From KernelSnitch to Practical msg_msg/pipe_buffer Heap KASLR Leaks
Article by Lukas Maar about evaluating the KernelSnitch timing side-channel attack on a variety of systems, including Android.
lukasmaar.github.io/posts/heap-k...
The recording of my talk "Challenges in Decompilation and Reverse Engineering of CUDA-based Kernels" at @re-verse.io is now online!
Recording: www.youtube.com/watch?v=ns5j...
Slides: nicolo.dev/files/pdf/re...
Binary Ninja plugin: github.com/seekbytes/pt...
A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets
Excellent article by Quang Le about exploiting CVE-2025-38617 — a race condition that leads to a use-after-free in the packet sockets implementation.
blog.calif.io/p/a-race-wit...
ICYMI, @synacktiv.com's Pwn2Own walkthrough, exploiting a Tesla Wall via the charging port is a good Friday read.
After a firmware downgrade, they found a debug shell via the access point used during setup, ultimately using this to gain EIP.
www.synacktiv.com/en/publicati...
Everyone needs to see this once in awhile.
"Fuzz Introspector: enabling rapid fuzz introspection tool development" -- a new blog post on Fuzz Introspector and how it is moving into supporting analysis as a pure python library. #fuzzing #program-analysis See the blog post: adalogics.com/blog/fuzz-in...
aischolar.0x434b.dev Pretty cool project by @434b.bsky.social: A neat web interface to explore security (and in particular: Fuzzing) papers with AI summaries. Seems super useful to get/stay up to date with recent papers :)
Our paper on efficient automated exploit generation has been accepted to USENIX Security '25.
The gist: instead of generating individual attacks, we synthesise the whole *programming language* that expresses many exploits and guarantees their realisability.
Paper: ilyasergey.net/assets/pdf/p...
A Brief JavaScriptCore RCE Story:
qriousec.github.io/post/jsc-uni...
#cybersecurity #informationsecurity #rce #javascript #vulnerability
🥳📰 Very happy and proud that our paper on finding backdoors with fuzzing was accepted at the main track of @icseconf.bsky.social!
More details to follow soon 🙂
Congratulations and thank you to my students Dimitri Kokkonis and Emilien Decoux and co-supervisor Stefano Zacchiroli!
Futex is an under-appreciated Linux system call that backs almost everything you do that involves concurrency behind the scenes. HuguesEvrard and I wrote a paper on using model checking to analyse futex-based concurrency primitives. Check it out! doc.ic.ac.uk/~afd/papers/...
2024 is almost done, so here’s a thread on my 5 favorite fuzzing papers published this year. In no particular order…🧵
Exploiting a use-after-free vulnerability in the afd.sys Windows driver (CVE-2024-38193)
blog.exodusintel.com/2024/12/02/
Credits Luca Ginex
#windows #infosec
This awesome fuzzing blog post by @r00tkitsmm.bsky.social covers a super reliable macOS kernel binary rewriting to instrument any KEXT or XNU at BB or edge level. Mandatory reading for anyone interested in fuzzing whether you use MacOS or not. So many good system internals and fuzzing references!
