Sam Thomas

vx-underground Black Mass Volume III zine print edition, cover

Article “EFI Byte Code Virtual Machine, A Monster Emerges” in vx-underground Black Mass Volume III zine print edition

seeing my @vxundergroundre.bsky.social Black Mass article “EFI Byte Code Virtual Machine - A Monster Emerges” in the print copy of vol III at long last has me verklempt.
All the blood,sweat+tears that I poured into writing the first UEFI EBC virus were v worth it. 🖤

My GitHub contribution graph for the past year

Today I’m celebrating one year of #Rust! 🦀

I started learning it last summer, and since then, I’ve pretty much stopped programming in any other language. Over the past year, I’ve gone from playing with the basics to building some (hopefully 😜) useful […]

[Original post on infosec.exchange]

I'm pleased to announce a new version of the Rust bindings for IDA Pro! With:

- Improved strings, metadata, and core APIs.
- Support for the names API.

Thank you to @raptor.infosec.exchange.ap.brid.gy & Willi Ballenthin for contributing!

Docs: idalib.rs
Code: git.idalib.rs

Our research on open tunneling servers got nominated for the Most Innovative Research award :)

The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security

Brief summary and code: github.com/vanhoefm/tun...
Paper: papers.mathyvanhoef.com/usenix2025-t...

GitHub - sandialabs/ctadl: CTADL is a static taint analysis tool CTADL is a static taint analysis tool. Contribute to sandialabs/ctadl development by creating an account on GitHub.

CTADL - a Datalog-based interprocedural static taint analysis engine for Java/Android bytecode (via JADX) and Pcode (via Ghidra)

Code: github.com/sandialabs/c...

Talk (via @krismicinski.bsky.social): youtu.be/3ec9VfMUVa8?...

YouTube video by Kristopher Micinski Minnowbrook Logic Programming Seminar (Supercut w/ Extras)

May 25-27, 2025, I hosted an event, the "Minnowbrook Logic Programming Seminar," in Blue Mountain Lake, NY. I recorded 11 talks on Datalog-related interests, totaling over 9+ hours of video, which I have just now published on YouTube youtu.be/3ec9VfMUVa8

Exploring fault injection on ESP32 V3!

Inspired by Delvaux work, we tested voltage #glitching as an attack vector. With advanced triggers & GDB, we achieved a ~1.5% success rate. #Hardware #FaultInjection is becoming more practical! […]

🚨 Blog Post: ""A Human Study of Automatically Generated Decompiler Annotations" Published at DSN 2025" https://edmcman.github.io/blog/2025-06-16--a-human-study-of-automatically-generated-decompiler-annotations-published-at-dsn-2025/

placard saying protesting is our human right, with split image showing Westminister in the background

ONLY 5 DAYS LEFT

🚨 The Crime and Policing Bill is in the House of Commons on Tuesday 17.06.

We have 5 days left to email MPs to act.

MPs right now have the power to protect our protest rights.

We can’t let them ignore us.

📝 Take action: www.amnesty.org.uk/actions/emai...

Another Crack in the Chain of Trust: Uncovering (Yet Another) Secure Boot Bypass Comments

Another Crack in the Chain of Trust: Uncovering (Yet Another) #SecureBoot Bypass

https://www.binarly.io/blog/another-crack-in-the-chain-of-trust

#Hydroph0bia (CVE-2025-4275) - a trivial #SecureBoot bypass for UEFI-compatible firmware based on Insyde #H2O, part 1

https://coderush.me/hydroph0bia-part1/

ELF Linking and Symbol Resolution A summary on how linkers resolve symbols on Unix-like platforms

New blog post: noratrieb.dev/blog/posts/e...

My greatest achievement so far in the #rust ecosystem: the “security” category in crates.io is gaining traction 😉

https://crates.io/search?q=category%3Asecurity&sort=downloads

DWARF as a Shared Reverse Engineering Format This blog post introduces a new API in LIEF to create DWARF files

[Blog Post] New high-level API in LIEF that allows the
creation of DWARF files. Additionally, I present two plugins designed to export
program information from Ghidra and BinaryNinja into a DWARF file.

lief.re/blog/2025-05...

(Bonus: DWARF file detailing my reverse engineering work on DroidGuard)

Self-nomination for the Artifact Evaluation Committee of NDSS 2026 We are looking for members of the Artifact Evaluation Committee (AEC) of NDSS 2026. The Network and Distributed System Security symposium adopts an Artifact Evaluation (AE) process allowing authors t...

All papers should publish their code. Help realize this by becoming an artifact reviewer at NDSS'26, apply here: docs.google.com/forms/d/e/1F...

You'll review artifacts of accepted papers. We especially encourage junior/senior PhD students & PostDocs to help. Distinguished reviews will get awards!

GitHub - binarly-io/idalib: Idiomatic Rust bindings for the IDA SDK, enabling the development of standalone analysis tools using IDA v9.x’s idalib Idiomatic Rust bindings for the IDA SDK, enabling the development of standalone analysis tools using IDA v9.x’s idalib - binarly-io/idalib

We're are happy to announce a new release of our #Rust bindings for idalib.

What's new:
- New APIs for working with IDBs, segments, and more
- Rust 2024 support
- New homepage: idalib.rs

H/T to our contributors @yeggor.bsky.social & @raptor.infosec.exchange.ap.brid.gy

github.com/binarly-io/i...

🚨 Blog Post: "Re-compiling Decompiler Output" https://edmcman.github.io/blog/2025-05-02--re-compiling-ghidra-decompiler-output/

Proof Objects I Have Loved That proofs are things is a cool meta awareness that is one of the payoffs of studying mathematical logic.

[New Blog Post] Proof Objects I Have Loved www.philipzucker.com/proof_objects/

GitHub - ic3qu33n/REcon2024-GOP-Complex: REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev"" REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev"" - ic3qu33n/REcon2024-GOP-Complex

v happy to finally share my slides for my @reconmtl.bsky.social 2024 talk “GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev.” Really proud of this talk + v grateful to the amazing REcon team for another incredible con 🖤
github.com/ic3qu33n/REc...

My first official rust-lang contribution 😜

https://github.com/rust-lang/crates.io/pull/10905

On crates.io, you can now categorize your crate under “security” (“Crates related to cybersecurity, penetration testing, code review, vulnerability research, and reverse engineering.”) […]

Hex-Rays - Plugins & Apps Your description here

My idalib-based "vulnerability divination" tool suite is finally available in the official Hex-Rays Plugins & Apps repository! 🦀

https://plugins.hex-rays.com/search-results?search_term=0xdea

#idapro #idalib #vulnerabilityresearch
#reverseengineering

The difference between the paper and reality.

I've just pushed to crates.io updated releases of my #VulnerabilityResearch tools written in #Rust, compatible with Hex-Rays IDA Pro 9.1 and upgraded to the Rust 2024 Edition.

Thanks to @xorpse and Yegor Vasilenko at @binarly_io for the immediate update of their idalib Rust bindings!

For more […]

crates.io: Rust Package Registry

We @binarly.bsky.social are pleased to announce a new release of our Rust bindings for Hex-Rays IDA Pro (crates.io/crates/idalib) with support for the latest v9.1 release! Special thanks to @yeggor.bsky.social for taking care of the changes needed to make everything compatible with this release!

We’re Hiring – Tenured Faculty Positions in Cybersecurity!

CentraleSupélec is recruiting 2 tenured Ass. Prof. / Prof. in Cybersecurity at IRISA (UMR CNRS 6074), Rennes, France.

Application deadline: April 14, 2025
Full job details: team.inria.fr/sushi/files/...

Contact us before applying!

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 ESET researchers have discovered a vulnerability that affects the majority of UEFI-based systems and allows bypassing UEFI Secure Boot.

#ESETresearch discovered and reported to #certcc a vulnerability that allows bypassing UEFI Secure Boot on most UEFI-based systems. This vulnerability, #CVE-2024-7344, was found by x.com/smolar_m in a UEFI app signed by Microsoft’s 3rd-party UEFI certificate. welivesecurity.com/en/eset-rese... 🧵1/4

In this new @hnsec blog post, @MrAle_98@twitter.com demonstrates how to leverage the I/O Ring technique to bypass the latest #exploit mitigations, such as hypervisor-protected code integrity (#HVCI), and achieve local privilege elevation on a recent #Windows 11 […]

After an embargo of 8 months, we are glad to finally share our USENIX Security '25 paper! We found more than 4 MILLION vulnerable tunneling servers by scanning the Internet.

These vulnerable servers can be abused as proxies to launch DDoS attacks and possibly to access internal networks.

2025 is just around the corner. If #LearningRust is among your New Year’s resolutions, I’ve got you.

Following my ongoing #Rust series on the @hnsec blog (https://security.humanativaspa.it/tag/rust/) and adding something along the way, in the next days I’ll recommend the learning resources […]