Adrian Herrera

Check out the latest from our Labs! Gilbert, in our Browsers team, talks us through how he used one-click memory corruption to exploit a patch-gap in the UC Browser.

www.interruptlabs.co.uk/articles/one...

Excited to be here with the Interrupt crew!

Hmm that makes sense. Unfortunately I don’t have a better solution 😕

I was wondering the same thing the other day! For now I’m just copy+pasting rich text from vs code into PowerPoint, which copies across all the syntax highlighting. I don’t like having code as images.

SURE is proud to announce that we have **9** epic works that have been accepted for presentation at SURE on October 13. Topics span decompilation, (de)obfuscation, debugging, fundamental benchmarks, and more!

sure-workshop.org/pa... (paper links out soon)

Jeez these are nightmare-inducing

Oh wow that’s so cool 💜

Created Go bindings for Apple's Hypervisor.framework.

Why? Because I wanted to test a Pure Go emulator I'm writing against and couldn't get unicorn2 to work on macOS 26. Plus what's going to be faster than Apple's OWN hypervisor 😎

Check it out! 🎉

github.com/blacktop/go-...

Check out our latest blog post on modeling complex control flow with function-level basic block analysis in Binary Ninja 5.1. From DSPs to Brain***k, this update makes it easier to develop plugins for tricky architectures. binary.ninja/2025/08/12/f...

🛬 I'm at USENIX Security in Seattle this week, where on Friday at 2pm my former postdoc Tristan Benoit will be presenting our paper "BLens: Contrastive Captioning of Binary Functions using Ensemble Embedding," joint work with Yunru Wang and Moritz Dannehl from my group. Here's the gist:

WOOT '25 Technical Sessions All sessions will be held in Room 611-612 unless otherwise noted.

WOOT 2025 schedule, all papers are now online open access:
usenix.org/conference/w...
Talks are recorded, and should be online in a few weeks.

Exploiting the Synology TC500 at Pwn2Own Ireland 2024 Introduction In October 2024, InfoSect participated in Pwn2Own – a bug bounty competition against embedded devices such as cameras, NAS’, and smart speakers. In this blog, I’ll di…

New blog post: Exploiting the Synology TC500 at Pwn2Own Ireland 2024
We built a format string exploit for the TC500 smart cam. It didn’t get used, but it made for a fun case study.
blog.infosectcbr.com.au/2025/08/01/e...

Add V8SandboxFuzzer · googleprojectzero/fuzzilli@675eccd This is a basic fuzzer for the V8 Sandbox. It uses the memory corruption API to implement a random-but-deterministic (given a seed) traversal through the V8 heap object graph and corrupts some obje...

We released our Fuzzilli-based V8 Sandbox fuzzer: github.com/googleprojec...
It explores the heap to find interesting objects and corrupts them in a deterministic way using V8's memory corruption API. Happy fuzzing!

Good luck, and exciting times for XBOW!

Linux Kernel Hardening: Ten Years Deep

Talk by Kees Cook about the relevance of various Linux kernel vulnerability classes and the mitigations that address them.

Video: www.youtube.com/watch?v=c_Nx...
Slides: static.sched.com/hosted_files...

CVE-2023-52927: Turning a Forgotten #Syzkaller Report into #kCTF #Exploit

https://qriousec.github.io/post/cve-2023-52927/

Oh cool! I’m probably more interested in different frontends; I’ll leave accelerating to the professionals 😄

GitHub - sandialabs/ctadl: CTADL is a static taint analysis tool CTADL is a static taint analysis tool. Contribute to sandialabs/ctadl development by creating an account on GitHub.

CTADL - a Datalog-based interprocedural static taint analysis engine for Java/Android bytecode (via JADX) and Pcode (via Ghidra)

Code: github.com/sandialabs/c...

Talk (via @krismicinski.bsky.social): youtu.be/3ec9VfMUVa8?...

Woah totally missed that CTDL is open source 🥳

A side by side comparison of the original output by Ghidra, and the LLM enriched output.

Ghidra, scripting, LLM, automagic automation. That should grab the attention for this thread. If you want to read the complete blog, you can do so here: www.trellix.com/blogs/resear...
1/n

Estimating Correctness Without Oracles in LLM-Based Code Generation Generating code from natural language specifications is one of the most successful applications of Large Language Models (LLMs). Yet, they hallucinate: LLMs produce outputs that may be grammatically c...

Can we statistically estimate how likely an LLM-generated program is correct w/o knowing what is a correct program for that task?

Sounds impossible-but it's actually really simple. In fact, our measure of "correctness" called incoherence can be estimated (PAC guarantees).

arxiv.org/abs/2507.00057

Firmwire 🤝 LibAFL

Solo: A Pixel 6 Pro Story (When one bug is all you need) During my internship I was tasked to analyze a Mali GPU exploit on Pixel 7/8 devices and adapt it to make it work on another device: the Pixel 6 Pro. While the exploit process itself is relatively straightforward to reproduce (in theory we just need to find the correct symbol offsets and signatures for our target device), what’s interesting about Pixel 6 Pro is that it uses a different Mali GPU from the Pixel 7/8, which lacked support for a feature that one of the two vulnerabilities within the exploit relied on:

Solo: A Pixel 6 Pro Story (When one #bug is all you need)

https://starlabs.sg/blog/2025/06-solo-a-pixel-6-pro-story-when-one-bug-is-all-you-need/

Just Accepted to ACM TOSEM!

The "Havoc Paradox" is about the relationship between byte-level fuzzer mutations and their effect on the inputs produced by generators for structured strings (e.g. XML/SQL). Can disruptive mutations be controlled? Should they be? Find out.

📄 dl.acm.org/doi/pdf/10.1...

DWARF as a Shared Reverse Engineering Format This blog post introduces a new API in LIEF to create DWARF files

[Blog Post] New high-level API in LIEF that allows the
creation of DWARF files. Additionally, I present two plugins designed to export
program information from Ghidra and BinaryNinja into a DWARF file.

lief.re/blog/2025-05...

(Bonus: DWARF file detailing my reverse engineering work on DroidGuard)

Bypassing MTE with CVE-2025-0072 See how a vulnerability in the Arm Mali GPU can be exploited to gain kernel code execution even when Memory Tagging Extension (MTE) is enabled.

Our team member Man Yue Mo is back, showing a new way to bypass MTE protection on Android phones with CVE-2025-0072. github.blog/security/vul...

Happy to share my upcoming #ATC25 paper w/ @snagycs.bsky.social: "BIN2WRONG: a Unified Fuzzing Framework for Uncovering Semantic Errors in Binary-to-C Decompilers"!

Bin2Wrong creates binaries by mutating source, compiler, optimizations, and format—revealing 48 new bugs in 7 decompilers! 💪

GitHub - binarly-io/idalib: Idiomatic Rust bindings for the IDA SDK, enabling the development of standalone analysis tools using IDA v9.x’s idalib Idiomatic Rust bindings for the IDA SDK, enabling the development of standalone analysis tools using IDA v9.x’s idalib - binarly-io/idalib

We're are happy to announce a new release of our #Rust bindings for idalib.

What's new:
- New APIs for working with IDBs, segments, and more
- Rust 2024 support
- New homepage: idalib.rs

H/T to our contributors @yeggor.bsky.social & @raptor.infosec.exchange.ap.brid.gy

github.com/binarly-io/i...

👀

Kernel Exploitation Techniques: Turning The (Page) Tables This post explores attacking page tables as a Linux kernel exploitation technique for gaining powerful read/write primitives.

with offensivecon around the corner, i figured id write another post on linux kernel exploitation techniques - this time i cover the world of page table exploitation! enjoy 🤓

sam4k.com/page-table-k...