New bug I've reported: CVE-2025-52194 - IRCAM File Processing Buffer Overflow in LibSndfile. Write-up:

I'm quite happy to share that Apple have published a vulnerability I have reported. This vulnerability affects multiple MacOS versions and affects the program `file`. First bug in Apple product 🥳

Join millions who have switched to Grok.

RT @C5pider: Introducing Havoc Professional: A Lethal Presence. We’re excited to share a first look at Havoc Professional, a next-generatio….

Joining @rektoff_xyz bootcamp about Solana Rust Security! Really thrilled and thankful to start this one :D

Releasing this fun tool Golem based on @0xdea, LLVM, LLM and @semgrep . Golem automates C/C++ vulnerability discovery by combining Semgrep rule scans, LLVM call-graph & CFG slicing, and AI-driven context analysis. Tool: Article:

turns out running thing on server and locally are not the same, who would have guess???.

Note: It's a BETA, it's vibe coded A LOT, it doesnt handle any sensitive info, please report bugs if you find some (you will) thanks kiss kiss.

Just launched Code Auditor CTF — A web platform to practice finding real-world C/C++ vulnerabilities.• 8000+ challenges.• Progress tracking + leaderboard.• Beginner-friendly.• Fully open source (beta):

Write-up of my v8 bug: Critical type confusion in V8's Turboshaft compiler allowed stale pointers to bypass GC, leading to exploitable memory corruption. Full details + PoC:

I wrote a comprehensive guide on harnessing libraries for effective fuzzing with AFL++ ! . Have a look =>

✨️ Happy new year hackers! ✨️.

Going to #38c3 was on my wishlist for MANY years. I am extremely happy to have been able to attend this super fun con for the first time, I've watch many great talks, met a bunch of really cool nerds and loved the hacking atmosphere! ✨️

🥳CVE-2024-53589: I discovered a heap buffer-overflow vulnerability in objdump affecting version 2.43, during a fuzzing campaign with.@aflplusplus. More details:

Following 7zip 24.08 release, @thezdi disclosed yesterday my vulnerability in 7zip 24.07: CopyCoder Infinite Loop Denial-of-Service Vulnerability - CVE-2024-11612. I found this vulnerability last summer during a fuzzing campaign with @aflplusplus .

My talk at lehack! Hacking satellites from SDR to RCE.

It was a fantastic experience giving a talk about automated vulnerability research for SANS today. Grateful for this opportunity, very happy to meet all the other fantastic speakers there.

Really proud! My vulnerability in Chrome v8 has been disclosed today! CVE-2024-6773 Type confusion in the v8 engine.

@_leHACK_ Thanks to all the persons that attended the conference, to leHack's team for putting this amazing event together, and to my friends for coming supporting me.

It's a wrap! Yesterday I was presenting my first public talk at @_leHACK_ : Hacking Satellites from SDR to RCE. You can find the slides (and all the funny things) here:

Join meet at @_leHACK_ for my talk: Hacking satellites: From SDR to RCE. 👾.