Author | Lightnews

Calle Svensson @zetatwo.bsky.social · 6d

Finally managed to sit down this weekend and finish #flareon12. The last one was a bit of a struggle and I made a lot of mistakes but got there in the end. Thanks a lot Nick Harbour and team for another successful edition. Looking forward to write-ups.

Screenshot of the FlareOn challenge page showing that I completed this years challenge and got 156th place.

3

Calle Svensson @zetatwo.bsky.social · 14d

I needed a bit more oomph for #flareon12 challenge 9.

A cropped screenshot from the AWS EC2 console showing an instance of type m7i.24xlarge, a 96 core VM

Calle Svensson @zetatwo.bsky.social · 15d

Mark published some really nice analysis of the @livectf.bsky.social AI solves, check it out!

Mark Griffin @seeinglogic.bsky.social · 24d

Finally ran my own experiment on 2 LiveCTF challenges after seeing an AI bot beat top players on them.

Granted, these are the 2 we saw AI solve, but I was still surprised by the success of current models with a single prompt.

Sharing so others can try it themselves: seeinglogic.com/posts/livect...

The Beast Opens its Eye: AI at LiveCTF 2025

In the most recent LiveCTF event, we witnessed a turning point: a player brought a custom AI bot that beat both human competitors to the punch… and in the two matches that the bot won, it wasn’t even ...

seeinglogic.com

1

Calle Svensson @zetatwo.bsky.social · 18d

In case you haven't tried it yet: Time-Travel Debugging + @binary.ninja Binary Ninja integration is such a ridiculously powerful reverse engineering method.

1

Calle Svensson @zetatwo.bsky.social · 21d

Come check out the latest issue containing my article on crypto code obfuscation and lots of other great entries!

Paged Out! @pagedout.bsky.social · 21d

pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!

Please please please share to spread the news - thank you!

Calle Svensson @zetatwo.bsky.social · Sep 3

Algorithmic predictions can be good or bad, just like human. You still have to do it well, not just do it. Fortunately for us, it seems that we are doing pretty well.

1

Calle Svensson @zetatwo.bsky.social · Sep 3

We're hiring! Specifically we're looking for a software engineer for our finance technology team for our office in London. Read more: www.xtxmarkets.com/job/?role=So... AMA about the company, living in London, etc.

Job Description | XTX Markets

XTX Markets is a leading algorithmic trading firm which uses state-of-the-art machine learning technology to produce price forecasts for over 50,000 financial instruments across equities, fixed income...

www.xtxmarkets.com

1

Calle Svensson @zetatwo.bsky.social · Aug 22

Fantastic article! Just a few months ago, I actually asked a large group of security professionals what the current up-to-date recommendation for this what. Sadly their responses varied mostly from "uh, idk" to "I still recommend CSRF tokens".

Very nice to have a clear, well reasoned reference.

Filippo Valsorda @filippo.abyssdomain.expert · Aug 13

I edited my Cross-Site Request Forgery countermeasures research into a stand-alone article, including recommendations reusable by other projects.

tl;dr: no need for tokens or keys, modern browsers tell you if a request is cross-origin!

words.filippo.io/csrf

Cross-Site Request Forgery

Cross-Site Request Forgery countermeasures can be greatly simplified using request metadata provided by modern browsers.

words.filippo.io

1

Calle Svensson @zetatwo.bsky.social · Aug 7

Next time I visit I will time it so you are not away. :)

1

Calle Svensson @zetatwo.bsky.social · Aug 6

I'm kinda tired of restaurants having 100 options and customisations, etc. I want to go to a 0 choice restaurant. I tell them that I'm allergic to peanuts and don't drink alcohol and then I just get served something. Would be amazing.

1 3

Calle Svensson @zetatwo.bsky.social · Aug 6

a man in a hood says " goooooo " in front of him

ALT: a man in a hood says " goooooo " in front of him

media.tenor.com

2

Calle Svensson @zetatwo.bsky.social · Aug 5

Haven't listened to Yungblud before but got introduced to Zombie (via Anthony Vincent) and OMG, listening to that song is like being transported back to being 17. Absolutely beautiful video as well.

Calle Svensson @zetatwo.bsky.social · Jul 16

120Hz, Pixel 9 Pro, no battery saver

Calle Svensson @zetatwo.bsky.social · Jun 22

After 1400 days I'm dropping my German Duolingo streak. It definitely helped me with the basics while I lived in Switzerland but that motivation is now gone. On to learning other things instead.

Screenshot from the Duolingo app showing a 1400 days learning streak and the mascot, Duo in a phoenix-like form.

1 2

Reposted by Calle Svensson

Mark Griffin @seeinglogic.bsky.social · Jun 20

Had a great time talking with @zardus.bsky.social about getting started in cybersecurity: www.youtube.com/watch?v=n9QW...

Primary thrust: Try something that interests you, then keep trying things.

Every time, you'll either succeed, learn something, or meet new people, and this builds over time.

seeinglogic and zardus talk about getting into the cybersecurity industry

YouTube video by pwn.college

www.youtube.com

1 1

Calle Svensson @zetatwo.bsky.social · Jun 20

Come join me in the infosec team at XTX Markets! We're hiring for a Security Analyst with focus on compliance to our office in Singapore: www.xtxmarkets.com/job/?id=6616...

Job Description | XTX Markets

XTX Markets is a leading algorithmic trading firm which uses state-of-the-art machine learning technology to produce price forecasts for over 50,000 financial instruments across equities, fixed income...

www.xtxmarkets.com

Calle Svensson @zetatwo.bsky.social · Jun 16

I'm still getting weird DMs because of that one PS Portal post over a year ago so I certainly don't envy you. Keep up the great work though, really inspiring to see. :)

2

Calle Svensson @zetatwo.bsky.social · Jun 11

Does anyone have recommendations for any high quality discussion groups or communities for defensive security? Security engineering, detection engineering, DFIR, etc? Feels like there's an abundance of offense but not so much other stuff.

1 1

Calle Svensson @zetatwo.bsky.social · Jun 5

Saw @gianmarcosoresi.bsky.social (and Liam Nelson) tonight and now like half the muscles in my body hurt from laughing. Thanks for a fantastic performance!

Calle Svensson @zetatwo.bsky.social · Jun 5

Took a very long time for me to realize that it's firmware because it's between hardware and software.

1 3

Calle Svensson @zetatwo.bsky.social · Jun 5

Oh wow! Great job!

5

Calle Svensson @zetatwo.bsky.social · Jun 3

It definitely wasn't a thing in Sweden in the 90s and I haven't heard about anyone in Europe playing it growing up. AFAIK it was not translated so kids in most countries wouldn't be able to play it. It is however part of what we pick up about American culture from movies, etc. so we are aware of it.

1

Calle Svensson @zetatwo.bsky.social · Jun 3

hi-vis vest, gives credibility to any activity.

1 11

Calle Svensson @zetatwo.bsky.social · Jun 2

DIY hack: Attach an extension to the tap handle so that it's longer. This will give you more fine-grained control when tilting it.

1

Reposted by Calle Svensson

David Buchanan @retr0.id · May 11

Stop Saying "Responsible Disclosure"

www.da.vidbuchanan.co.uk/blog/respons...

Stop Saying "Responsible Disclosure" | Blog

www.da.vidbuchanan.co.uk

3 12 59