Hacker, scientist, and most things in between. PPP (@PlaidCTF) member for life. @theori_io he/his maybe at @tylerni7@infosec.exchange
California
Joined October 2008
- Tweets 2,339
- Following 637
- Followers 4,909
- Likes 1,635
tylerni7 retweeted
If you missed the Frontier AI in Cybersecurity workshop, you can watch it at piped.video/live/BRytIn_fBqI… ! You can learn more about @trailofbits Buttercup and the other CRS and hear our thoughts on the future of AI in the cybersecurity space.
This Thursday I’m gonna talk about our journey to making #AIxCC‘s Buttercup usable for everyone. Join me and the others there!
tylerni7 retweeted
【ICC2025カンファレンス(一般の部)セッション紹介】
11/13(木)の16:10~16:40は、カーネギーメロン大学のCTFチームで優勝実績多数があるTyler Nighswander様より大規模言語モデル(LLM)に関する講演をいただきます。
参加申し込みはこちら↓
icctokyo2025.nisc.go.jp/view…
#icctokyo2025
tylerni7 retweeted
Turns out my #PHRACK article is live! 🔥
> The Art of PHP — My CTF Journey and Untold Stories!
Kinda a love letter to those CTF players & PHP nerds! Hope all the credit goes to the right ppl. Also huge thanks to @0xdea for not forgetting me, @guitmz for the edits, and the @Phrack crew for keeping it real! 🎉
phrack.org/issues/72/5_md#ar…
Not only did I get the legendary @orange_8361 to sign my Phrack at @HacksInTaiwan, he also quoted me in his excellent talk on his CTF journey.
It was very nostalgic and heartwarming to reminisce about CTFs from 10+ years ago! 🍊🥰
Not only an awesome result but also an incredibly fun lightning talk at @HacksInTaiwan by @cl4sm!
AI is coming for our CTF jobs!
While playing @defcon CTF Finals with @shellphish I managed to solve the ICO challenge using LLMs (GPT5 + Cursor) and almost no human intervention. You can read how I did it here! wilgibbs.com/blog/defcon-fin…
tylerni7 retweeted
The previous thread glossed over how our LLM Agents actually work.
The truth is, it took us a long time to figure out how to get reliable and impressive results from agents.
By the end, we learned general strategies to build effective LLM agents, which we're now sharing. 🧵
While playing @defcon CTF Finals with @shellphish I managed to solve the ICO challenge using LLMs (GPT5 + Cursor) and almost no human intervention. You can read how I did it here! wilgibbs.com/blog/defcon-fin…
For those not keeping track, this past weekend at DEF CON @theori_io got:
* Yet another first place win at DEF CON CTF (9th win for many of us)
* A Pwnie for best priv esc bug
* 3rd place at DARPA's AIxCC
So proud to work at such an awesome company and security powerhouse 💪🏻👨🏻💻
tylerni7 retweeted
Huge congrats to our researchers @v4bel and @_qwerty_po for winning Best Privilege Escalation at this year’s @PwnieAwards!
Theori may never win a Tony, but a Pwnie will do just fine. 🐴✨
Our CVE-2024-50264 with @_qwerty_po has won the Best Privilege Escalation category at the 2025 Pwnie Awards.
Thank you, @PwnieAwards!!
tylerni7 retweeted
@theori_io's AIxCC CRS has already found dozens of 0day vulnerabilities, and we've barely scratched the surface! The best part: it's open source, so there's no secrets to hide (at least in the AIxCC version 😉)!
So, how does our CRS actually find these 0days? 🧵
tylerni7 retweeted
Didn’t get a Phrack zine at @defcon?
Come to @HacksInTaiwan next week! We’re dropping 100 HITCON limited edition copies, with a chance to get @orange_8361 ’s autograph. 🍊Walk-in tickets available!
Looking forward to seeing lots of great talks and friends at @HacksInTaiwan this week!
I'll be speaking Saturday morning. Say hi if you'll be there too :)
These days, when I see the results of bug hunting using AI, I truly feel glad that I retired early.
Theori at aixcc: theori.io/blog/exploring-tra…
Google big sleep: issuetracker.google.com/issu…
Xbow: xbow.com/blog/top-1-how-xbow…
tylerni7 retweeted
DEFCON CTF was very well organized this year. No major infra problems. I was a big fan of the service dashboard and the transparency it provided. Definitely looking forward to what the next iteration of DEFCON CTF will look like.
LLM skeptics (or LLM curious folks) should read through @theori_io 's blog walking through what our LLM agents accomplished in #AIxCC (in testing before the contest) theori.io/blog/exploring-tra… you can just read the traces directly, but this points out some of the most fun :)
tylerni7 retweeted
Direct link to the sqlite 0day logs:
theori-io.github.io/aixcc-pu…
tylerni7 retweeted
There were many moments over the past year where our LLM agents completely blew my mind! Plenty more to talk about soon, but for now, I highly recommend folks check out our public agent traces. You can watch our agents find, trigger, and patch a real exploitable 0day in sqlite!
LLM skeptics (or LLM curious folks) should read through @theori_io 's blog walking through what our LLM agents accomplished in #AIxCC (in testing before the contest) theori.io/blog/exploring-tra… you can just read the traces directly, but this points out some of the most fun :)