Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

There have been many posts claiming that vulnerability research is over because of LLMs. The main post they reference is true if you use an economically interesting but technically uninteresting definition of VR. VR is exploring an infinitely large space of weird machines and is the perfect example of a 0 or 1 task.

For soft targets, it's all about spreadsheets and vulnerability tracking. Taking bug class X and chaining it with other bugs to produce an impactful vulnerability. The authors claim: this isn't the meat of VR. On hard targets, this looks much, much different.

A vulnerability will be discovered. What's actually hard is everything that comes after it. Cheap to maintain, the exploit works on all versions, doesn't crash or fail in debuggable ways, and contains a remote attack surface... this is what makes it hard.

The article is a little hard to parse, with references to things that I don't know much about. Regardless, the perspective that VR is dead is not true to them. There's still lots of bugs to be found. Some will be by humans and others by AI.