Published my OFFZONE 2025 presentation slides (in Russian) on GitHub: https://t.co/xoPNdCgKv8 Had a great time at the conf, kudos to https://t.co/JH7qp0fcCW and other sponsors and crew members for organizing and running it.

🔍 Full paper: 📄 https://t.co/DqAeEiBzhr 💻 https://t.co/wvliSHIDvx (coming soon) 📢 USENIX Security 2025 Authors: @hdtuanss , @ohtaekk_ , @cheoljun_p, @insu_yun , @yongdaek #LLFuzz #BasebandSecurity #Fuzzing #CyberSecurity #USENIXSecurity

ZeroNights CFP is open 🔥 Long time no see. ZN will take place on Nov 26, 2025 https://t.co/eU1fKt0H0V The program committee is accepting talks in Offensive and SecOps tracks, rewarding exclusive in-person presentations Submit https://t.co/jsjBKJ1wJI @cfptime

Published the third part of my blog series about Hydroph0bia (CVE-2025-4275) vulnerability, this one is about the fix as Insyde applied it, and my thoughts on improvements for it. https://t.co/vEIkUNH3Ey

Preliminary analysis shows that Insyde fixed Hydroph0bia (CVE-2025-4275) by forcefully removing the NVRAM vars that lead to exploitation during SecureFlashDxe driver startup, and setting a restrictive variable policy for them, so such vars can't be set from the OS anymore.

Published, go check it out, it is a fun ride indeed: https://t.co/nkk0WkIzFt Part 3 will be done when I see how Insyde fixed the vulnerability and if we could do something about that fix.

🚨Binarly is documenting the discovery of CVE-2025-3052, a memory-corruption flaw in a Microsoft-signed UEFI module that lets attackers bypass Secure Boot and run unsigned code before the OS starts. 🔗 Full details: https://t.co/bnojn8RmsV 🛡️ Advisory: https://t.co/0D3CozbyPu

The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup:

Together with @AlexTereshkin we managed to summarize NVIDIA Offensive Security Research (OSR) work on breaking BMC (reference to our DefCon talk https://t.co/4VBhcLhcUa). This blog post also includes a link to the full paper.

If for some reason #semgrep doesn’t fit your use case, here’s a port of my C vulnerability research ruleset to #weggli: https://t.co/xeiK9oqvL3 Read the linked blog post and check it out!

We're are happy to announce a new release of our #Rust bindings for @HexRaysSA idalib. What's new: - New APIs for working with IDBs, segments, and more - Rust 2024 support - New homepage: https://t.co/m3dJuKWdfr H/T to our contributors @yeggorv & @0xdea https://t.co/BVvdGP1L7X

Gave a talk on external fuzzing of Linux kernel USB drivers with syzkaller at SAFACon by @SAFATeamGmbH. Includes a demonstration of how to rediscover CVE-2024-53104, an out-of-bounds bug in the USB Video Class driver. Slides: https://t.co/ca479wDoRV

UEFITool / UEFIExtract / UEFIFind NE A71 - added Kaitai-based parser for Dell DVAR varstores - added tracking of recently opened files - macOS built of UEFITool is now developer-signed - fixed a bunch of minor issues https://t.co/wvQXmMiZZB

Slides of my talk at #Zer0Con2025! ⚡️ Kernel-Hack-Drill: Environment For Developing Linux Kernel Exploits ⚡️ I presented the kernel-hack-drill open-source project and showed how it helped me to exploit CVE-2024-50264 in the Linux kernel. Enjoy! https://t.co/84DqT4rdvm

Apple’s Darwin OS and XNU Kernel Deep Dive

The new blog post on supervisor shadow stack restrictions / supervisor shadow-stack control https://t.co/YPVai772Zt

My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp - https://t.co/H4m8MBwoWN

Worth a read. A lot of conference talks have a lot less content than this blog post.

UEFITool NE A70 (and companion tools) is the first release to have all NVRAM parsers generated from KaitaiStruct definitions, replacing hand-crafted ones that are proven to be buggy and hard to maintain. Hope the new ones will behave. Do report new bugs! https://t.co/DwvZgnGDXc

Hey there, Finally published the article on the exploit for CVE-2025-21333-POC exploit. Here the link to the article: