's Avatar

@gannimo.bsky.social

589 Followers  |  105 Following  |  32 Posts  |  Joined: 14.06.2023
Posts Following

Posts by (@gannimo.bsky.social)

Post image

Great time at the Intel Academic Security Conference hosted by Intel Labs! πŸš€ I presented our work on SecureCells & PtrShield. #Security #Research #Intel Full details: infosec.exchange/@gannimo/115...

11.09.2025 17:33 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

On my way to Seattle for #Usenix #SEC25. Looking forward to catch up with all of you folks to chat about security, systems, fuzzing, mobile systems, and confidential computing.
Also, if you brought your running shoes, let me know!

12.08.2025 20:21 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Zer0RocketWrecks has won LakeCTF, Switzerland's top Capture the Flag Ten teams have taken part in the third edition of this security hacking contest organized by EPFL’s Capture the Flag team, the polygl0ts and the School of Computer and Communication Sciences.

Last week, @icepfl.bsky.social hosted #LakeCTF, a major academic CTF competition with amazing challenges. Congrats to @polygl0ts.ch for the flawless organization! I especially enjoyed the retro-challenges on real devices, especially hacking old basic interpreters! πŸ‘ΎπŸ‘ΎπŸ‘Ύ actu.epfl.ch/news/zer0roc...

14.05.2025 19:34 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image Post image

So many amazing papers at #IEEESSP Oakland'25 this year. Congratulations to all authors on your accepted papers and an amazing program overall. Sadly, I couldn't make it this year but my fallback program to go hike with the kids was not too bad either!

14.05.2025 17:39 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Today I received my first spear phishing attempt with a great context and reasonable request. 🀩🀩🀩 Does that mean I'm important now?

02.05.2025 13:50 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image Post image

These two selfies are less than 24hrs and less than 50km apart from each other. One of the reasons why I love #EPFL and Switzerland

01.05.2025 16:29 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

The universe is sending a very clear signal that I should stay TF out of France. Flight cancelled after 3hr delay and we ended up driving all night because no flights or trains were available the next three days. Thanks #easyjet!

12.04.2025 03:59 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

delve is just old school. When looking up quotes from Tolkien's LOTR I discovered that the book is full of "delve". So apparently in the 50ies the British used delve and LLMs train on all data, not just recent text.

11.04.2025 08:50 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

The #THcon organizers suggested that I take a hotel in the city center and commute to the conference. In spite of bad past experiences in every major city in France, I took their advice and learned why Toulouse does not have a problem with transport strikes: they got rid of the conductors!

10.04.2025 20:16 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image Post image Post image

What great fun to speak at #THCON2025 in Toulouse and present some of the #HexHive research on Android (in-)security. Find me if you want to nerd out about fuzzing, system mitigations, and any insecure components.

10.04.2025 15:48 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

What have you tried? What we found is that buildta ground truth database may actually easier than to rely on tools. Big data to the rescue

08.04.2025 17:00 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

In Switzerland we take our security and our pocket knives seriously. That's why you can buy pocket knives right before boarding at Geneva airport. πŸ—‘οΈπŸ›«

08.04.2025 14:38 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0

It's not that hard to get an idea of what the target library is but it's quite hard to tease out the exact version and if there were any custom patches applied. Also, ML just does not scale to realistic datasets with millions of libraries due to training cost (and lack of precision/groundtruth)

07.04.2025 07:01 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

I'm fairly happy with AI solving simple parsing and data processing tasks. Things that would have taken me a few hours to code may take 15min now, mostly saving time looking up APIs/docs. But it's not very useful for complex problems

24.03.2025 22:32 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Had the exact same path but added LinkedIn as well after Twitter's demise. Now I'm still cross-posting across the three networks, none of them is a viable replacement (yet)

02.03.2025 09:05 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Good bye San Diego and #NDSS25, it was a pleasure. Until next year (hopefully) for #NDSS26. What an amazing trip overall with great discussions, the best tacos and the best people! nebelwelt.net/blog/2025/02...

28.02.2025 00:07 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Dumpling: dumping fine-grained execution state JavaScript engines face a dilemma: on one end, they need to be extremely efficient as they are processing millions of lines of JavaScript code,...

To anyone fuzzing JavaScript: check out Dumpling, our new oracle for precise state comparison #NDSS25. nebelwelt.net/blog/2025/02...

27.02.2025 19:36 β€” πŸ‘ 6    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
QMSan: discovering uninitialized memory errors in binaries Sanitizers serve as the primary bug detection Oracle during automated testing. They

Did you always want to fuzz with #MSan but were worried about false positives? Fear no more, with QMsan #NDSS25, we create a binary-rewriting based approach that reduces false positives efficiently! nebelwelt.net/blog/2025/02...

27.02.2025 16:18 β€” πŸ‘ 5    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Truman: discovering hypervisor bugs through virtual device models Hypervisors power not just the cloud but are becoming a commodity in mobile phones and desktops as well. They separate virtual machines from each...

Interested in #fuzzing #hypervisors? With Truman we create precise device models that are state-aware and precisely mutate message sequences #NDSS25 nebelwelt.net/blog/2025/02...

27.02.2025 16:17 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

I'm on my way to San Diego for Internet Society's yearly Symposium on Networked and Distributed Systems. If you're around, reach out and ping me if you want to go for a run along the beach in the morning! πŸƒ #NDSS25

24.02.2025 09:37 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Great summary of the benefits of memory safety. For security, one key angle is IMO missing: compartmentalization which will contain faults and enable higher level reasoning about control and data flow across compartments.

23.02.2025 13:02 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

As always, the congress #38c3 was amazing. Lots of great discussions, insane hacks, and some secret adventures. Check out my blog with some recommended talks: nebelwelt.net/blog/2024/12...

30.12.2024 17:04 β€” πŸ‘ 12    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

Luca and Rokhaya rocking the #38c3 stage, shitting on ML and ranting about binary similarity. What a fun talk! events.ccc.de/congress/202...

29.12.2024 19:27 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

This Salt Typhoon stuff is insane. The entire FISA surveillance infrastructure has been completely owned by China and literally no part of our telecom infrastructure is safe to use without end-to-end encryption.

29.12.2024 09:50 β€” πŸ‘ 898    πŸ” 325    πŸ’¬ 27    πŸ“Œ 28
Post image

Tomorrow I'll present a talk in CCC, "Ultrawide Android Archaeology". We uncover how massively outdaded native libraries are (still vulnerable to 5+ yrs old CVEs) and we also use the occasion to rant on ML. Find me tomorrow at 20:15 in Saal Glitch! #38c3

28.12.2024 16:37 β€” πŸ‘ 9    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
38c3: Wir wissen wo dein Auto steht - Volksdaten von Volkswagen Welche Folgen hat es, wenn VW massenhaft Fahrzeug-, Bewegungs- und Diagnosedaten sammelt und den SchlΓΌssel unter die Fußmatte legt? Was verraten Fahrzeugdaten ΓΌber die MobilitΓ€t von BehΓΆrden, Γ„mtern,...

As it turns out, Volkswagen has been collecting extensive geo data from all their electric cars and made them available online in an AWS bucket. Almost 10TB of geo traces from 15 MiO cars. Amazing detail and patterns. This is why I don't want a smart car 🀯 events.ccc.de/congress/202... #Volksdaten

27.12.2024 21:52 β€” πŸ‘ 31    πŸ” 12    πŸ’¬ 3    πŸ“Œ 1
From Fuzzing to Frameworks: 2024 Research Highlights 2024 was an active year for the HexHive research group, marked by tireless efforts to enhance the security of various complex systems. A key trend...

2024 has been an exciting year! We pushed the boundaries of fuzzing and ventured into Android security, uncovering some fascinating bugs along the way. Don’t miss the highlights: check out my latest blog post for a summary with links to some of our most fun papers: nebelwelt.net/blog/2024/12...

27.12.2024 15:45 β€” πŸ‘ 11    πŸ” 0    πŸ’¬ 0    πŸ“Œ 1
Preview
Breaking: Cyberhaven Chrome Extension Compromised in Holiday Attack Campaign An attacker successfully phished a Cyberhaven employee, gained access to Chrome Web Store admin credentials, published a malicious version of the extension

Security startups need to be super vigilant. They become targets of sophisticated attacks as supply chain attacks increase www.vulnu.com/p/breaking-c...

27.12.2024 07:45 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

The two times I missed CCC, I really regretted it. Come back to the dark side, we have cookies!

26.12.2024 23:12 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Arrived in Hamburg for #38c3. Reach out if you want to meet up to talk security, crappy software or other shenanigans. πŸ‘ΎπŸ‘ΎπŸ‘Ύ

26.12.2024 20:51 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0