I reverse engineered the San Francisco parking ticket system. I can see every ticket seconds after it's written So I made a website. Find My Friends? AVOID THE PARKING COPS.

Looking for a PostDoc, a PhD, and 3-6mth interns as part of my ERC project. Homepage: https://t.co/fPr9gVYYIK Böhme Lab: https://t.co/TLd4TstfJF Reach out if you find this interesting. 👇

I have released the first half of "Binary Exploitation 101", a beginner-friendly guide to binary exploitation. You can learn from classic buffer overflow to ret2dlresolve through CTF-like challenges. I am working on the second half now. Stay tuned🔥 https://t.co/Oy4P8l4plk

@TheOfficialACM Council has reaffirmed yesterday that all ACM publications and related research artifacts in the ACM Digital Library (@ACMDL) will be fully openly available after 1-1-2026. Computing science material of the highest quality freely available to all! #OpenAccess

Instead of scanning for unpatched CVEs, find the next CVE there's no patch for yet 😉 In "From Day Zero to Zero Day", I explain how to level up your offensive security game with vulnerability research. Understanding the purpose of your work changes the way you pick targets,

Okay so this is HUGE - our amazing AI red team have open sourced their AI red team labs so you can set up your own training! https://t.co/brvdq6roHp @ram_ssk

🔐 Frontier AI is reshaping cybersecurity, raising critical new questions: 🔍 What is its current impact? ⚖️ Who stands to benefit more—attackers or defenders? 🛡️ How can we mitigate the risks? Addressing these challenges requires coordinated efforts across AI & security

I wrote a post on how to connect with people (i.e., make friends) at CS conferences. These events can be intimidating so here's some suggestions on how to navigate them I'm late for #ICLR2025 #NAACL2025, but just in time for #AISTATS2025 and timely for #ICML2025 acceptances! 1/4

Just won CCDC :)

Omg, we are the champion!!! @UCIrvine @UCIbrenICS @cyber_uci @UCI_Cyber

This is Dean Valentin, founder of ZeroPath, an AI vulnerability research company, exploring the disappointing difference between the outstanding performance of LLMs on benchmarks and their (+other founders') experience with LLMs for vuln. discovery. https://t.co/icjNThu8Lv

I sent a message to my PhD students and postdocs at @Princeton a couple of weeks ago regarding freezes/cuts to federal research funding (this was before the freeze on federal funding to Princeton). I am sharing it here in case others find it helpful in having similar

I am hiring a ✨ Postdoc in Software Engineering ✨ at UC Irvine! Focus on AI and/or Developer Experience. ☀️Join a top research team in sunny SoCal! 📍 2-year full-time 🔗 Apply: https://t.co/QpzyvRsEIt #Postdoc #SoftwareEngineering #icseconf @icse2025

Just built an MCP for Ghidra. Now basically any LLM (Claude, Gemini, local...) can Reverse Engineer malware for you. With the right prompting, it automates a *ton* of tedious tasks. One-shot markups of entire binaries with just a click. Open source, on Github now.

My slides from today's talk about Static Program Analysis. I go into how data flow analysis (like taint propagation in CodeQL) works from first principles - should be digestible with some first-year university maths knowledge https://t.co/lgvdS7BySo

You can take a look at the lectures tab for all the readings I think are important per topic. The student led projects are pretty cool and those will be posted on the website soon as well! https://t.co/irybZghyQJ

We are thrilled to share our work on IRIS, an LLM-assisted static analysis framework to detect security vulnerabilities, which will appear at ICLR’25! A collaboration between Penn (Mayur Naik @AI4Code and Ziyang Li @_ziyang_) and Cornell (Saikat Dutta). A thread… [1/n]

Reflections on (somewhat inevitable) dysfunction, or how security teams fail:

Why everyone naming their cat miso mochi and matcha but not lao gan ma