@gannimo.bsky.social
📤 598
📥 105
📝 32
Great time at the Intel Academic Security Conference hosted by Intel Labs! 🚀 I presented our work on SecureCells & PtrShield.
#Security
#Research
#Intel
Full details:
infosec.exchange/@gannimo/115...
10 months ago
0
3
0
On my way to Seattle for
#Usenix
#SEC25
. Looking forward to catch up with all of you folks to chat about security, systems, fuzzing, mobile systems, and confidential computing. Also, if you brought your running shoes, let me know!
11 months ago
0
2
0
Last week,
@icepfl.bsky.social
hosted
#LakeCTF
, a major academic CTF competition with amazing challenges. Congrats to
@polygl0ts.ch
for the flawless organization! I especially enjoyed the retro-challenges on real devices, especially hacking old basic interpreters! 👾👾👾
actu.epfl.ch/news/zer0roc...
loading . . .
Zer0RocketWrecks has won LakeCTF, Switzerland's top Capture the Flag
Ten teams have taken part in the third edition of this security hacking contest organized by EPFL’s Capture the Flag team, the polygl0ts and the School of Computer and Communication Sciences.
https://actu.epfl.ch/news/zer0rocketwrecks-has-won-lakectf-switzerland-s-top/
about 1 year ago
0
3
1
So many amazing papers at
#IEEESSP
Oakland'25 this year. Congratulations to all authors on your accepted papers and an amazing program overall. Sadly, I couldn't make it this year but my fallback program to go hike with the kids was not too bad either!
about 1 year ago
0
3
0
Today I received my first spear phishing attempt with a great context and reasonable request. 🤩🤩🤩 Does that mean I'm important now?
about 1 year ago
1
3
0
These two selfies are less than 24hrs and less than 50km apart from each other. One of the reasons why I love
#EPFL
and Switzerland
about 1 year ago
0
3
0
The universe is sending a very clear signal that I should stay TF out of France. Flight cancelled after 3hr delay and we ended up driving all night because no flights or trains were available the next three days. Thanks
#easyjet
!
about 1 year ago
0
2
0
The
#THcon
organizers suggested that I take a hotel in the city center and commute to the conference. In spite of bad past experiences in every major city in France, I took their advice and learned why Toulouse does not have a problem with transport strikes: they got rid of the conductors!
about 1 year ago
0
1
0
What great fun to speak at
#THCON2025
in Toulouse and present some of the
#HexHive
research on Android (in-)security. Find me if you want to nerd out about fuzzing, system mitigations, and any insecure components.
about 1 year ago
0
3
0
In Switzerland we take our security and our pocket knives seriously. That's why you can buy pocket knives right before boarding at Geneva airport. 🗡️🛫
about 1 year ago
2
3
0
Good bye San Diego and
#NDSS25
, it was a pleasure. Until next year (hopefully) for
#NDSS26
. What an amazing trip overall with great discussions, the best tacos and the best people!
nebelwelt.net/blog/2025/02...
over 1 year ago
1
4
0
To anyone fuzzing JavaScript: check out Dumpling, our new oracle for precise state comparison
#NDSS25
.
nebelwelt.net/blog/2025/02...
loading . . .
Dumpling: dumping fine-grained execution state
JavaScript engines face a dilemma: on one end, they need to be extremely efficient as they are processing millions of lines of JavaScript code,...
https://nebelwelt.net/blog/2025/0226-dumpling.html
over 1 year ago
0
6
0
Did you always want to fuzz with
#MSan
but were worried about false positives? Fear no more, with QMsan
#NDSS25
, we create a binary-rewriting based approach that reduces false positives efficiently!
nebelwelt.net/blog/2025/02...
loading . . .
QMSan: discovering uninitialized memory errors in binaries
Sanitizers serve as the primary bug detection Oracle during automated testing. They
https://nebelwelt.net/blog/2025/0226-qmsan.html
over 1 year ago
0
5
1
Interested in
#fuzzing
#hypervisors
? With Truman we create precise device models that are state-aware and precisely mutate message sequences
#NDSS25
nebelwelt.net/blog/2025/02...
loading . . .
Truman: discovering hypervisor bugs through virtual device models
Hypervisors power not just the cloud but are becoming a commodity in mobile phones and desktops as well. They separate virtual machines from each...
https://nebelwelt.net/blog/2025/0226-truman.html
over 1 year ago
0
2
1
I'm on my way to San Diego for Internet Society's yearly Symposium on Networked and Distributed Systems. If you're around, reach out and ping me if you want to go for a run along the beach in the morning! 🏃
#NDSS25
over 1 year ago
0
2
0
Great summary of the benefits of memory safety. For security, one key angle is IMO missing: compartmentalization which will contain faults and enable higher level reasoning about control and data flow across compartments.
add a skeleton here at some point
over 1 year ago
0
2
0
As always, the congress
#38c3
was amazing. Lots of great discussions, insane hacks, and some secret adventures. Check out my blog with some recommended talks:
nebelwelt.net/blog/2024/12...
over 1 year ago
0
12
1
Luca and Rokhaya rocking the
#38c3
stage, shitting on ML and ranting about binary similarity. What a fun talk!
events.ccc.de/congress/202...
over 1 year ago
0
5
0
reposted by
Matthew Green
over 1 year ago
This Salt Typhoon stuff is insane. The entire FISA surveillance infrastructure has been completely owned by China and literally no part of our telecom infrastructure is safe to use without end-to-end encryption.
27
893
349
reposted by
over 1 year ago
Tomorrow I'll present a talk in CCC, "Ultrawide Android Archaeology". We uncover how massively outdaded native libraries are (still vulnerable to 5+ yrs old CVEs) and we also use the occasion to rant on ML. Find me tomorrow at 20:15 in Saal Glitch!
#38c3
0
9
1
As it turns out, Volkswagen has been collecting extensive geo data from all their electric cars and made them available online in an AWS bucket. Almost 10TB of geo traces from 15 MiO cars. Amazing detail and patterns. This is why I don't want a smart car 🤯
events.ccc.de/congress/202...
#Volksdaten
loading . . .
38c3: Wir wissen wo dein Auto steht - Volksdaten von Volkswagen
Welche Folgen hat es, wenn VW massenhaft Fahrzeug-, Bewegungs- und Diagnosedaten sammelt und den Schlüssel unter die Fußmatte legt? Was verraten Fahrzeugdaten über die Mobilität von Behörden, Ämtern,...
https://events.ccc.de/congress/2024/hub/en/event/wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen/#Volksdaten
over 1 year ago
3
31
13
2024 has been an exciting year! We pushed the boundaries of fuzzing and ventured into Android security, uncovering some fascinating bugs along the way. Don’t miss the highlights: check out my latest blog post for a summary with links to some of our most fun papers:
nebelwelt.net/blog/2024/12...
loading . . .
From Fuzzing to Frameworks: 2024 Research Highlights
2024 was an active year for the HexHive research group, marked by tireless efforts to enhance the security of various complex systems. A key trend...
https://nebelwelt.net/blog/2024/1227-retrospective.html
over 1 year ago
0
11
1
Security startups need to be super vigilant. They become targets of sophisticated attacks as supply chain attacks increase
www.vulnu.com/p/breaking-c...
loading . . .
Breaking: Cyberhaven Chrome Extension Compromised in Holiday Attack Campaign
An attacker successfully phished a Cyberhaven employee, gained access to Chrome Web Store admin credentials, published a malicious version of the extension
https://www.vulnu.com/p/breaking-cyberhaven-chrome-extension-compromised
over 1 year ago
0
5
2
Arrived in Hamburg for
#38c3
. Reach out if you want to meet up to talk security, crappy software or other shenanigans. 👾👾👾
over 1 year ago
1
3
0
Fun day, snow day, ski day! ⛷️
over 1 year ago
0
8
0
The yearly academic security circus concludes. Exponential growth continues with 1146 published papers (vs 947 in '23 and 93 in '05). Essentially, we published 14% of all security papers this year. Two authors cracked 100 papers and 13 published >=10 this year. Details:
nebelwelt.net/pubstats/top...
over 1 year ago
0
7
3
reposted by
polygl0ts
over 1 year ago
LakeCTF qualifications are now over! 🥇 .;,;. 🥈 Zer0RocketWrecks 🥉 DiceGang Congratulations to the winners, see you in Lausanne for the finals! 😄
0
7
4
reposted by
Antoine Bosselut
over 1 year ago
1/ 📘 Could ChatGPT get an engineering degree? Spoiler, yes! In our new
@pnas.org
article, we explore how AI assistants like GPT-4 perform in STEM university courses — and on average they pass a staggering 91.7% of core courses. 🧵
#AI
#HigherEd
#STEM
#LLMs
#NLProc
1
36
19
As a group, our core research focus is system security. We therefore now that the best (thesis) defense is a great thesis offense. We therefore spent a training event in axe throwing (after last year's archery and fencing two years ago). I wonder what we should do next year?
over 1 year ago
1
2
0
Ah, this smells like twitter from around 10 years ago. Now how do I find interesting people on this platform?
about 3 years ago
4
17
0
you reached the end!!
feeds!
log in
