Fabio Pagani
@pagabuc
Followers
905
Following
3K
Media
9
Statuses
1K
Vulnerability Research Lead @binarly_io. Prev: Postdoc @ucsantabarbara. Binary analysis, memory forensics et al. Captures flags with Shellphish and NOPS.
Italy
Joined June 2011
RT @binarly_io: Nvidia OSR (@AlexTereshkin, @Adam_pi3) reveals high-impact Supermicro BMC vulnerabilities (CVE-2024-10237/38/39). Binarly R….
0
18
0
Arbitrary write in SMM, silently patched in 2018 (!!) but still present in current firmware. Automatically discovered by @binarly_io DVA technology👇.
🚨𝗡𝗲𝘄 𝗛𝗶𝗴𝗵-𝗦𝗲𝘃𝗲𝗿𝗶𝘁𝘆 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗶𝗻 𝗔𝗠𝗜-𝗕𝗮𝘀𝗲𝗱 𝗗𝗲𝘃𝗶𝗰𝗲𝘀.Our Deep Vulnerability Analysis (DVA) technology has automatically uncovered a high-impact vulnerability (CVE-2025-33043) in the AMI MicrocodeUpdate module that's impacting the
0
3
15
RT @binarly_io: 🚨𝗡𝗲𝘄 𝗛𝗶𝗴𝗵-𝗦𝗲𝘃𝗲𝗿𝗶𝘁𝘆 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗶𝗻 𝗔𝗠𝗜-𝗕𝗮𝘀𝗲𝗱 𝗗𝗲𝘃𝗶𝗰𝗲𝘀.Our Deep Vulnerability Analysis (DVA) technology has automatically un….
0
18
0
RT @NikolajSchlej: Got an Acer SFG16-71-549T to be used a DUT for further research into Insyde H2O firmware platform:.- FlashDeviceMap hash….
0
4
0
RT @exploitsclub: Another Week, Another EXPLOITS CLUB 📰. ---.🎉 Binja giveaway: sign up to support the newsletter 🎉.---. Tesla wall charger….
0
12
0
RT @binarly_io: ⛓️💥Our latest CVE-2025-3052 discovery started with a strange UEFI module on VT. Signed in 2022, uploaded in 2024, trusted….
0
17
0
RT @NikolajSchlej: Published the third part of my blog series about Hydroph0bia (CVE-2025-4275) vulnerability, this one is about the fix as….
0
33
0
RT @binarly_io: @NikolajSchlej What’s alarming is how many devices are still vulnerable in-the-wild. Binarly telemetry data reveals the….
0
6
0
RT @binarly_io: 🔎From Hidden Semantics to Structured Insights✨. By combining static analysis techniques and tailored heuristic improvements….
0
15
0
RT @binarly_io: ⛓️We recently investigated the newly disclosed Hydroph0bia vulnerability (CVE-2025-4275 discovered by @NikolajSchlej) to pr….
0
7
0
RT @NikolajSchlej: It is extremely funny to me that Binarly and I managed to uncover two separate SecureBoot bypasses that together cover e….
0
5
0
Our research on Secure Boot keeps on giving!. Today we disclose CVE-2025-3052, a Secure Boot bypass that started with vulnerable signed module found on VirusTotal and ended with 14 hashes added to dbx by Microsoft in today’s Patch Tuesday 🔥.
🚨Binarly is documenting the discovery of CVE-2025-3052, a memory-corruption flaw in a Microsoft-signed UEFI module that lets attackers bypass Secure Boot and run unsigned code before the OS starts. 🔗 Full details: 🛡️ Advisory:
1
10
33
RT @NikolajSchlej: The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot an….
0
92
0
RT @binarly_io: Binarly REsearch is proud to build & support two @HexRaysSA IDA plugin contest winners:. 🔬 efiXplorer by @yeggorv . https://….
0
12
0
RT @binarly_io: Why do attackers love bootkits? 🔗Persistence + ♻️stealth. At the @REverseConf, Binarly REsearcher @cci_forensics shows how….
0
11
0
RT @Zardus: In case you haven't heard, we (read: @mahal0z, @AtipriyaBajaj, and the rest of the program committee) are starting a workshop a….
0
4
0
RT @xorpse: We're are happy to announce a new release of our #Rust bindings for @HexRaysSA idalib. What's new:.- New APIs for working with….
0
21
0
RT @REverseConf: The RE//verse YouTube channel is packed with talks from RE//verse 2025! Catch Takahiro’s deep dive into UEFI Bootkit Hunti….
0
32
0