Comment by 123malware321

I don't know anyone reviewing these tools that is impressed who is also someone who earns they paycheck doing bugbounties and finding actual CVE.

Generally these things only find memory corruption stuff which is almost never the type of bug you're looking for, and it costs a lot which negates your bug bounty payout.

Each time they preach, ooh, 0day found, bla bla.

In this domain you need to be specific or you are just yelling clickbait into the wind.

What type of 0day, what did the exploit actually look like.

'complex 4 stage with heap spray' - that sounds really simple actually.... complex for memory corruption goes into multi-process, maybe things between kernel/usermode, or crazy 18-20 stage exploits people pop against things like MS Teams etc....

Even if there were some cool results by any of these projects, the amount of nonsense blurted out in articles around them really makes them seem useless tools that are overmarketed by a bunch of excited children who dont really know what they are doing.

Get a dopamine hit, post on reddit, LOL. Hacking the planet (powered by Claude -_-)