Just discovered 10 memory corruption vulnerabilities in the popular Mongoose Web Server (11k stars on GitHub) by fuzzing its embedded TLS stack protocol with @aflplusplus. More technical details here: https://t.co/AzK6USwACO

[Research] Address Sanitizer: Part1 (EN) https://t.co/wm8JJ5TI0I In this research post, I take a closer look at Address Sanitizer (ASan), focusing on how it detects memory errors at runtime. The article covers core concepts such as shadow memory, redzones and how to interpret

My curated awesome list of cybersecurity research, RE material, exploitation write-ups, and tools. https://t.co/6YgCLKcdUH #infosec

Qualcomm USB Kernel Drivers https://t.co/6ymrfuAEKq

For the embedded security enthusiast, here’s a list of resources of vuln researchers inspecting the TP-Link security camera(s): >By @evilsocket : TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy in the Era of AI Assisted Reverse Engineering :

It's live

How was a single heap overflow in an Audible parser enough to compromise an Amazon account? Find out in our latest blog post, in which we break down the Kindle vulnerabilities we reported earlier this year. https://t.co/v524qgdJca

New RE Video - more iOS Spyware: https://t.co/aEcuAqOh0A An old sample (2019) but still fun to reverse engineer tied to PoisonCarp. I focus on how the embedded implant is extracted, executed, and how the implant sends data to C2. Also use Jonathan Levin's awesome disarm tool :)

In a new video, Nicolò Fornari walks through how to fuzz with AFL++, how to pick targets, avoid common pitfalls, and boost effectiveness. Find performance tips, fuzzing theory, and AFL++ internals. https://t.co/S21LcYIUJZ #security #fuzzing #AFLplusplus #appsec

"From Zero to QEMU: A journey into system emulation" (slide deck) https://t.co/bYgH3zq83f Credits Antonio Nappa #infosec #qemu

A beautiful, fast, and feature-rich terminal-based Excel and CSV viewer built with Go. #golang https://t.co/EEK33YnS56

🦀 Building an LLM From Scratch in Rust Want to really understand how LLMs work under the hood? Start at the foundation: a complete GPT-2 style transformer. https://t.co/qpsi9QN6RV #rust #rustlang

Tutorial LD_PRELOAD TLS cert bypass for embedded security research by @f0rw4rd_at https://t.co/Nr4YgZZFBL #infosec

stop using ubuntu 24.04 to host your kernel pwn challenges lmao https://t.co/uCCNthelDn

Will you be able to exploit a 13-year-old vulnerability on QEMU'S TCG and become root? https://t.co/xE21e2T9ZH Hit us up in dm if you make progress!

Direct kernel object manipulation (DKOM) attacks on ETW providers. TL;DR: This blog post analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. IBM Post: https://t.co/i9X2NfWYjp

VR things I wish I knew about sooner! https://t.co/FICTguRTGy

Just released🎉 Remote GUI debugger for Reverse Engineering. https://t.co/rqRo28k253

My pet project kernel-build-containers now supports the Podman container engine in addition to Docker📦 You can use this project to build the Linux kernel with many different compilers. It's a nice solution for the toolchain hell🔥 problem. Enjoy! https://t.co/pYJLtr9Gmx

We’re open-sourcing pwno-backend - our previous production backend architecture, that covers up from uploading a binary to k8s ingress that went through a literation of six months, as Pwno heading to new direction. https://t.co/W0TTiWVX7e

Hello hackers! We're running a study about fuzz harnessing on https://t.co/yjFhiLYJXt! Go learn a bit about fuzzing and get a gift card at the same time :-) This is the first of hopefully some more material around the topic in the next few months, so stay tuned for that as well!