Great time at the Intel Academic Security Conference hosted by Intel Labs! 🚀 I presented our work on SecureCells & PtrShield. #Security #Research #Intel Full details: infosec.exchange/@gannimo/115...

On my way to Seattle for #Usenix #SEC25. Looking forward to catch up with all of you folks to chat about security, systems, fuzzing, mobile systems, and confidential computing. Also, if you brought your running shoes, let me know!

Last week, @icepfl.bsky.social hosted #LakeCTF, a major academic CTF competition with amazing challenges. Congrats to @polygl0ts.ch for the flawless organization! I especially enjoyed the retro-challenges on real devices, especially hacking old basic interpreters! 👾👾👾 actu.epfl.ch/news/zer0roc...

So many amazing papers at #IEEESSP Oakland'25 this year. Congratulations to all authors on your accepted papers and an amazing program overall. Sadly, I couldn't make it this year but my fallback program to go hike with the kids was not too bad either!

Today I received my first spear phishing attempt with a great context and reasonable request. 🤩🤩🤩 Does that mean I'm important now?

These two selfies are less than 24hrs and less than 50km apart from each other. One of the reasons why I love #EPFL and Switzerland

The universe is sending a very clear signal that I should stay TF out of France. Flight cancelled after 3hr delay and we ended up driving all night because no flights or trains were available the next three days. Thanks #easyjet!

The #THcon organizers suggested that I take a hotel in the city center and commute to the conference. In spite of bad past experiences in every major city in France, I took their advice and learned why Toulouse does not have a problem with transport strikes: they got rid of the conductors!

What great fun to speak at #THCON2025 in Toulouse and present some of the #HexHive research on Android (in-)security. Find me if you want to nerd out about fuzzing, system mitigations, and any insecure components.

In Switzerland we take our security and our pocket knives seriously. That's why you can buy pocket knives right before boarding at Geneva airport. 🗡️🛫

Good bye San Diego and #NDSS25, it was a pleasure. Until next year (hopefully) for #NDSS26. What an amazing trip overall with great discussions, the best tacos and the best people! nebelwelt.net/blog/2025/02...

To anyone fuzzing JavaScript: check out Dumpling, our new oracle for precise state comparison #NDSS25. nebelwelt.net/blog/2025/02...

Did you always want to fuzz with #MSan but were worried about false positives? Fear no more, with QMsan #NDSS25, we create a binary-rewriting based approach that reduces false positives efficiently! nebelwelt.net/blog/2025/02...

Interested in #fuzzing #hypervisors? With Truman we create precise device models that are state-aware and precisely mutate message sequences #NDSS25 nebelwelt.net/blog/2025/02...

I'm on my way to San Diego for Internet Society's yearly Symposium on Networked and Distributed Systems. If you're around, reach out and ping me if you want to go for a run along the beach in the morning! 🏃 #NDSS25

Great summary of the benefits of memory safety. For security, one key angle is IMO missing: compartmentalization which will contain faults and enable higher level reasoning about control and data flow across compartments.

As always, the congress #38c3 was amazing. Lots of great discussions, insane hacks, and some secret adventures. Check out my blog with some recommended talks: nebelwelt.net/blog/2024/12...

Luca and Rokhaya rocking the #38c3 stage, shitting on ML and ranting about binary similarity. What a fun talk! events.ccc.de/congress/202...

This Salt Typhoon stuff is insane. The entire FISA surveillance infrastructure has been completely owned by China and literally no part of our telecom infrastructure is safe to use without end-to-end encryption.

Tomorrow I'll present a talk in CCC, "Ultrawide Android Archaeology". We uncover how massively outdaded native libraries are (still vulnerable to 5+ yrs old CVEs) and we also use the occasion to rant on ML. Find me tomorrow at 20:15 in Saal Glitch! #38c3

As it turns out, Volkswagen has been collecting extensive geo data from all their electric cars and made them available online in an AWS bucket. Almost 10TB of geo traces from 15 MiO cars. Amazing detail and patterns. This is why I don't want a smart car 🤯 events.ccc.de/congress/202... #Volksdaten

2024 has been an exciting year! We pushed the boundaries of fuzzing and ventured into Android security, uncovering some fascinating bugs along the way. Don’t miss the highlights: check out my latest blog post for a summary with links to some of our most fun papers: nebelwelt.net/blog/2024/12...

Security startups need to be super vigilant. They become targets of sophisticated attacks as supply chain attacks increase www.vulnu.com/p/breaking-c...

Arrived in Hamburg for #38c3. Reach out if you want to meet up to talk security, crappy software or other shenanigans. 👾👾👾

Fun day, snow day, ski day! ⛷️

The yearly academic security circus concludes. Exponential growth continues with 1146 published papers (vs 947 in '23 and 93 in '05). Essentially, we published 14% of all security papers this year. Two authors cracked 100 papers and 13 published >=10 this year. Details: nebelwelt.net/pubstats/top...

LakeCTF qualifications are now over! 🥇 .;,;. 🥈 Zer0RocketWrecks 🥉 DiceGang Congratulations to the winners, see you in Lausanne for the finals! 😄

1/ 📘 Could ChatGPT get an engineering degree? Spoiler, yes! In our new @pnas.org article, we explore how AI assistants like GPT-4 perform in STEM university courses — and on average they pass a staggering 91.7% of core courses. 🧵 #AI #HigherEd #STEM #LLMs #NLProc

As a group, our core research focus is system security. We therefore now that the best (thesis) defense is a great thesis offense. We therefore spent a training event in axe throwing (after last year's archery and fencing two years ago). I wonder what we should do next year?

Ah, this smells like twitter from around 10 years ago. Now how do I find interesting people on this platform?