Pinned
cdzeno.bsky.social
@cdzeno.bsky.social
· Nov 19
Just discovered 10 memory corruption vulnerabilities in the popular Mongoose Web Server (11k stars on GitHub) by fuzzing its embedded TLS stack protocol with @aflplusplus.bsky.social. More technical details here: www.nozominetworks.com/blog/hunting...
#fuzzing #afl #vulnerability #tls
#fuzzing #afl #vulnerability #tls
Reposted
Understanding Docker Internals: Building a minimal Container Runtime with Python on Linux using Namespaces, Control Groups and Filesystem Isolation #Docker #Linux muhammadraza.me/2024/buildin...
Understanding Docker Internals: Building a Container Runtime in Python | Muhammad
Breaking down container technology by building a simple container runtime from scratch using Python and Linux primitives like namespaces and cgroups
muhammadraza.me
October 30, 2025 at 8:10 PM
Understanding Docker Internals: Building a minimal Container Runtime with Python on Linux using Namespaces, Control Groups and Filesystem Isolation #Docker #Linux muhammadraza.me/2024/buildin...
Reposted
September 9, 2025 at 5:07 AM
Reposted
Created Go bindings for Apple's Hypervisor.framework.
Why? Because I wanted to test a Pure Go emulator I'm writing against and couldn't get unicorn2 to work on macOS 26. Plus what's going to be faster than Apple's OWN hypervisor 😎
Check it out! 🎉
github.com/blacktop/go-...
Why? Because I wanted to test a Pure Go emulator I'm writing against and couldn't get unicorn2 to work on macOS 26. Plus what's going to be faster than Apple's OWN hypervisor 😎
Check it out! 🎉
github.com/blacktop/go-...
GitHub - blacktop/go-hypervisor: Apple Hypervisor.framework bindings for Golang
Apple Hypervisor.framework bindings for Golang. Contribute to blacktop/go-hypervisor development by creating an account on GitHub.
github.com
August 23, 2025 at 2:11 AM
Created Go bindings for Apple's Hypervisor.framework.
Why? Because I wanted to test a Pure Go emulator I'm writing against and couldn't get unicorn2 to work on macOS 26. Plus what's going to be faster than Apple's OWN hypervisor 😎
Check it out! 🎉
github.com/blacktop/go-...
Why? Because I wanted to test a Pure Go emulator I'm writing against and couldn't get unicorn2 to work on macOS 26. Plus what's going to be faster than Apple's OWN hypervisor 😎
Check it out! 🎉
github.com/blacktop/go-...
Reposted
March 23, 2025 at 8:51 AM
Reposted
A small demo/tutorial on unpacking executables with #PEsieve and #TinyTracer: hshrzd.wordpress.com/2025/03/22/u...
- automatic OEP finding, reconstructing IAT, avoiding antidebugs and fixing imports broken by shims
- automatic OEP finding, reconstructing IAT, avoiding antidebugs and fixing imports broken by shims
Tutorial: unpacking executables with TinyTracer + PE-sieve
In this short blog I would like to demonstrate you how to unpack an executable with PE-sieve and Tiny Tracer. As an example, let’s use the executable that was packed with a modified UPX: 8f66…
hshrzd.wordpress.com
March 22, 2025 at 8:53 PM
A small demo/tutorial on unpacking executables with #PEsieve and #TinyTracer: hshrzd.wordpress.com/2025/03/22/u...
- automatic OEP finding, reconstructing IAT, avoiding antidebugs and fixing imports broken by shims
- automatic OEP finding, reconstructing IAT, avoiding antidebugs and fixing imports broken by shims
Reposted
I’ve posted a detailed explanation of why the claimed ESP32 Bluetooth chip “backdoor” is not a backdoor. It’s just a poor security practice, which is found in other Bluetooth chips by vendors like Broadcom, Cypress, and Texas Instruments too. https://darkmentor.com/blog/esp32_non-backdoor/
The ESP32 "backdoor" that wasn't | Dark Mentor LLC
4 day class covering the full Bluetooth Low Energy (BLE) protocol stack from the bottom (PHY) up to the top (GATT). The core of the class is built around playing with a game application on an Android phone, talking via Bluetooth to an IoT-type piece of hardware, and analyzing the communication between them. The 4th day is focused on assessing a cutomized Ultra-Vulnerable Peripheral firmware, running on Zephyr RTOS, which has had vulnerabilities introduced into it which are representative of vulnerabilities found in the past across many other platforms.
darkmentor.com
March 9, 2025 at 12:50 PM
I’ve posted a detailed explanation of why the claimed ESP32 Bluetooth chip “backdoor” is not a backdoor. It’s just a poor security practice, which is found in other Bluetooth chips by vendors like Broadcom, Cypress, and Texas Instruments too. https://darkmentor.com/blog/esp32_non-backdoor/
Reposted
Great article about Apple's 🍎 Exclaves & Conclaves that provides a high-level overview and then dives into technical details implemented in XNU 👀
randomaugustine.medium.com/on-apple-exc...
randomaugustine.medium.com/on-apple-exc...
On Apple Exclaves
Enhancing kernel isolation, one step at a time.
randomaugustine.medium.com
March 10, 2025 at 12:25 AM
Great article about Apple's 🍎 Exclaves & Conclaves that provides a high-level overview and then dives into technical details implemented in XNU 👀
randomaugustine.medium.com/on-apple-exc...
randomaugustine.medium.com/on-apple-exc...
Reposted
THIS IS HUGE! Researchers at Stanford University have developed a dual-antibody treatment that remains effective against ALL SARS-CoV-2 variants by targeting a less-mutable part of the virus. This breakthrough could lead to longer-lasting therapies that OUTPACE viral evolution. 🧪🧵⬇️
March 9, 2025 at 4:00 PM
THIS IS HUGE! Researchers at Stanford University have developed a dual-antibody treatment that remains effective against ALL SARS-CoV-2 variants by targeting a less-mutable part of the virus. This breakthrough could lead to longer-lasting therapies that OUTPACE viral evolution. 🧪🧵⬇️
Reposted
Tarlogic found a "backdoor" im the ESP32 chips:
bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices
Broadcom & Cypress chips have the same HCI "backdoor" allowing to write to the Bluetooth chip's RAM. This feature is used for firmware patches.
bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices
Broadcom & Cypress chips have the same HCI "backdoor" allowing to write to the Bluetooth chip's RAM. This feature is used for firmware patches.
Undocumented commands found in Bluetooth chip used by a billion devices
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks.
bleepingcomputer.com
March 9, 2025 at 12:39 PM
Tarlogic found a "backdoor" im the ESP32 chips:
bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices
Broadcom & Cypress chips have the same HCI "backdoor" allowing to write to the Bluetooth chip's RAM. This feature is used for firmware patches.
bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices
Broadcom & Cypress chips have the same HCI "backdoor" allowing to write to the Bluetooth chip's RAM. This feature is used for firmware patches.
Reposted
The 3rd episode of our #offensiverust series, "Streamlining vulnerability research with #idapro and #rust", is here! @raptor introduces new tools to assist with reverse engineering and vulnerability research, based on @HexRaysSA IDA and @binarly_io idalib […]
Original post on infosec.exchange
infosec.exchange
February 25, 2025 at 6:40 AM
The 3rd episode of our #offensiverust series, "Streamlining vulnerability research with #idapro and #rust", is here! @raptor introduces new tools to assist with reverse engineering and vulnerability research, based on @HexRaysSA IDA and @binarly_io idalib […]
Reposted
TP-Link (Tapo) C210 V2 cloud camera: bootloader vulnerability and firmware decryption
watchfulip.github.io/28-12-24/tp-...
#embedded #infosec
watchfulip.github.io/28-12-24/tp-...
#embedded #infosec
February 15, 2025 at 12:49 PM
TP-Link (Tapo) C210 V2 cloud camera: bootloader vulnerability and firmware decryption
watchfulip.github.io/28-12-24/tp-...
#embedded #infosec
watchfulip.github.io/28-12-24/tp-...
#embedded #infosec
Reposted
“Decompiling Mobile Apps With AI Language Models” by @trufae.bsky.social at @nowsecure.bsky.social www.nowsecure.com/blog/2025/01...
January 29, 2025 at 5:54 PM
“Decompiling Mobile Apps With AI Language Models” by @trufae.bsky.social at @nowsecure.bsky.social www.nowsecure.com/blog/2025/01...
Reposted
January 20, 2025 at 7:48 AM
Reposted
All videos from The 38th Chaos Communication Congress (38C3) 2024:
media.ccc.de/b/congress/2...
#cybersecurity #informationsecurity #hacking #exploitation #iOS #android #apple #exploitation #reverseengineering #vulnerability
media.ccc.de/b/congress/2...
#cybersecurity #informationsecurity #hacking #exploitation #iOS #android #apple #exploitation #reverseengineering #vulnerability
December 31, 2024 at 5:42 PM
All videos from The 38th Chaos Communication Congress (38C3) 2024:
media.ccc.de/b/congress/2...
#cybersecurity #informationsecurity #hacking #exploitation #iOS #android #apple #exploitation #reverseengineering #vulnerability
media.ccc.de/b/congress/2...
#cybersecurity #informationsecurity #hacking #exploitation #iOS #android #apple #exploitation #reverseengineering #vulnerability
Reposted
“From One Thousand Pages of Specification to Unveiling Hidden Bugs: Large Language Model Assisted Fuzzing of Matter IoT Devices”
With a focus on the Matter network protocol, walks through the process of using an LLM to transform a human-readable spec into something a fuzzer can leverage.
With a focus on the Matter network protocol, walks through the process of using an LLM to transform a human-readable spec into something a fuzzer can leverage.
December 30, 2024 at 9:17 PM
“From One Thousand Pages of Specification to Unveiling Hidden Bugs: Large Language Model Assisted Fuzzing of Matter IoT Devices”
With a focus on the Matter network protocol, walks through the process of using an LLM to transform a human-readable spec into something a fuzzer can leverage.
With a focus on the Matter network protocol, walks through the process of using an LLM to transform a human-readable spec into something a fuzzer can leverage.
Reposted
Hello new (fuzzing) followers! I haven’t done much fuzzing recently unfortunately but here’s an example of past work I’m happy to talk about: mhlakhani.com/static/pdf/F...
Still hope to get back to it one day. But for now I’m still in the security / systems space (and dabbling in AI)
Still hope to get back to it one day. But for now I’m still in the security / systems space (and dabbling in AI)
mhlakhani.com
December 24, 2024 at 11:00 PM
Hello new (fuzzing) followers! I haven’t done much fuzzing recently unfortunately but here’s an example of past work I’m happy to talk about: mhlakhani.com/static/pdf/F...
Still hope to get back to it one day. But for now I’m still in the security / systems space (and dabbling in AI)
Still hope to get back to it one day. But for now I’m still in the security / systems space (and dabbling in AI)
Reposted
Microsoft just released a tool that lets you convert Office files to Markdown. Never thought I'd see the day.
Google also added Markdown export to Google Docs a few months ago.
github.com/microsoft/markitdown
Google also added Markdown export to Google Docs a few months ago.
github.com/microsoft/markitdown
GitHub - microsoft/markitdown: Python tool for converting files and office documents to Markdown.
Python tool for converting files and office documents to Markdown. - microsoft/markitdown
github.com
December 13, 2024 at 8:25 PM
Microsoft just released a tool that lets you convert Office files to Markdown. Never thought I'd see the day.
Google also added Markdown export to Google Docs a few months ago.
github.com/microsoft/markitdown
Google also added Markdown export to Google Docs a few months ago.
github.com/microsoft/markitdown
Reposted
Reposted
I'm launching a new website: sdk.blue - a list of all libraries/SDKs for building things on #ATProto, grouped by language 🙂
If I forgot anything important, or you have an ATProto/Bluesky library that you think would be a good fit there (or if I should remove anything), please send me a PR :) #atdev
If I forgot anything important, or you have an ATProto/Bluesky library that you think would be a good fit there (or if I should remove anything), please send me a PR :) #atdev
sdk.blue
A curated list of libraries & SDKs for the Bluesky API and AT Protocol
sdk.blue
November 21, 2024 at 3:23 PM
Reposted
So for my first post on Bluesky, I'm happy to share that LIEF (extended) is now providing an API to disassemble code (backed by the LLVM MC layer).
This disassembler is integrated with other functionalities
like dyldsc or DWARF info.
You can checkout lief.re/doc/latest/e... for the details.
This disassembler is integrated with other functionalities
like dyldsc or DWARF info.
You can checkout lief.re/doc/latest/e... for the details.
November 23, 2024 at 9:33 AM
So for my first post on Bluesky, I'm happy to share that LIEF (extended) is now providing an API to disassemble code (backed by the LLVM MC layer).
This disassembler is integrated with other functionalities
like dyldsc or DWARF info.
You can checkout lief.re/doc/latest/e... for the details.
This disassembler is integrated with other functionalities
like dyldsc or DWARF info.
You can checkout lief.re/doc/latest/e... for the details.
Reposted
Reposted
C Harness to #LibAFL
https://github.com/v-p-b/libfuzzer_kfx/blob/main/C2LIBAFL.md
I nice part of making an archive of my Twitter posts is that I realize I wrote stuff like this o.O #fuzzing
Original->
https://github.com/v-p-b/libfuzzer_kfx/blob/main/C2LIBAFL.md
I nice part of making an archive of my Twitter posts is that I realize I wrote stuff like this o.O #fuzzing
Original->
November 23, 2024 at 2:56 PM
C Harness to #LibAFL
https://github.com/v-p-b/libfuzzer_kfx/blob/main/C2LIBAFL.md
I nice part of making an archive of my Twitter posts is that I realize I wrote stuff like this o.O #fuzzing
Original->
https://github.com/v-p-b/libfuzzer_kfx/blob/main/C2LIBAFL.md
I nice part of making an archive of my Twitter posts is that I realize I wrote stuff like this o.O #fuzzing
Original->
Reposted
Just discovered 10 memory corruption vulnerabilities in the popular Mongoose Web Server (11k stars on GitHub) by fuzzing its embedded TLS stack protocol with @aflplusplus.bsky.social. More technical details here: www.nozominetworks.com/blog/hunting...
#fuzzing #afl #vulnerability #tls
#fuzzing #afl #vulnerability #tls
November 19, 2024 at 7:00 PM
Just discovered 10 memory corruption vulnerabilities in the popular Mongoose Web Server (11k stars on GitHub) by fuzzing its embedded TLS stack protocol with @aflplusplus.bsky.social. More technical details here: www.nozominetworks.com/blog/hunting...
#fuzzing #afl #vulnerability #tls
#fuzzing #afl #vulnerability #tls
Just discovered 10 memory corruption vulnerabilities in the popular Mongoose Web Server (11k stars on GitHub) by fuzzing its embedded TLS stack protocol with @aflplusplus.bsky.social. More technical details here: www.nozominetworks.com/blog/hunting...
#fuzzing #afl #vulnerability #tls
#fuzzing #afl #vulnerability #tls
November 19, 2024 at 7:00 PM
Just discovered 10 memory corruption vulnerabilities in the popular Mongoose Web Server (11k stars on GitHub) by fuzzing its embedded TLS stack protocol with @aflplusplus.bsky.social. More technical details here: www.nozominetworks.com/blog/hunting...
#fuzzing #afl #vulnerability #tls
#fuzzing #afl #vulnerability #tls