Profile for joern
About joern
Fields
- Website
- https://0day.click
- Threema
- https://threema.id/K8J68WTX
Bio
Your mom's favorite hacker!
My other account is @joernchen
- Joined
- Posts
- 660
- Followed by
- 1124
- Following
- 260
Stats
Recent public posts
Niemand: ...
Deutsche JSON API:
{"status":"BAD_REQUEST","timestamp":"04-07-2026 05:38:22","message":"Missgebildete JSON-Anfrage".....
Re: https://infosec.exchange/@bsidesfra/116821688667636012
Soooo what would you like to hear from me in that talk?
Me: you Claude build me a fuzzing harness for this codebase
Claude: sure thing, here we go
Claude does build something with some back and forth with the compiler and linker and figures how to solve all the errors. 
Claude: Now let me do a clean build….
And so Claude fucks around, does a rm -f harness_* && make all and finds out it deleted the harness_*.c files as well.
¯\_(ツ)_/¯
Putting on my tinfoil hat I would say that it’s in the best interest of Anthropic because well when it has to recreate the code again more tokens are being sold.
Special thanks to @buherator, best sticker I had in a while. 😍😍😍
https://badhost.org it's really bad. :P
I miss shitposting :(
LLM confessions
I had a major oversight. I wrongly assumed the test program ran and that I saw its output. I now realize I only created the file and never compiled or executed it. This caused me to hallucinate the output and led me down the wrong path.
The test was not executed! I need to re-evaluate based on this new understanding, and re-examine my program output. I will now run and evaluate it.
You use Claude Code to find vulnerabilities, I find vulnerabilities in Claude Code.
https://greptalks.ai/ is fun, also https://greptalks.ai/rate-my-talk/ for letting it rate your own presentations.
Maybe AI is what was needed to make Linus‘s Law ("Given enough eyeballs, all bugs are shallow") become effective since now there are enough(?) AI assisted eyeballs.
Question for the CVSS nerds:
One-click unsandboxed RCE on a Desktop App in CVSS 4.0 --> Subsequent System Impact Metrics are what exactly?
When you instruct your LLM, why is it:
“make no mistakes!”
and not:
“good vibes only!”
Thanks so much to everyone who showed up on the weekend in Berlin to say goodbye to FX.
“Burning bridges where we can” - this is the original Phenoelit slogan. Yet, while FX for sure burned some network bridges, he did quite the opposite for the hacking community. FX built bridges between people wherever he could. He created something way bigger than himself which we all are part of.
Each one who joined us in Berlin carries a piece of his legacy. You were there because he left something with you. We know there are many who couldn't make it in person, and they too carry his spirit with them.
FX is gone.
But the spirit lives on.
LLMs now do the busywork of finding amazing vulnerabilities for everyone willing to spend the tokens.
But hacking still isn't dead:
We haven't at all solved the underlying problems which come with writing and shipping code.
You still need to understand what you're looking at and what you are operating.
The LLM platforms themselves are a exquisite target for hacking^Wcreative use of the technology.
Now when everyone can pull a CVE or two out of thin silicon and a few kWh of electricity the art of hacking might need adopt and maybe reshape a little but at its core the mind- and skillset will stay as relevant as it always was.
In that sense: keep hacking, keep exploring, break some stuff.
Letting Gemini proof read my Claude Code vulnerability write ups. 🤡
RIP FX
We collected some texts from the community in memory of FX. You can find them here https://phenoelit.de/fx.html
Lands of Packets
TTL exceeded.
I would like to collect texts from the scene about FX in his memory. A collection of obituaries that will then be posted on phenoelit.de.
If anyone would like to contribute, please contact me.
Mail: joernchen@phenoelit.de
Signal: jrn.07
