"AI is giving attackers a huge advantage!"

@Viss @iagox86 @cR0w @darthnull sometimes, it can be pretty helpful. If for no other reason, the references sometimes point to an actual write-up instead of nuclei's meta-request template bullshit.

@iagox86 @cR0w @darthnull what's incredibly fun is looking at nuclei-templates repo, thinking you've found something that can serve as a proof of concept for some thing you really needed, and its a GET request that they parse with regex for version strings.

Thanks for that, I guess.

@iagox86 @cR0w @darthnull If I had a dollar for every time I was looking up PoC/exploits for a given CVE, and its some slop report from a website that just seems to scrape cve.org and regurgitate it along with very generic remediation recommendations, I probably wouldn't be rich, but like, I could have a fairly nice lunch.

@FuturisticRobert @cR0w @krypt3ia @Viss no shit. My hourly rate starts at 400 an hour, minimum of 4 hours.

@iagox86 it's so tiring.

@cR0w reads the rest of the thread That ain't asbestos. They lined this fucker with lead.

@cR0w breathes deeply

@catsalad Clavicus Vile, at it again.

@Viss 5-10 years ago, companies that did appsec assessments were beating themselves off about how writing better code was gonna eliminate cybersecurity and yet, we're still here.

@Viss this is the "appsec is gonna save cybersecurity" shit all over again.

@GossiTheDog ladies and gentlemen, it's this stupid shit (tm) that we are paying up the ass for new SSDs and RAM for.

@GossiTheDog what's funny to me, is that there were influencers on linkedin a few days ago claiming claudecode could find vulnerabilities in code faster than humans, and they're like "look at all these openssl vulns it found!" now I'm like. "well no shit its finding vulnerabilities, when its the one introducing them."

@GossiTheDog

@datarama @paveljanicek puked in my mouth a little, thanks.