Profile picture of Dodo on Security ๐Ÿ‡ต๐Ÿ‡ธ ๐Ÿ‡บ๐Ÿ‡ฆ
Published: August 27, 2025
18
32
335

How did this AI slop get a talk at the main track @ DEFCON????????? https://github.com/poppopjmp/V...

@dodo_sec I have quite a bit of vmprotect/code virtualizer experience, and what's in: https://github.com/poppopjmp/V... and https://github.com/poppopjmp/V... is nowhere near what's needed for even simple non-commercial vmprotect.

@dodo_sec Having never submitted for a DEF CON talk (I cheat and run stupid game shows to get my ass on main track stage), are you required to submit full slides ahead of time to get approved or do you just submit an abstract. I can imagine a well written abstract may seem suitably

@0xTib3rius If they submitted slides, I can't see how it'd have passed. Their "program" labels virtualized instructions with stuff like "download from URL", that level of insight from op codes alone makes no sense

@dodo_sec I like how they removed the code, as if Github didnโ€™t remember โ€ฆ. https://github.com/poppopjmp/V...

@dodo_sec Out of interest, what made it slop?

@dcuthbert The claim of emulating and devirtualizing VMP, Themida and custom virtualizers is a very tall order. All the stuff in the readme reads like AI slop, no one can get the actual code to run and the other repositories of the user are also AI nonsense, like this gem:

Image in tweet by Dodo on Security ๐Ÿ‡ต๐Ÿ‡ธ ๐Ÿ‡บ๐Ÿ‡ฆ

@dodo_sec As someone who has, through the years, sat through some shit show of talks that looked cool in the brochure (from abstract) and it just turned out to be someone running 1st year jr. Shodan queries to pass of as "scary" I can vouch for this complaint.

@dodo_sec extremely embarrassing

@dodo_sec quick, fork it so we can continue to laugh post deletion...

@dodo_sec Look too much chatgpt/claude generated code and readme

@dodo_sec A really good abstract + proper outline will probably get you a talk. Unfortunately I donโ€™t think that there is an easy way to verify all the claims of thousands of talks.

@dodo_sec Am I allowed to giggle over the phrase "dynamic taint tracking"? Or is that too childish?

@tautology0

@dodo_sec POC or GTFO. It seems Defcon is veering off target since Covid. I suspect over half the talks will be AI slop in the next two years.

@dodo_sec are they also making the world a better place https://www.youtube.com/watch?...

@dodo_sec

@dodo_sec kek

@dodo_sec Easy. No one goes to DEFCON for the talks.

Share this thread

Read on Twitter

View original thread

Navigate thread

1/19