Calif
Subscribe
Sign in
Home
Visit Calif
MAD Bugs
Archive
About
Latest
Top
Discussions
MAD Bugs: RCE in Ladybird
When Bruce told me he wanted to hack Ladybird, my first thought was: why does the monk want to find bugs in a bug?
Apr 24
7
MAD Bugs: An Apple Kernel Bug, Brought to You by Microsoft
Autonomous N-day analysis of CVE-2026-28825.
Apr 22
•
Calif
7
1
MAD Bugs: All Your Reverse Engineering Tools Are Belong to US
Ghidra, radare2, IDA Pro, and Binary Ninja Sidekick. If your tool doesn't show up here, it's not cool enough. Contact us for a free RCE.
Apr 21
7
MAD Bugs: "cat readme.txt" is not safe in iTerm2
Turning "cat readme.txt" into arbitrary code execution in iTerm2.
Apr 17
12
2
We Asked Claude to Audit Sagredo's qmail. It found a RCE.
One prompt, 101 minutes, and a working exploit against a widely deployed qmail fork.
Apr 16
•
Calif
9
Learning to Jailbreak an iPhone with Claude (Part 1)
Claude helped me take apart an iOS Safari exploit, and retune it for my Mac. It even wrote its own variant.
Apr 15
5
3
1
Codex Hacked a Samsung TV
We gave Codex a foothold. It popped a root shell.
Apr 13
•
Calif
18
2
Claude + Humans vs nginx: CVE-2026-27654
What humans still do when Claude already found the bug.
Apr 10
•
Calif
16
3
MAD Bugs: Feeding Claude Phrack Articles for Fun and Profit
tl;dr: A teammate gave Claude a Phrack article.
Apr 9
5
MAD Bugs: Claude Found an Auth Bypass in NSA's Ghidra Server
This bug may resemble a backdoor in effect, but there’s no evidence it was intentional. Really.
Apr 8
•
Calif
8
1
MAD Bugs: Discovering a 0-Day in Zero Day
Here’s how I used Claude to find and patch a radare2 0-day on my first day at Calif.
Apr 8
•
Calif
13
1
March 2026
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI.
Mar 31
•
Calif
18
4
1
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts
