhemCRS
1
2
13
Went for a walk today and saw... wild parrots? Did not know that was a thing in the SF Bay Area! Grabbed my camera to try to get a few photos
2
0
13
I have to say, this week looks not very much like "winning" or "making America great again" and a whole lot like "going to shit" to me...
0
1
13
@gamozolabs
During CGC
@ForAllSecure
ended up partitioning 20c/40t machines into VMs with 8 cores to avoid fork contention. Totally dumb but had better performance than scaling directly.
I forget if you reviewed it but is a nice (academic) paper on this.
2
0
13
First I also want to shout out to
@tjbecker_
. We already work together, but this is a good excuse for me to mention he’s awesome: cryptography, browser security, blockchain stuff, and now AI 😛
Definitely give him a follow if you aren’t already!
1
0
12
I can't wait to hear all the thought leaders talking about xz/liblzma
2
0
12
1
40
11
This sounds exciting:
Not because I care about web loading times, but a denser representation of JavaScript will be much more efficient for fuzzing!
0
5
11
If you don’t know me: this is my second CRS: I was also part of the small team at
@MayhemSec
who worked on Mayhem which won CGC in 2016. I’m so proud of our CGC win, so I am happy to have a chance to pick that up again!
1
0
10
Has anyone in the history of the internet ever (intentionally) allowed a website to send them notifications?
1
0
11
Amazed at the usage of this iOS exploit:
"How can we get someone to click on this link?"
"LOL idk let's just text it!"
Are you shitting me?
2
9
10
