dmnk
@dmnk.bsky.social
【DΞCOMPILΞ NΣVΞR】
Android Red Team @google
Fuzzing @aflplusplus.bsky.social
CTF @enoflag
(opinions my own)
Android Red Team @google
Fuzzing @aflplusplus.bsky.social
CTF @enoflag
(opinions my own)
Reposted by dmnk
there's vomit stderr already, claude's spaghetti
he's nervous, but assures it's production ready
he's nervous, but assures it's production ready
December 24, 2025 at 11:04 AM
there's vomit stderr already, claude's spaghetti
he's nervous, but assures it's production ready
he's nervous, but assures it's production ready
Reposted by dmnk
Are you a security researcher or journalist? We want to hear from you — please take this survey!
Dissent Doe at DataBreaches.net, and yours truly at this.weekinsecurity.com, are running this survey to explore the state of legal demands and criminal threats in cybersecurity.
Dissent Doe at DataBreaches.net, and yours truly at this.weekinsecurity.com, are running this survey to explore the state of legal demands and criminal threats in cybersecurity.
Survey about legal and criminal threats experienced by journalists and security researchers
Researchers who try to responsibly disclose leaks, vulnerabilities, and other security breaches or mishaps may face legal threats or lawsuits. Similarly, journalists may find themselves threatened wit...
forms.gle
December 20, 2025 at 2:32 PM
Are you a security researcher or journalist? We want to hear from you — please take this survey!
Dissent Doe at DataBreaches.net, and yours truly at this.weekinsecurity.com, are running this survey to explore the state of legal demands and criminal threats in cybersecurity.
Dissent Doe at DataBreaches.net, and yours truly at this.weekinsecurity.com, are running this survey to explore the state of legal demands and criminal threats in cybersecurity.
Phone network in Germany is great. Crossing over from Switzerland I get 5 bars of EDGE instead of 4 (5g)
December 6, 2025 at 10:43 AM
Phone network in Germany is great. Crossing over from Switzerland I get 5 bars of EDGE instead of 4 (5g)
Reposted by dmnk
⏱️ 9 days until submission deadline (Dec 11, 23:59 AoE).
Organized by: @yannicnoller.bsky.social, @rohan.padhye.org, @ruijiemeng.bsky.social, and Laszlo (@lszekeres.bsky.social) Szekeres.
Organized by: @yannicnoller.bsky.social, @rohan.padhye.org, @ruijiemeng.bsky.social, and Laszlo (@lszekeres.bsky.social) Szekeres.
#FUZZING'26 CALL FOR PAPERS
──────
✨ After 5 years, we will be again co-located with NDSS!
🔗 fuzzing-workshop.github.io
📅 11. Dec (Submission)
//cc @mboehme.bsky.social (MPI-SP), @ruijiemeng.bsky.social (CISPA), @rohan.padhye.org (CMU), László Szekeres (Google)
──────
✨ After 5 years, we will be again co-located with NDSS!
🔗 fuzzing-workshop.github.io
📅 11. Dec (Submission)
//cc @mboehme.bsky.social (MPI-SP), @ruijiemeng.bsky.social (CISPA), @rohan.padhye.org (CMU), László Szekeres (Google)
December 3, 2025 at 11:00 AM
⏱️ 9 days until submission deadline (Dec 11, 23:59 AoE).
Organized by: @yannicnoller.bsky.social, @rohan.padhye.org, @ruijiemeng.bsky.social, and Laszlo (@lszekeres.bsky.social) Szekeres.
Organized by: @yannicnoller.bsky.social, @rohan.padhye.org, @ruijiemeng.bsky.social, and Laszlo (@lszekeres.bsky.social) Szekeres.
Reposted by dmnk
I've uploaded the slides of my recent talk "JS Engine Security in 2025": saelo.github.io/presentation.... I think there'll also be a recording available at some point (otherwise I can make one as not everything's in the slides).
Fantastic conference as usual, big thanks to the PoC Crew!
Fantastic conference as usual, big thanks to the PoC Crew!
saelo.github.io
November 24, 2025 at 9:58 AM
I've uploaded the slides of my recent talk "JS Engine Security in 2025": saelo.github.io/presentation.... I think there'll also be a recording available at some point (otherwise I can make one as not everything's in the slides).
Fantastic conference as usual, big thanks to the PoC Crew!
Fantastic conference as usual, big thanks to the PoC Crew!
I shouldn's have cancelled my Pebble preorder
www.youtube.com/shorts/n1UEX...
www.youtube.com/shorts/n1UEX...
Pebblemon - Optimized for Pebble 2 Duo
YouTube video by Harrison Allen
www.youtube.com
November 23, 2025 at 1:32 PM
I shouldn's have cancelled my Pebble preorder
www.youtube.com/shorts/n1UEX...
www.youtube.com/shorts/n1UEX...
Reposted by dmnk
Finding 0day is the one unsaturated LLM eval left
November 18, 2025 at 5:26 PM
Finding 0day is the one unsaturated LLM eval left
Great blog post 🦀🦀🦀
With Rust development surpassing C++ in the Android platform in 2025, we can start making reliable comparisons.
Rollback rates, code review latency, vulnerability density, and a CVE with a twist.
security.googleblog.com/2025/11/rust...
Rollback rates, code review latency, vulnerability density, and a CVE with a twist.
security.googleblog.com/2025/11/rust...
Rust in Android: move fast and fix things
Posted by Jeff Vander Stoep, Android Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in ...
security.googleblog.com
November 18, 2025 at 10:25 AM
Great blog post 🦀🦀🦀
Reposted by dmnk
Crashing calculators and CAD editors? GUIFuzz++ is finally here to help make them better! 🔥
Come see my undergraduate student @trowlett0.bsky.social's very first paper "GUIFuzz++" at @aseconf.bsky.social this Wednesday.
Also now integrated in @aflplusplus.bsky.social! 😃
github.com/AFLplusplus/...
Come see my undergraduate student @trowlett0.bsky.social's very first paper "GUIFuzz++" at @aseconf.bsky.social this Wednesday.
Also now integrated in @aflplusplus.bsky.social! 😃
github.com/AFLplusplus/...
November 17, 2025 at 9:02 PM
Crashing calculators and CAD editors? GUIFuzz++ is finally here to help make them better! 🔥
Come see my undergraduate student @trowlett0.bsky.social's very first paper "GUIFuzz++" at @aseconf.bsky.social this Wednesday.
Also now integrated in @aflplusplus.bsky.social! 😃
github.com/AFLplusplus/...
Come see my undergraduate student @trowlett0.bsky.social's very first paper "GUIFuzz++" at @aseconf.bsky.social this Wednesday.
Also now integrated in @aflplusplus.bsky.social! 😃
github.com/AFLplusplus/...
Reposted by dmnk
It is time for the annual State of Rust Survey! 📝✨️️
Whether you've just begun using Rust, are an experienced Rust user, stopped using Rust, or might use Rust in the future, we'd like to hear from you! 🦀
Available in ten languages and open until December 17th: blog.rust-lang.org/2025/11/17/l...
Whether you've just begun using Rust, are an experienced Rust user, stopped using Rust, or might use Rust in the future, we'd like to hear from you! 🦀
Available in ten languages and open until December 17th: blog.rust-lang.org/2025/11/17/l...
Launching the 2025 State of Rust Survey | Rust Blog
Empowering everyone to build reliable and efficient software.
blog.rust-lang.org
November 17, 2025 at 4:26 PM
It is time for the annual State of Rust Survey! 📝✨️️
Whether you've just begun using Rust, are an experienced Rust user, stopped using Rust, or might use Rust in the future, we'd like to hear from you! 🦀
Available in ten languages and open until December 17th: blog.rust-lang.org/2025/11/17/l...
Whether you've just begun using Rust, are an experienced Rust user, stopped using Rust, or might use Rust in the future, we'd like to hear from you! 🦀
Available in ten languages and open until December 17th: blog.rust-lang.org/2025/11/17/l...
Reposted by dmnk
Doctor says, 'Dont worry, parser design is simple. Great programmer Kate Compton has written the parser you seek’
November 16, 2025 at 2:44 PM
Doctor says, 'Dont worry, parser design is simple. Great programmer Kate Compton has written the parser you seek’
Reposted by dmnk
LibAFL 0.15.4 has just been released 🎉
Of the 30 Contributers for this release, almost half are new faces <3
github.com/AFLplusplus/...
#Fuzzing #LibAFL #AFLplusplus
Of the 30 Contributers for this release, almost half are new faces <3
github.com/AFLplusplus/...
#Fuzzing #LibAFL #AFLplusplus
Release 0.15.4 · AFLplusplus/LibAFL
Highlights
DumpTargetBytesToDiskStage can to dump complex inputs to disk as bytes
CmpLog implementation is now consistent with AFL++ to share targets back and forth
Updated and fixed ForkserverByt...
github.com
November 12, 2025 at 3:31 PM
LibAFL 0.15.4 has just been released 🎉
Of the 30 Contributers for this release, almost half are new faces <3
github.com/AFLplusplus/...
#Fuzzing #LibAFL #AFLplusplus
Of the 30 Contributers for this release, almost half are new faces <3
github.com/AFLplusplus/...
#Fuzzing #LibAFL #AFLplusplus
"You are a smart and handsome software engineer"
Prompt engineering is just drag for computers 💅
Prompt engineering is just drag for computers 💅
November 10, 2025 at 2:38 PM
"You are a smart and handsome software engineer"
Prompt engineering is just drag for computers 💅
Prompt engineering is just drag for computers 💅
Reposted by dmnk
Some more cool JS Engine bugs found by Big Sleep were fixed in yesterday's Apple security updates: support.apple.com/en-us/125632
Technical details will be available soon at issuetracker.google.com/issues?q=com...
Technical details will be available soon at issuetracker.google.com/issues?q=com...
About the security content of iOS 26.1 and iPadOS 26.1 - Apple Support
This document describes the security content of iOS 26.1 and iPadOS 26.1.
support.apple.com
November 4, 2025 at 5:10 PM
Some more cool JS Engine bugs found by Big Sleep were fixed in yesterday's Apple security updates: support.apple.com/en-us/125632
Technical details will be available soon at issuetracker.google.com/issues?q=com...
Technical details will be available soon at issuetracker.google.com/issues?q=com...
Reposted by dmnk
support.apple.com/en-us/125632
the name "big sleep" feels a lot more insulting now that its really threatening to take our jobs
the name "big sleep" feels a lot more insulting now that its really threatening to take our jobs
About the security content of iOS 26.1 and iPadOS 26.1 - Apple Support
This document describes the security content of iOS 26.1 and iPadOS 26.1.
support.apple.com
November 4, 2025 at 5:19 PM
support.apple.com/en-us/125632
the name "big sleep" feels a lot more insulting now that its really threatening to take our jobs
the name "big sleep" feels a lot more insulting now that its really threatening to take our jobs
What is my purpose
You provide entropy
Oh
You provide entropy
Oh
November 4, 2025 at 5:37 PM
What is my purpose
You provide entropy
Oh
You provide entropy
Oh
Neat idea: Snapshot fuzzing from a certain point deeper in the target (with +- complex state), then use an AI Agent to trigger that point. Fuzzer goes brrr
Gaetano's paper on Scaling Security Testing by Adressing the Reachability Gap has been accepted at #ICSE26!
📝 gpsapia.github.io/files/ICSE_2...
🧑💻 github.com/GPSapia/Reac...
How to scale automatic security testing to arbitrary systems?
📝 gpsapia.github.io/files/ICSE_2...
🧑💻 github.com/GPSapia/Reac...
How to scale automatic security testing to arbitrary systems?
November 4, 2025 at 1:04 AM
Neat idea: Snapshot fuzzing from a certain point deeper in the target (with +- complex state), then use an AI Agent to trigger that point. Fuzzer goes brrr
Reposted by dmnk
We derestricted crbug.com/382005099 today which might just be my favorite bug of the last few years: bad interaction between WebAudio changing the CPU's handling of floats and V8 not expecting that. See crbug.com/382005099#co... for a PoC exploit. Also affected other browsers
October 29, 2025 at 2:27 PM
We derestricted crbug.com/382005099 today which might just be my favorite bug of the last few years: bad interaction between WebAudio changing the CPU's handling of floats and V8 not expecting that. See crbug.com/382005099#co... for a PoC exploit. Also affected other browsers