Good luck, and exciting times for XBOW!
30.07.2025 11:13 — 👍 2 🔁 0 💬 0 📌 0
Linux Kernel Hardening: Ten Years Deep
Talk by Kees Cook about the relevance of various Linux kernel vulnerability classes and the mitigations that address them.
Video: www.youtube.com/watch?v=c_Nx...
Slides: static.sched.com/hosted_files...
15.07.2025 16:42 — 👍 7 🔁 3 💬 0 📌 0
Oh cool! I’m probably more interested in different frontends; I’ll leave accelerating to the professionals 😄
10.07.2025 02:43 — 👍 0 🔁 0 💬 0 📌 0
GitHub - sandialabs/ctadl: CTADL is a static taint analysis tool
CTADL is a static taint analysis tool. Contribute to sandialabs/ctadl development by creating an account on GitHub.
CTADL - a Datalog-based interprocedural static taint analysis engine for Java/Android bytecode (via JADX) and Pcode (via Ghidra)
Code: github.com/sandialabs/c...
Talk (via @krismicinski.bsky.social): youtu.be/3ec9VfMUVa8?...
09.07.2025 10:10 — 👍 9 🔁 2 💬 1 📌 0
Woah totally missed that CTDL is open source 🥳
09.07.2025 07:49 — 👍 2 🔁 0 💬 0 📌 0
A side by side comparison of the original output by Ghidra, and the LLM enriched output.
Ghidra, scripting, LLM, automagic automation. That should grab the attention for this thread. If you want to read the complete blog, you can do so here: www.trellix.com/blogs/resear...
1/n
01.07.2025 12:35 — 👍 8 🔁 5 💬 1 📌 0
Estimating Correctness Without Oracles in LLM-Based Code Generation
Generating code from natural language specifications is one of the most successful applications of Large Language Models (LLMs). Yet, they hallucinate: LLMs produce outputs that may be grammatically c...
Can we statistically estimate how likely an LLM-generated program is correct w/o knowing what is a correct program for that task?
Sounds impossible-but it's actually really simple. In fact, our measure of "correctness" called incoherence can be estimated (PAC guarantees).
arxiv.org/abs/2507.00057
02.07.2025 07:26 — 👍 11 🔁 3 💬 3 📌 2
Firmwire 🤝 LibAFL
17.06.2025 09:28 — 👍 8 🔁 1 💬 0 📌 0
Just Accepted to ACM TOSEM!
The "Havoc Paradox" is about the relationship between byte-level fuzzer mutations and their effect on the inputs produced by generators for structured strings (e.g. XML/SQL). Can disruptive mutations be controlled? Should they be? Find out.
📄 dl.acm.org/doi/pdf/10.1...
06.06.2025 19:02 — 👍 21 🔁 3 💬 2 📌 1
DWARF as a Shared Reverse Engineering Format
This blog post introduces a new API in LIEF to create DWARF files
[Blog Post] New high-level API in LIEF that allows the
creation of DWARF files. Additionally, I present two plugins designed to export
program information from Ghidra and BinaryNinja into a DWARF file.
lief.re/blog/2025-05...
(Bonus: DWARF file detailing my reverse engineering work on DroidGuard)
27.05.2025 13:50 — 👍 21 🔁 15 💬 1 📌 0
Happy to share my upcoming #ATC25 paper w/ @snagycs.bsky.social: "BIN2WRONG: a Unified Fuzzing Framework for Uncovering Semantic Errors in Binary-to-C Decompilers"!
Bin2Wrong creates binaries by mutating source, compiler, optimizations, and format—revealing 48 new bugs in 7 decompilers! 💪
22.05.2025 20:02 — 👍 4 🔁 2 💬 1 📌 0
👀
20.05.2025 21:23 — 👍 1 🔁 0 💬 0 📌 0
Kernel Exploitation Techniques: Turning The (Page) Tables
This post explores attacking page tables as a Linux kernel exploitation technique for gaining powerful read/write primitives.
with offensivecon around the corner, i figured id write another post on linux kernel exploitation techniques - this time i cover the world of page table exploitation! enjoy 🤓
sam4k.com/page-table-k...
08.05.2025 13:58 — 👍 13 🔁 4 💬 1 📌 0
Decompiler | ipsw
Using the AI decompiler.
Wrote a lil' guide to help get people started with the 🆕 `ipsw` AI decompiler 📖
blacktop.github.io/ipsw/docs/gu...
05.05.2025 22:28 — 👍 2 🔁 1 💬 0 📌 0
Can confirm the hardware lab is pretty cool 😎
30.04.2025 23:05 — 👍 4 🔁 1 💬 0 📌 0
In today's #AST2025 keynote on our new #Fandango fuzzer, I presented ongoing extensions for protocol fuzzing, oracle checking, coverage guidance, much more. Slides now available: conf.researchr.org/details/ast-...
28.04.2025 19:09 — 👍 13 🔁 3 💬 1 📌 0
Fuzzing Windows ARM64 binaries with a DBI and LLVM?
Here we go: www.romainthomas.fr/post/25-04-w...
28.04.2025 12:36 — 👍 4 🔁 5 💬 0 📌 0
SURE 2025 | The Workshop on Software Understanding and Reverse Engineering
The Workshop on Software Understanding and Reverse Engineering
I'm proud to announce that myself and @AtipriyaBajaj have created the Workshop on Software Understanding and Reverse Engineering (SURE), which will be co-located at CCS 2025. sure-workshop.org/
Please follow our workshop account @sureworkshop and RT it for visibility :).
25.04.2025 16:30 — 👍 7 🔁 6 💬 1 📌 0
the guy who reversed the denuvo drm
@momo5502.bsky.social works on a high-perf windows emulator for security research.
I noticed that it supports icicle as a backend, a fuzzing-specific emulator. awesome to see academic work being continuously developed and making it into the real world
23.04.2025 19:16 — 👍 6 🔁 3 💬 2 📌 0
Woah this is really cool! Agreed, good to see academic work like icicle being picked up and built upon.
24.04.2025 00:10 — 👍 1 🔁 0 💬 0 📌 0
happy easter
About to celebrate Easter with your family but don't know what to talk about at the table?
Then don't lose time and read our new article about RPAC!
Written by @zadig.trollab.org !
blog.epsilon-sec.com/cve-2025-312...
20.04.2025 04:03 — 👍 3 🔁 4 💬 0 📌 0
Creating breakthrough technologies for national security.
Committed to a welcoming, vibrant & flourishing #Haskell community!
Here we talk about community updates, software engineering and the joy of programming.
Find us on https://haskell.org and https://blog.haskell.org
Racket is...
* A language-oriented programming project
* a family of programming languages
* a native code compiler and other tools,
* a diverse community 😁
Join us at https://racket.discourse.group/
https://racket-lang.org/
The 34th edition of the ACM SIGSOFT International Symposium on Software Testing and Analysis
Trondheim, Norway // 25-28 June 2025
https://conf.researchr.org/home/issta-2025
Assoc. prof. at Uppsala University, working in programming languages and verification
Elmore New Frontiers Professor @PurdueCS | Ex @Meta @UWaterloo @IllinoisCDS @MSFTResearch @IBMResearch | #SE #TextAnalytics #LLM4Code #AI #Security
https://www.cs.purdue.edu/homes/lintan/
Assistant Professor, Nara Institute of Science and Technology, Japan. Software Design and Analysis Lab. From Adelaide, Australia. 🦘
https://brittany-reid.github.io/
Bringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. Watch XBOW hack things: https://xbow.com/traces
ML/AI researcher & former stats professor turned LLM research engineer. Author of "Build a Large Language Model From Scratch" (https://amzn.to/4fqvn0D). Blogging about AI research at magazine.sebastianraschka.com.
Everything is always broken. Googler by day. #BinDiff maintainer. My tweets, my opinion.
During my lifetime, CO2 increased by 67.84ppm (so far).
http://pronoun.is/he
Senior reporter at @CybersecurityDive.bsky.social covering all things digital security. I also co-host Hoth Takes. | Send me tips: bit.ly/contactejg
Journalist - cyber/natn'l security. Speaker. Georgetown adjunct prof. Author - COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon
Signal: KimZ.42
https://www.zetter-zeroday.com
Cybersecurity & Threat Intelligence. Knowledge is power, France is bacon 🥓
I am a professor in the computer sciences at UW-Madison. My technical interests in trustworthy ML, formal methods, and security.
My other interests are Indian classical music, mindfulness, tennis, and pickleball.
Part human, part bot, 100% UNOFFICIAL. I track Australian Research Council grant outcomes. Bot checks outcomes announcements each min. DMs open. FAQ: https://tinyurl.com/ARC-Tracker-FAQ
An independent organisation of distinguished Australian scientists, championing science for the benefit of all.
Learn more about our Global Talent Attraction Program science.org.au/gtap
