Slava Moskvin's Avatar

Slava Moskvin

@sl4v.bsky.social

Hacker

12 Followers  |  25 Following  |  9 Posts  |  Joined: 07.02.2024  |  1.7263

Latest posts by sl4v.bsky.social on Bluesky

Preview
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation In this post I’ll show you how I found a zeroday vulnerability in the Linux kernel using OpenAI’s o3 model. I found the vulnerability with nothing more complicated than the o3 API &#821…

Proof that AI can now find 0-days even w/o agents or advanced tooling. Also pretty cool: o3 managed to find the vulnerability only 8 out of 100 times. I hadn’t realized it might take that many tries to get a useful result from AI.

sean.heelan.io/2025/05/22/h...

#linux #infosec #llm

19.06.2025 19:46 — 👍 0    🔁 0    💬 0    📌 0
Preview
An inside look at NSA (Equation Group) TTPs from China’s lense

The sheer scale of this operation, as well as the investigation, is fascinating www.inversecos.com/2025/02/an-i...

02.03.2025 20:43 — 👍 0    🔁 0    💬 0    📌 0
Preview
Fuzzing Chromes JavaScript Engine v8 tltr; I developed a coverage-guided (v8) JavaScript fuzzer similar to  Fuzzilli  (but without an intermediate language and developed in Py...

Creating a fuzzer for Chrome’s V8. Down to earth blogpost w/o any illusions apt29a.blogspot.com/2022/01/fuzz...

16.02.2025 09:58 — 👍 0    🔁 0    💬 0    📌 0
Finding Bugs in Kernel. Part 2: Fuzzing the Actual Kernel · Slava Moskvin

Fuzzing the Linux kernel: start the campaign, go to sleep, wake up to mysteries you may never solve. Here’s what happened when I took on TIPC network subsystem in Linux: slavamoskvin.com/finding-bugs...
#fuzzing #cybersecurity #pentesting #kernel

02.02.2025 12:15 — 👍 0    🔁 0    💬 0    📌 0
Finding Bugs in Kernel. Part 1: Crashing a Vulnerable Driver with Syzkaller · Slava Moskvin

Setting up syzkaller and crashing a vulnerable driver: slavamoskvin.com/finding-bugs...

#linux #infosec #fuzzing

26.12.2024 19:57 — 👍 0    🔁 0    💬 0    📌 0
Preview
Recovering a full PEM Private Key when half of it is redacted The @CryptoHack__ account was pinged today by ENOENT, with a CTF-like challenge found in the wild: Source tweet. Here’s a write-up covering how given a partially redacted PEM, the whole private key ca...

- A wild read on recovering a RSA private key when half of it is redacted: blog.cryptohack.org/twitter-secr...

16.12.2024 21:03 — 👍 0    🔁 0    💬 0    📌 0
A gentle introduction to Linux Kernel fuzzing For some time I’ve wanted to play with coverage-guided fuzzing. I decided to have a go at the Linux Kernel netlink machinery. It's a good target: it's an obscure part of kernel, and it's relatively e...

- Old, but still really interesting article from Cloudflare about hacking AFL to fuzz linux kernel with coverage gathered from KCOV blog.cloudflare.com/a-gentle-int...
- Expansion on the ideas of the previous article from R00tkitSMM: r00tkitsmm.github.io/fuzzing/2024...

16.12.2024 21:03 — 👍 0    🔁 0    💬 1    📌 0
Preview
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and e...

This year, I came across many articles, but those really caught my eye:

Google Project Zero's LLM-fuzzing series where they're using LLMs to generate fuzzing test cases
googleprojectzero.blogspot.com/2024/06/proj...
googleprojectzero.blogspot.com/2024/10/from...

16.12.2024 21:03 — 👍 0    🔁 0    💬 1    📌 0
Post image

I tried to discover the same bug in a linux kernel module with and without KASAN. Here's what's happened: slavamoskvin.com/hunting-bugs...
#linux #fuzzing #cybersecurity

16.11.2024 00:26 — 👍 2    🔁 0    💬 0    📌 0

@sl4v is following 19 prominent accounts