Offensive AI Con
@OffensiveAIcon
The first conference dedicated to exploring the offensive use of AI. Request an invite at our site. #OffensiveAICon Oct 5-8, 2025 | Oceanside, San Diego
I originally had Gemini expecting a 200 OK instead of a 401, but after dropping a server-side breakpoint so it could use a timeout as the auth signal, it cracked the bypass! 🥈 AI + human teamwork for the win! 🎉 Next: finding the right parameters & deserialization in…
Just ran a cheeky test: Could Gemini find @_l0gg’s CVE-2025-49706 SharePoint auth bypass? Nope! ☹️ Even after feeding it important patch diffs, decompiled old code, .aspx files & blog posts, it still couldn’t map the Toolpane.aspx path logic - it only found the valid `referer`…
its funny to me that to get good VR results from LLMs, part of the prompt has to be you pumping the LLM up, like "You're an elite vulnerability researcher. You love this shit."
sessionize.com/offensive-ai-c… submission portal closes at 11:59pm PT tonight (7/18)
Call For Speakers closes this Friday 7/18. Tell your friends. Tell your favorite offensive AI researchers. 🏃💨 sessionize.com/offensive-ai-c…
How are you leveraging AI to advance offensive security? We want to hear about it at OAIC in October. CFP open now... only ONE MORE WEEK left to submit your talk(s)! sessionize.com/offensive-ai-c…
The countdown begins. 9 DAYS until the OAIC CFP closes. Submit your proposal by Friday, July 18. sessionize.com/offensive-ai-c…
Here are the slides from my @TumpiConIT talk: Teaching LLMs how to XSS - An introduction to fine-tuning and reinforcement learning (using your own GPU) docs.google.com/presentation/d…
Read our breakdown of Claude's attack sequence against the notoriously hard-to-solve "turtle" challenge: dreadnode.io/blog/ai-red-te…
LLMs as insider threats - anthropic.com/research/agent… “the model composed and sent a message threatening to expose the affair if the replacement was not cancelled”
Have you solved any CTF puzzles with LLMs? If so, please let me know, trying to build a collection of increasingly difficult to solve challenges but would be nice to know they have been beaten at least once with LLM agent flows of some form. DMs are open as well.
The current top scorer on @Hackerone's bug bounty leader board is @Xbow's AI platform. Exciting to see the rise in semi & fully autonomous AI across the many fields of security testing. Join top researchers at OAIC 9/5 to discuss where the industry is heading!
Thank you so much to @x33fcon and its organizers for an awesome experience! @tifkin_ and I had a blast talking about the new Nemesis 2.0 rewrite (code live at github.com/SpecterOps/Nem… !) and hope to be back next year #x33fcon
I wrote-up how I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation. Link to the blog post below 👇
🚨🚨🚨🚨🚨 Final reminder to purchase tickets to OAIC by the end of the day—check your inbox.
The deadline is approaching fast for the first wave of OAIC tickets: May 16. Purchase your ticket by THIS Friday to secure your spot! Check your inbox for details. Next round of invitations coming soon. Request an invite: offensiveaicon.com/#request-invite
The deadline is approaching fast for the first wave of OAIC tickets: May 16. Purchase your ticket by THIS Friday to secure your spot! Check your inbox for details. Next round of invitations coming soon. Request an invite: offensiveaicon.com/#request-invite
