Simone Aonzo
@saonzo.bsky.social
Malware hunter ☣ && Assistant Professor 👨🏻🔬 @EURECOM
X: https://x.com/packm4d
WWW: https://simoneaonzo.it/
LinkedIn: https://www.linkedin.com/in/simone-aonzo-290b05180/
X: https://x.com/packm4d
WWW: https://simoneaonzo.it/
LinkedIn: https://www.linkedin.com/in/simone-aonzo-290b05180/
Wolfenstein 3D (1992) by id Software didn’t need DRM. It had threats.
Even if the "aggressive" protection mechanism was a joke… it definitely made you think twice. 😅
Even if the "aggressive" protection mechanism was a joke… it definitely made you think twice. 😅
October 28, 2025 at 12:46 PM
Wolfenstein 3D (1992) by id Software didn’t need DRM. It had threats.
Even if the "aggressive" protection mechanism was a joke… it definitely made you think twice. 😅
Even if the "aggressive" protection mechanism was a joke… it definitely made you think twice. 😅
🚨 New research from EURECOM & Univ. of Milan!
[1/3] “Unveiling BYOVD Threats: Malware’s Use and Abuse of Kernel Drivers” (to appear at NDSS’26) reveals how malware exploits signed drivers to gain kernel privileges. This work led to the discovery of 7 unknown weaponized drivers 💣
[1/3] “Unveiling BYOVD Threats: Malware’s Use and Abuse of Kernel Drivers” (to appear at NDSS’26) reveals how malware exploits signed drivers to gain kernel privileges. This work led to the discovery of 7 unknown weaponized drivers 💣
Unveiling BYOVD Threats - Malware’s Use and Abuse of Kernel Drivers | S3
The S3 Software and System Security Group @ EURECOM website.
www.s3.eurecom.fr
October 13, 2025 at 1:08 PM
🚨 New research from EURECOM & Univ. of Milan!
[1/3] “Unveiling BYOVD Threats: Malware’s Use and Abuse of Kernel Drivers” (to appear at NDSS’26) reveals how malware exploits signed drivers to gain kernel privileges. This work led to the discovery of 7 unknown weaponized drivers 💣
[1/3] “Unveiling BYOVD Threats: Malware’s Use and Abuse of Kernel Drivers” (to appear at NDSS’26) reveals how malware exploits signed drivers to gain kernel privileges. This work led to the discovery of 7 unknown weaponized drivers 💣
The Washington Post/CrowdStrike [1] reports DeepSeek gives weaker or refused code to disfavored groups. It’s not a "sleeper agent" in the Hubinger et al. [2] sense, but the resemblance is striking: context-dependent behavior that undermines some users while appearing safe to others.
September 17, 2025 at 8:15 AM
The Washington Post/CrowdStrike [1] reports DeepSeek gives weaker or refused code to disfavored groups. It’s not a "sleeper agent" in the Hubinger et al. [2] sense, but the resemblance is striking: context-dependent behavior that undermines some users while appearing safe to others.
Did you know that you can execute JavaScript code via SVG images (i.e., XML)?
And guess which app opens SVG images by default on Windows?
Your default browser! 😱
PoC: gist.github.com/packmad/ab1e...
thehackernews.com/2025/09/viru...
And guess which app opens SVG images by default on Windows?
Your default browser! 😱
PoC: gist.github.com/packmad/ab1e...
thehackernews.com/2025/09/viru...
VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages
523 malicious SVG phishing files since Aug 2025 bypassed antivirus, evolving tactics expose macOS to AMOS.
thehackernews.com
September 5, 2025 at 8:41 AM
Did you know that you can execute JavaScript code via SVG images (i.e., XML)?
And guess which app opens SVG images by default on Windows?
Your default browser! 😱
PoC: gist.github.com/packmad/ab1e...
thehackernews.com/2025/09/viru...
And guess which app opens SVG images by default on Windows?
Your default browser! 😱
PoC: gist.github.com/packmad/ab1e...
thehackernews.com/2025/09/viru...
No scientific value, but I timed how long it took me to reverse M$'s classic Minesweeper game AFTER the decompiled code had been renamed by GPT (MCP w/ IDA): 19m22s. Then I started xdbg and went straight to the memory where the bombs were. Damn, I was reading the source code 😳
August 27, 2025 at 6:03 PM
No scientific value, but I timed how long it took me to reverse M$'s classic Minesweeper game AFTER the decompiled code had been renamed by GPT (MCP w/ IDA): 19m22s. Then I started xdbg and went straight to the memory where the bombs were. Damn, I was reading the source code 😳
Although the author of the video repeatedly claims that he is not cheating, he is. But at the "bioengineering" level. I suppose it triggers some recognizable patterns that could be used for detection. However, it's the future. Hats off!
www.youtube.com/watch?v=9alJ...
www.youtube.com/watch?v=9alJ...
Neuromuscular Aim Assist
Giving a PC program control of my muscles to become the fastest in the world. Sponsored by Micro Center!
Build, Upgrade, and Save All Month Long at Micro Center:…
www.youtube.com
August 13, 2025 at 11:08 AM
Although the author of the video repeatedly claims that he is not cheating, he is. But at the "bioengineering" level. I suppose it triggers some recognizable patterns that could be used for detection. However, it's the future. Hats off!
www.youtube.com/watch?v=9alJ...
www.youtube.com/watch?v=9alJ...
Two little-known #Python features that I often use:
__slots__ explicitly state the attributes of your instances (=> faster attribute access and memory space savings).
@lru_cache the function returns the cached result when the same inputs occur again (AKA memoization).
__slots__ explicitly state the attributes of your instances (=> faster attribute access and memory space savings).
@lru_cache the function returns the cached result when the same inputs occur again (AKA memoization).
July 8, 2025 at 2:00 PM
Two little-known #Python features that I often use:
__slots__ explicitly state the attributes of your instances (=> faster attribute access and memory space savings).
@lru_cache the function returns the cached result when the same inputs occur again (AKA memoization).
__slots__ explicitly state the attributes of your instances (=> faster attribute access and memory space savings).
@lru_cache the function returns the cached result when the same inputs occur again (AKA memoization).
Does anyone have an idea why the Android "Emualtor" 😆 is capped at 6 cores (X86_64 and I386 versions)?
android.googlesource.com/platform/ext...
android.googlesource.com/platform/ext...
June 3, 2025 at 12:23 PM
Does anyone have an idea why the Android "Emualtor" 😆 is capped at 6 cores (X86_64 and I386 versions)?
android.googlesource.com/platform/ext...
android.googlesource.com/platform/ext...
Reposted by Simone Aonzo
The 4th edition of WoRMA is officially scheduled for June 30th, co-located with IEEE EuroS&P in magnificent Venice in Italy!
Website and CfP: worma.gitlab.io/2025/
Deadline: February 20th, 2025
Spread the word!
Website and CfP: worma.gitlab.io/2025/
Deadline: February 20th, 2025
Spread the word!
January 8, 2025 at 3:47 PM
The 4th edition of WoRMA is officially scheduled for June 30th, co-located with IEEE EuroS&P in magnificent Venice in Italy!
Website and CfP: worma.gitlab.io/2025/
Deadline: February 20th, 2025
Spread the word!
Website and CfP: worma.gitlab.io/2025/
Deadline: February 20th, 2025
Spread the word!