dest, src, size's Avatar

dest, src, size

@destsrcsize.bsky.social

Professional disassembly enthusiast

23 Followers  |  161 Following  |  2 Posts  |  Joined: 10.11.2024  |  1.5411

Latest posts by destsrcsize.bsky.social on Bluesky

Preview
Exploiting the Tesla Wall connector from its charge port connector An interesting attack surface Over the past few years, Synacktiv has been analyzing Tesla vehicles for the Pwn2Own competition.

ICYMI, @synacktiv.com's Pwn2Own walkthrough, exploiting a Tesla Wall via the charging port is a good Friday read.

After a firmware downgrade, they found a debug shell via the access point used during setup, ultimately using this to gain EIP.

www.synacktiv.com/en/publicati...

18.07.2025 16:22 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

Everyone needs to see this once in awhile.

09.06.2025 16:17 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Fuzz Introspector: enabling rapid fuzz introspection tool development

"Fuzz Introspector: enabling rapid fuzz introspection tool development" -- a new blog post on Fuzz Introspector and how it is moving into supporting analysis as a pure python library. #fuzzing #program-analysis See the blog post: adalogics.com/blog/fuzz-in...

14.02.2025 13:07 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
AIScholar - Paper Database

aischolar.0x434b.dev Pretty cool project by @434b.bsky.social: A neat web interface to explore security (and in particular: Fuzzing) papers with AI summaries. Seems super useful to get/stay up to date with recent papers :)

04.02.2025 15:29 β€” πŸ‘ 10    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Post image

Our paper on efficient automated exploit generation has been accepted to USENIX Security '25.

The gist: instead of generating individual attacks, we synthesise the whole *programming language* that expresses many exploits and guarantees their realisability.

Paper: ilyasergey.net/assets/pdf/p...

02.02.2025 06:35 β€” πŸ‘ 47    πŸ” 7    πŸ’¬ 2    πŸ“Œ 0
Post image

A Brief JavaScriptCore RCE Story:

qriousec.github.io/post/jsc-uni...

#cybersecurity #informationsecurity #rce #javascript #vulnerability

19.01.2025 14:31 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image


πŸ₯³πŸ“° Very happy and proud that our paper on finding backdoors with fuzzing was accepted at the main track of @icseconf.bsky.social!

More details to follow soon πŸ™‚

Congratulations and thank you to my students Dimitri Kokkonis and Emilien Decoux and co-supervisor Stefano Zacchiroli!

20.01.2025 10:35 β€” πŸ‘ 9    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Post image

Futex is an under-appreciated Linux system call that backs almost everything you do that involves concurrency behind the scenes. HuguesEvrard and I wrote a paper on using model checking to analyse futex-based concurrency primitives. Check it out! doc.ic.ac.uk/~afd/papers/...

20.01.2025 13:46 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 1    πŸ“Œ 1

2024 is almost done, so here’s a thread on my 5 favorite fuzzing papers published this year. In no particular orderβ€¦πŸ§΅

30.12.2024 21:17 β€” πŸ‘ 6    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Post image Post image

Exploiting a use-after-free vulnerability in the afd.sys Windows driver (CVE-2024-38193)

blog.exodusintel.com/2024/12/02/

Credits Luca Ginex

#windows #infosec

15.12.2024 11:20 β€” πŸ‘ 9    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - tomitokics/IOSurface_poc18 Contribute to tomitokics/IOSurface_poc18 development by creating an account on GitHub.

github.com/tomitokics/I...

02.12.2024 23:25 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Advanced Fuzzing With LibAFL @ Ekoparty 2024 Advanced Fuzzing With LibAFL Dominik Maier Ekoparty 2024-11-15 1

Slides for my @ekoparty talk "Advanced Fuzzing
With LibAFL"
- >
docs.google.com/presentation...

15.11.2024 19:27 β€” πŸ‘ 44    πŸ” 21    πŸ’¬ 0    πŸ“Œ 1
Preview
GitHub - MzHmO/Exploit-Street: Complete list of LPE exploits for Windows (starting from 2023) Complete list of LPE exploits for Windows (starting from 2023) - MzHmO/Exploit-Street

github.com/MzHmO/Exploi...

14.11.2024 23:28 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Pishi: Coverage guided macOS KEXT fuzzing. This blog post is the result of some weekend research, where I delved into Pishi, a static macOS kernel binary rewriting tool. During the weekdays, I focus on Linux kernel security at my job and would...

This awesome fuzzing blog post by @r00tkitsmm.bsky.social covers a super reliable macOS kernel binary rewriting to instrument any KEXT or XNU at BB or edge level. Mandatory reading for anyone interested in fuzzing whether you use MacOS or not. So many good system internals and fuzzing references!

10.11.2024 02:21 β€” πŸ‘ 37    πŸ” 15    πŸ’¬ 2    πŸ“Œ 0

@destsrcsize is following 20 prominent accounts