dest, src, size
@destsrcsize.bsky.social
Professional disassembly enthusiast
Reposted by dest, src, size
ICYMI, @synacktiv.com's Pwn2Own walkthrough, exploiting a Tesla Wall via the charging port is a good Friday read.
After a firmware downgrade, they found a debug shell via the access point used during setup, ultimately using this to gain EIP.
www.synacktiv.com/en/publicati...
After a firmware downgrade, they found a debug shell via the access point used during setup, ultimately using this to gain EIP.
www.synacktiv.com/en/publicati...
Exploiting the Tesla Wall connector from its charge port connector
An interesting attack surface Over the past few years, Synacktiv has been analyzing Tesla vehicles for the Pwn2Own competition.
www.synacktiv.com
July 18, 2025 at 4:22 PM
ICYMI, @synacktiv.com's Pwn2Own walkthrough, exploiting a Tesla Wall via the charging port is a good Friday read.
After a firmware downgrade, they found a debug shell via the access point used during setup, ultimately using this to gain EIP.
www.synacktiv.com/en/publicati...
After a firmware downgrade, they found a debug shell via the access point used during setup, ultimately using this to gain EIP.
www.synacktiv.com/en/publicati...
Reposted by dest, src, size
Everyone needs to see this once in awhile.
June 9, 2025 at 4:17 PM
Everyone needs to see this once in awhile.
Reposted by dest, src, size
"Fuzz Introspector: enabling rapid fuzz introspection tool development" -- a new blog post on Fuzz Introspector and how it is moving into supporting analysis as a pure python library. #fuzzing #program-analysis See the blog post: adalogics.com/blog/fuzz-in...
Fuzz Introspector: enabling rapid fuzz introspection tool development
adalogics.com
February 14, 2025 at 1:07 PM
"Fuzz Introspector: enabling rapid fuzz introspection tool development" -- a new blog post on Fuzz Introspector and how it is moving into supporting analysis as a pure python library. #fuzzing #program-analysis See the blog post: adalogics.com/blog/fuzz-in...
Reposted by dest, src, size
aischolar.0x434b.dev Pretty cool project by @434b.bsky.social: A neat web interface to explore security (and in particular: Fuzzing) papers with AI summaries. Seems super useful to get/stay up to date with recent papers :)
AIScholar - Paper Database
aischolar.0x434b.dev
February 4, 2025 at 3:29 PM
aischolar.0x434b.dev Pretty cool project by @434b.bsky.social: A neat web interface to explore security (and in particular: Fuzzing) papers with AI summaries. Seems super useful to get/stay up to date with recent papers :)
Reposted by dest, src, size
Our paper on efficient automated exploit generation has been accepted to USENIX Security '25.
The gist: instead of generating individual attacks, we synthesise the whole *programming language* that expresses many exploits and guarantees their realisability.
Paper: ilyasergey.net/assets/pdf/p...
The gist: instead of generating individual attacks, we synthesise the whole *programming language* that expresses many exploits and guarantees their realisability.
Paper: ilyasergey.net/assets/pdf/p...
February 2, 2025 at 6:35 AM
Our paper on efficient automated exploit generation has been accepted to USENIX Security '25.
The gist: instead of generating individual attacks, we synthesise the whole *programming language* that expresses many exploits and guarantees their realisability.
Paper: ilyasergey.net/assets/pdf/p...
The gist: instead of generating individual attacks, we synthesise the whole *programming language* that expresses many exploits and guarantees their realisability.
Paper: ilyasergey.net/assets/pdf/p...
Reposted by dest, src, size
A Brief JavaScriptCore RCE Story:
qriousec.github.io/post/jsc-uni...
#cybersecurity #informationsecurity #rce #javascript #vulnerability
qriousec.github.io/post/jsc-uni...
#cybersecurity #informationsecurity #rce #javascript #vulnerability
January 19, 2025 at 2:31 PM
A Brief JavaScriptCore RCE Story:
qriousec.github.io/post/jsc-uni...
#cybersecurity #informationsecurity #rce #javascript #vulnerability
qriousec.github.io/post/jsc-uni...
#cybersecurity #informationsecurity #rce #javascript #vulnerability
Reposted by dest, src, size
🥳📰 Very happy and proud that our paper on finding backdoors with fuzzing was accepted at the main track of @icseconf.bsky.social!
More details to follow soon 🙂
Congratulations and thank you to my students Dimitri Kokkonis and Emilien Decoux and co-supervisor Stefano Zacchiroli!
January 20, 2025 at 10:35 AM
🥳📰 Very happy and proud that our paper on finding backdoors with fuzzing was accepted at the main track of @icseconf.bsky.social!
More details to follow soon 🙂
Congratulations and thank you to my students Dimitri Kokkonis and Emilien Decoux and co-supervisor Stefano Zacchiroli!
Reposted by dest, src, size
Futex is an under-appreciated Linux system call that backs almost everything you do that involves concurrency behind the scenes. HuguesEvrard and I wrote a paper on using model checking to analyse futex-based concurrency primitives. Check it out! doc.ic.ac.uk/~afd/papers/...
January 20, 2025 at 1:46 PM
Futex is an under-appreciated Linux system call that backs almost everything you do that involves concurrency behind the scenes. HuguesEvrard and I wrote a paper on using model checking to analyse futex-based concurrency primitives. Check it out! doc.ic.ac.uk/~afd/papers/...
Reposted by dest, src, size
2024 is almost done, so here’s a thread on my 5 favorite fuzzing papers published this year. In no particular order…🧵
December 30, 2024 at 9:17 PM
2024 is almost done, so here’s a thread on my 5 favorite fuzzing papers published this year. In no particular order…🧵
Reposted by dest, src, size
Exploiting a use-after-free vulnerability in the afd.sys Windows driver (CVE-2024-38193)
blog.exodusintel.com/2024/12/02/
Credits Luca Ginex
#windows #infosec
blog.exodusintel.com/2024/12/02/
Credits Luca Ginex
#windows #infosec
December 15, 2024 at 11:20 AM
Exploiting a use-after-free vulnerability in the afd.sys Windows driver (CVE-2024-38193)
blog.exodusintel.com/2024/12/02/
Credits Luca Ginex
#windows #infosec
blog.exodusintel.com/2024/12/02/
Credits Luca Ginex
#windows #infosec
Reposted by dest, src, size
Reposted by dest, src, size
This awesome fuzzing blog post by @r00tkitsmm.bsky.social covers a super reliable macOS kernel binary rewriting to instrument any KEXT or XNU at BB or edge level. Mandatory reading for anyone interested in fuzzing whether you use MacOS or not. So many good system internals and fuzzing references!
Pishi: Coverage guided macOS KEXT fuzzing.
This blog post is the result of some weekend research, where I delved into Pishi, a static macOS kernel binary rewriting tool. During the weekdays, I focus on Linux kernel security at my job and would...
r00tkitsmm.github.io
November 10, 2024 at 2:21 AM
This awesome fuzzing blog post by @r00tkitsmm.bsky.social covers a super reliable macOS kernel binary rewriting to instrument any KEXT or XNU at BB or edge level. Mandatory reading for anyone interested in fuzzing whether you use MacOS or not. So many good system internals and fuzzing references!