da_667
da_667@Viss@mastodon.social But then the hiring process was dragging on and the choice was "Warm body in the intern's seat, or nobody at all." and we choose to settle with someone being in the chair.
da_667@Viss@mastodon.social in retrospect, if I had any notion that he was padding his resume so heavily, I would've settled for nothing, and yet, here we are.
da_667@Viss@mastodon.social So I do wanna address this, because yes, you're absolutely right. The first three candidates, me another one of my co-workers, whom I respect very much both began comparing their answers to chatgpt and copilot AI output.
We both noticed that , aside from changing a few things around, and changing the order or some output, it was very close to the AI's output. And for the first two rounds of resumes (that is, three resumes were considered a single round), we flat-out rejected candidates who we knew from analysis were just using AI.
da_667@Viss@mastodon.social But then the hiring process was dragging on and the choice was "Warm body in the intern's seat, or nobody at all." and we choose to settle with someone being in the chair.
da_667Now, I'm not doing this to be a bully, but I'm going to just note that this fella stated he was knowledgable about Snort, Suricata, Regular expressions, Vulnerability Management, Wireshark, and tcpdump.
I wanna remind you, that I gave him a quick tutorial blog post on how to generate pcaps from a proof of concept exploit. and that his resume says he is competent in this skillset.
https://community.emergingthreats.net/t/come-sail-the-cves-part-2-turning-data-into-rules/2751
My boy took four hours to tell me that his pcap was empty and had nothing int it. So I ask 'em. what is the command you're using?
he copies it to me. The -i option is reserved for the interface you want to sniff packets on. I have not a single clue why, but his -i switch was an IP address.
da_667I demo using ip -br a to briefly list the network interfaces in one's VM. And show how how to figure out which is which. According to the IP address next to it, and by process of elimination. He generates a pcap.
Then he generates rules. Plural. For a directory traversal attack. Both rules trigger alerts, but neither rule actually detects the directory traversal attack. I even gave him the regex string we typically use for catching directory traversal attempts, because it's kind of complex, but it's extremely effective.pcre:"/^[^\x26]*?(?:(?:\x2e|%2[Ee]){1,2}(?:\x2f|\x5c|%5[Cc]|%2[Ff]){1,}){2,}/R";
In laymans' terms this reads: "IMMEDIATELY after the previous content match, (^, /R flag), look for one to two period characters, at least one forward (/) or backslash (\), in either plain format, OR url-encoded, and find this entire pattern at least twice."
No where in either rule was the regex I gave him a hint that he should definitely use is in either rule. No, he focused on the curl user-agent, and the fact that python3's http.server module throws a 501 error and doesn't support POST requests when I told him, straight up, we do not care what the server responds with, we just wanna see what the exploit looks like being throw at a server.
da_667Y'all, I'm starting to worry for this intern we got.
This dude claims to have worked at akamai for three years, but can't generate a pcap for a directory traversal proof of concept that is as basic as can be.
I'm doing my best to keep an open mind, because there was a time when we were all noobs, but I have some concerns.
da_667Now, I'm not doing this to be a bully, but I'm going to just note that this fella stated he was knowledgable about Snort, Suricata, Regular expressions, Vulnerability Management, Wireshark, and tcpdump.
I wanna remind you, that I gave him a quick tutorial blog post on how to generate pcaps from a proof of concept exploit. and that his resume says he is competent in this skillset.
https://community.emergingthreats.net/t/come-sail-the-cves-part-2-turning-data-into-rules/2751
My boy took four hours to tell me that his pcap was empty and had nothing int it. So I ask 'em. what is the command you're using?
he copies it to me. The -i option is reserved for the interface you want to sniff packets on. I have not a single clue why, but his -i switch was an IP address.
da_667
da_667I read about Windsurf a little more, and its some sort of a programming IDE where you can just shout JESUS TAKE THE WHEEL and the ai will write things that look important.
da_667an accurate assessment of AI-driven IDEs.
da_667Either that or just reply-all with Malware tech's blog post on why AI is just dogshit. https://malwaretech.com/2025/08/every-reason-why-i-hate-ai.html
da_667I read about Windsurf a little more, and its some sort of a programming IDE where you can just shout JESUS TAKE THE WHEEL and the ai will write things that look important.
da_667So uh. my company bought into some AI shit called windsurf as a part of a "AI-first development approach". I googled windsurf, and these were the news stories on the front page.
The workers are getting cut and overworked
The CEO left
They were planning on getting absorbed by OpenAI
I don't even write code outside of utility scripts to help automate bits of rule writing. I'm half tempted to respond to the teams meeting emails with just "no thanks."
da_667Either that or just reply-all with Malware tech's blog post on why AI is just dogshit. https://malwaretech.com/2025/08/every-reason-why-i-hate-ai.html
da_667So uh. my company bought into some AI shit called windsurf as a part of a "AI-first development approach". I googled windsurf, and these were the news stories on the front page.
The workers are getting cut and overworked
The CEO left
They were planning on getting absorbed by OpenAI
I don't even write code outside of utility scripts to help automate bits of rule writing. I'm half tempted to respond to the teams meeting emails with just "no thanks."
da_667go on, fuckin' do it.