Adam Baldwin
@evilpacket.net
Hacker / Farmer / Builder / Breaker
Prev: Code4rena, Okta, Auth0, GitHub, npm, ^lift, &yet, Symantec.
Pioneered BlindXSS & DVCS Pillaging
npm audit is my fault. More info: https://evilpacket.net
Prev: Code4rena, Okta, Auth0, GitHub, npm, ^lift, &yet, Symantec.
Pioneered BlindXSS & DVCS Pillaging
npm audit is my fault. More info: https://evilpacket.net
Pinned
Adam Baldwin
@evilpacket.net
· Jan 27
Disobey.
Half the metal🤘🏻 is up. It’s slow moving today. Let’s hope we can get the other side done in a couple hours before dark 😅
November 9, 2025 at 10:46 PM
Half the metal🤘🏻 is up. It’s slow moving today. Let’s hope we can get the other side done in a couple hours before dark 😅
Pro tip. Don’t fall off a ladder alone in the woods. Did that yesterday about 6 feet up. Missed the stump that tried to skewer me but my head hit the air compressor on the way down & then the ladder / nail gun fell on me. I got super lucky I only have minor injuries. Stay safe! ❤️
November 9, 2025 at 4:38 PM
Pro tip. Don’t fall off a ladder alone in the woods. Did that yesterday about 6 feet up. Missed the stump that tried to skewer me but my head hit the air compressor on the way down & then the ladder / nail gun fell on me. I got super lucky I only have minor injuries. Stay safe! ❤️
Reposted by Adam Baldwin
reminder that i'm matching all donations to any local food bank or panty (or hungry person's venmo, whatever) for my upcoming #cranksgiving ride
i hope SNAP gets fully funded this month but we need to feed our neighbors however we can ❤️
i hope SNAP gets fully funded this month but we need to feed our neighbors however we can ❤️
last year for #cranksgiving i bought and hauled 208lbs of food to the Tempe Community Action Agency Food Panty.
this year i have plans to add a trailer and get over 300lbs.
this year i have plans to add a trailer and get over 300lbs.
final weigh in: 208lbs!
November 6, 2025 at 9:29 PM
reminder that i'm matching all donations to any local food bank or panty (or hungry person's venmo, whatever) for my upcoming #cranksgiving ride
i hope SNAP gets fully funded this month but we need to feed our neighbors however we can ❤️
i hope SNAP gets fully funded this month but we need to feed our neighbors however we can ❤️
Reposted by Adam Baldwin
I generated 20k vibe-coded web applications using various models via the OpenRouter API and analyzed them for security issues.
The apps are available for download if anyone wants to take a look.
www.invicti.com/blog/securit...
The apps are available for download if anyone wants to take a look.
www.invicti.com/blog/securit...
Security Issues in Vibe-Coded Web Apps: Analysis, Vulnerabilities, Scanning
Learn about common security issues in AI-generated software, based on an analysis of over 20,000 vibe-coded web apps.
www.invicti.com
November 6, 2025 at 7:28 AM
I generated 20k vibe-coded web applications using various models via the OpenRouter API and analyzed them for security issues.
The apps are available for download if anyone wants to take a look.
www.invicti.com/blog/securit...
The apps are available for download if anyone wants to take a look.
www.invicti.com/blog/securit...
More info. I'll put up a blog post when I have time. bsky.app/profile/did:...
Socket paid me $50 for a bug in Socket Firewall (sfw), well $48.50 after PayPal kicked me in the shins and took my lunch money. I'll write up some details tomorrow.
October 31, 2025 at 5:29 PM
More info. I'll put up a blog post when I have time. bsky.app/profile/did:...
ACE in the .swf.config hole
As everyone here already knows the software supply chain is an absolutely tire fire so companies like Socket and others build a corpus of signals and tooling that can use at various stages of the SDLC to help fight the bs that's been going on for far too long.
As everyone here already knows the software supply chain is an absolutely tire fire so companies like Socket and others build a corpus of signals and tooling that can use at various stages of the SDLC to help fight the bs that's been going on for far too long.
an illustration of a dumpster with a fire coming out of the top
Alt: an illustration of a dumpster with a fire coming out of the top representative of the software supply chain.
media.tenor.com
October 31, 2025 at 5:24 PM
ACE in the .swf.config hole
As everyone here already knows the software supply chain is an absolutely tire fire so companies like Socket and others build a corpus of signals and tooling that can use at various stages of the SDLC to help fight the bs that's been going on for far too long.
As everyone here already knows the software supply chain is an absolutely tire fire so companies like Socket and others build a corpus of signals and tooling that can use at various stages of the SDLC to help fight the bs that's been going on for far too long.
Socket paid me $50 for a bug in Socket Firewall (sfw), well $48.50 after PayPal kicked me in the shins and took my lunch money. I'll write up some details tomorrow.
October 31, 2025 at 6:12 AM
Socket paid me $50 for a bug in Socket Firewall (sfw), well $48.50 after PayPal kicked me in the shins and took my lunch money. I'll write up some details tomorrow.
Reposted by Adam Baldwin
TLDR; The PSF has made the decision to put our community and our shared diversity, equity, and inclusion values ahead of seeking $1.5M in new revenue. Please read and share. pyfound.blogspot.com/2025/10/NSF-...
🧵
🧵
The official home of the Python Programming Language
www.python.org
October 27, 2025 at 2:47 PM
TLDR; The PSF has made the decision to put our community and our shared diversity, equity, and inclusion values ahead of seeking $1.5M in new revenue. Please read and share. pyfound.blogspot.com/2025/10/NSF-...
🧵
🧵
Productivity pro tip. Leave your phone laying outside in the yard all day.
October 28, 2025 at 12:21 AM
Productivity pro tip. Leave your phone laying outside in the yard all day.
Didn’t need that part of my glasses anyway.
October 26, 2025 at 8:05 PM
Didn’t need that part of my glasses anyway.
Reposted by Adam Baldwin
New: a $60 mod to Meta's Ray-Ban glasses disables the privacy LED light. This is supposed to light when people are filming with the glasses. We bought the mod, verified it works. Now you can never be sure whether someone wearing Meta Ray-Bans is filming you or not
www.404media.co/how-to-disab...
www.404media.co/how-to-disab...
A $60 Mod to Meta’s Ray-Bans Disables Its Privacy-Protecting Recording Light
Meta’s Ray-Ban glasses usually include an LED that lights up when the user is recording other people. One hobbyist is charging a small fee to disable that light, and has a growing list of customers ar...
www.404media.co
October 23, 2025 at 1:01 PM
New: a $60 mod to Meta's Ray-Ban glasses disables the privacy LED light. This is supposed to light when people are filming with the glasses. We bought the mod, verified it works. Now you can never be sure whether someone wearing Meta Ray-Bans is filming you or not
www.404media.co/how-to-disab...
www.404media.co/how-to-disab...
So tired of hearing
"You're absolutely right to question that!"
"You're absolutely right to question that!"
October 23, 2025 at 9:22 PM
So tired of hearing
"You're absolutely right to question that!"
"You're absolutely right to question that!"
Fun ways I've found to tell my llm to "continue" today.
Giddyup
let's fuck it up fam
Giddyup
let's fuck it up fam
October 22, 2025 at 10:55 PM
Fun ways I've found to tell my llm to "continue" today.
Giddyup
let's fuck it up fam
Giddyup
let's fuck it up fam
BINGO! I found the smoking gun!
and other llm favorites.
and other llm favorites.
October 22, 2025 at 10:52 PM
BINGO! I found the smoking gun!
and other llm favorites.
and other llm favorites.
Ive been struggling for focus lately. Took a slow day by the fire yesterday and got a decent amount done. Going to try that again. No urgency just progress.
October 22, 2025 at 3:31 PM
Ive been struggling for focus lately. Took a slow day by the fire yesterday and got a decent amount done. Going to try that again. No urgency just progress.
Reposted by Adam Baldwin
Reposted by Adam Baldwin
Reposted by Adam Baldwin
hey protesters, Remember one thing this weekend:
The cops are NOT on your side.
The cops are NOT on your side.
October 17, 2025 at 4:29 PM
hey protesters, Remember one thing this weekend:
The cops are NOT on your side.
The cops are NOT on your side.
Reposted by Adam Baldwin
New: hackers just doxed hundreds of DHS, ICE, FBI, and DOJ officials. I went through the data. In many cases does look legitimate, sometimes includes residential addresses.
“Mexican Cartels hmu [hit me up] we dropping all the doxes wheres my 1m [1 million].”
www.404media.co/hackers-dox-...
“Mexican Cartels hmu [hit me up] we dropping all the doxes wheres my 1m [1 million].”
www.404media.co/hackers-dox-...
Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials
Scattered LAPSUS$ Hunters—one of the latest amalgamations of typically young, reckless, and English-speaking hackers—posted the apparent phone numbers and addresses of hundreds of government officials...
www.404media.co
October 17, 2025 at 2:36 AM
New: hackers just doxed hundreds of DHS, ICE, FBI, and DOJ officials. I went through the data. In many cases does look legitimate, sometimes includes residential addresses.
“Mexican Cartels hmu [hit me up] we dropping all the doxes wheres my 1m [1 million].”
www.404media.co/hackers-dox-...
“Mexican Cartels hmu [hit me up] we dropping all the doxes wheres my 1m [1 million].”
www.404media.co/hackers-dox-...
Reposted by Adam Baldwin
Don't photograph anyone else at a protest either.
ProTip. Don’t photograph yourself at a protest.
Take a picture of yourself at the No Kings rally.
Print it.
Put it in a frame.
Your grandchildren will speak about you for generations to come. You took a stand against fascism. You stood up for democracy. 
Print it.
Put it in a frame.
Your grandchildren will speak about you for generations to come. You took a stand against fascism. You stood up for democracy. 
October 17, 2025 at 12:53 AM
Don't photograph anyone else at a protest either.
Reposted by Adam Baldwin
If somebody says “ah shit” and then pauses my brain immediately busts out “I got a head rush”
October 15, 2025 at 12:51 AM
If somebody says “ah shit” and then pauses my brain immediately busts out “I got a head rush”
npm install totallynotavirustrustmeimadolphin
In honor of spooky month, share a 4 word horror story that only someone in your profession would understand.
Visit Planner timed out.
Visit Planner timed out.
In honor of spooky month, share a 4 word horror story that only someone in your profession would understand.
The valve stuck open.
The valve stuck open.
October 12, 2025 at 7:52 PM
npm install totallynotavirustrustmeimadolphin
Reposted by Adam Baldwin
Nice GitHub vuln via copilot. Good thing copilot isn’t being stuffed into everything. www.legitsecurity.com/blog/camolea...
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
Get details on our discovery of a critical vulnerability in GitHub Copilot Chat.
www.legitsecurity.com
October 12, 2025 at 3:14 PM
Nice GitHub vuln via copilot. Good thing copilot isn’t being stuffed into everything. www.legitsecurity.com/blog/camolea...
Reposted by Adam Baldwin
Again, I just want to reiterate: we are in a golden age for people that want to crime. Go plan the most elaborate heist you can imagine. You'll get away with it, all the feds are otherwise occupied.
The Trump administration has ordered FBI employees in Washington, DC, to immediately search their workstations and digital media for any records pertaining to the disappearance of Amelia Earhart, a law enforcement source told CNN.
FBI employees ordered to immediately search for records related to Amelia Earhart, source says | CNN Politics
The Trump administration has ordered FBI employees in Washington, DC, to immediately search their workstations and digital media for any records pertaining to the disappearance of Amelia Earhart, a la...
www.cnn.com
October 8, 2025 at 2:43 AM
Again, I just want to reiterate: we are in a golden age for people that want to crime. Go plan the most elaborate heist you can imagine. You'll get away with it, all the feds are otherwise occupied.