I know FreeBSD gets a lot of criticism these days, but it’s still a great operating system. I believe in its philosophy and have a lot of respect for the competence of the people involved in the project.

My first real kernel exploit targeted the sysret bug on Intel CPUs (the vulnerability discovered by Rafal Wojtczuk). After that, I wrote another exploit for a vulnerability in FreeBSD’s Linux compatibility layer.

I started with FreeBSD around 2008–2010 while working as a sysadmin at a local ISP. Around that time, I began writing a FreeBSD rootkit just to understand how everything worked. In 2012, I wrote two kernel exploits for it.

I remembered Joseph Kong today. His books basically guided me through the kernel and practically launched my career as a security researcher.

Allele Security Intelligence - A brief analysis of a vulnerability in the glibc (CVE-2025-4802) In this publication, we present a succinct analysis of the vulnerability CVE-2025-4802, which affects the GNU project’s implementation of libc, GLIBC.

Check out the blog post for a brief analysis of CVE-2025-4802.

allelesecurity.com/libc-vuln-an...

Furthermore, it demonstrates how a small oversight in the static glibc code allowed arbitrary libraries to be loaded into privileged code. Do you know the crucial role of the auxiliary vector? Or the main differences between dynamically and statically compiled binaries?

We chose a vulnerability in glibc (CVE-2025-4802) to teach students registered in our binary exploitation training the importance of the libc, loader, dynamic linker, and the kernel in making the execution of a modern Linux binary possible.

The peril of laziness lost bcantrill.dtrace.org/2026/04/12/t...

Treinamento de Exploração de Vulnerabilidades no Espaço do Usuário (Linux Binary Exploitation) - Maio 2026 Treinamento de Exploração de Vulnerabilidades no Espaço do Usuário (Linux Binary Exploitation) - Maio 2026

Treinamento de Exploração de Vulnerabilidades no Espaço do Usuário (Linux Binary Exploitation) – Maio 2026

allelesecurity.com.br/treinamento-...

Resta pouco mais de um mês para o início do treinamento de exploração de vulnerabilidades em binários que estarei ministrando online.

O treinamento será do dia 04 a 28 de maio e estamos com as últimas vagas disponíveis.

Gostaria de saber mais sobre carreiras em vulnerability research? Quer aprender detalhes sobre o Linux que provavelmente ninguém te contará? Quer aprender mais sobre segurança defensiva e ofensiva com um profissional experiente? Esta é a sua oportunidade!

[PATCH v2 0/3] x86/fred: enable FRED by default

lore.kernel.org/all/20260325...

To spy, or not to spy: Canadian government consideration of a foreign intelligence agency, 1945–2007 Unlike most of its key allies, the Canadian government has not created a foreign intelligence agency to spy abroad using human sources. Newly-available archival records for the first time furnish i...

To spy, or not to spy: Canadian government consideration of a foreign intelligence agency, 1945–2007

www.tandfonline.com/doi/full/10....

Threat Hunter Greg Linares on the modern ransomware playbook (Presented by TLPBLACK - High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware ...

Threat Hunter Greg Linares on the modern ransomware playbook

securityconversations.fireside.fm/greg-linares...

81: From Zero to Polish: Building Meta Ray-Ban Display

insidefacebookmobile.libsyn.com/81-from-zero...

FES 41: Lean e Verificação de Software com Leonardo de Moura (AWS)

creators.spotify.com/pod/profile/...

Interview with Professor Leonardo de Moura, Creator of Lean Programming Language

creators.spotify.com/pod/profile/...

Good easy long run today. Mostly Z1 and 3.5 podcast episodes.

That post from @amatcama has stuck with me and hasn't left my mind.

I'm glad to have finally settled the matter (for now), thanks to solid arguments from knowledgeable people like David Bessis, Nassim Taleb, Sean McClure, and many others.

Even smart people I know personally hold the belief that they could never do something important like the stars in our field.

In my friends' circle, and I believe this is fairly common in Brazil, people are strong believers in the idea that genetics are the only thing that matters. It's very easy to hear someone say, "I wasn't born for it." They give up so easily!

I've argued about this with friends for almost my entire life. Back then, I didn't have the foundational knowledge I have today, and I can't trace the sources of my earlier arguments. But I never accepted that I couldn't do serious work in vulnerability research just because I wasn't "born for it."

Beyond nature and nurture How mathematics changed my view on talent

Beyond nature and nurture

How mathematics changed my view on talent

davidbessis.substack.com/p/beyond-nat...

Announcing Systing 1.0

josefbacik.github.io/kernel/systi...

Is it normal for an iPhone’s analytics data to be wiped out?

[v2,0/5] Additions to "save" command
patchwork.sourceware.org/project/gdb/...

GDB will now have a save history command to save the command history to a file whenever you want.

This is cool as I usually need to manually copy-paste commands anyway because GDB tends to crash during my debugging sessions.

EP19 The Art of Deconstructing Problems: Tools, Tactics, and the ScatterBrain Obfuscator with Nino Isakovic
podcasts.apple.com/br/podcast/b...

ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator
cloud.google.com/blog/topics/...

The patch series had a fatal issue. The discussion here is interesting.

[GIT PULL] kmalloc_obj treewide refactor for v7.0-rc1
lore.kernel.org/all/20260221...

clang.llvm.org/docs/Languag...

How the Intel 8087 FPU Knows Which Instructions to Execute Hackaday Article

How the Intel 8087 FPU Knows Which Instructions to Execute

Bug in Clang noticed by Kees Cook while working on kmalloc() to kmalloc_obj() conversion.

git.kernel.org/pub/scm/linu...