🚨 EURECOM is recruiting a PhD student (and master-level interns) on verification and testing at the hardware-software boundary 🌄 Amazing location between sea & mountain 💡 3-year position 🌍 International environment (no French required!) You're a curious and motivated student? Reach out!

I'm happy to share that LIEF 0.17.0 is out: lief.re/blog/2025-09...

I'm pleased to announce a new release of the Rust bindings for @hex-rays.bsky.social IDA SDK! This release includes v9.2 compatibility, and a number of new features and fixes. Code: git.idalib.rs Thank you to our contributors: @withzombies.bsky.social Cole Leavitt Irate-Walrus @yeggor.bsky.social

This looks like a cool way to declaratively orchestrate data processing: snakemake.github.io How haven't I heard of this before?

At USENIX Security? Then check out: Studying the Use of CVEs in Academia, won distinguished paper award www.usenix.org/conference/u... Discovering and Exploiting Vulnerable Tunnelling Hosts, won most innovative research Pwnie @ DEFCON www.usenix.org/conference/u... Big thanks to all co-authors!!

seeing my @vxundergroundre.bsky.social Black Mass article “EFI Byte Code Virtual Machine - A Monster Emerges” in the print copy of vol III at long last has me verklempt. All the blood,sweat+tears that I poured into writing the first UEFI EBC virus were v worth it. 🖤

Today I’m celebrating one year of #Rust! 🦀 I started learning it last summer, and since then, I’ve pretty much stopped programming in any other language. Over the past year, I’ve gone from playing with the basics to building some (hopefully 😜) useful […] [Original post on infosec.exchange]

I'm pleased to announce a new version of the Rust bindings for IDA Pro! With: - Improved strings, metadata, and core APIs. - Support for the names API. Thank you to @raptor.infosec.exchange.ap.brid.gy & Willi Ballenthin for contributing! Docs: idalib.rs Code: git.idalib.rs

Our research on open tunneling servers got nominated for the Most Innovative Research award :) The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security Brief summary and code: github.com/vanhoefm/tun... Paper: papers.mathyvanhoef.com/usenix2025-t...

CTADL - a Datalog-based interprocedural static taint analysis engine for Java/Android bytecode (via JADX) and Pcode (via Ghidra) Code: github.com/sandialabs/c... Talk (via @krismicinski.bsky.social): youtu.be/3ec9VfMUVa8?...

May 25-27, 2025, I hosted an event, the "Minnowbrook Logic Programming Seminar," in Blue Mountain Lake, NY. I recorded 11 talks on Datalog-related interests, totaling over 9+ hours of video, which I have just now published on YouTube youtu.be/3ec9VfMUVa8

Exploring fault injection on ESP32 V3! Inspired by Delvaux work, we tested voltage #glitching as an attack vector. With advanced triggers & GDB, we achieved a ~1.5% success rate. #hardware #faultinjection is becoming more practical! […]

🚨 Blog Post: ""A Human Study of Automatically Generated Decompiler Annotations" Published at DSN 2025" https://edmcman.github.io/blog/2025-06-16--a-human-study-of-automatically-generated-decompiler-annotations-published-at-dsn-2025/

ONLY 5 DAYS LEFT 🚨 The Crime and Policing Bill is in the House of Commons on Tuesday 17.06. We have 5 days left to email MPs to act. MPs right now have the power to protect our protest rights. We can’t let them ignore us. 📝 Take action: www.amnesty.org.uk/actions/emai...

Another Crack in the Chain of Trust: Uncovering (Yet Another) #secureboot Bypass https://www.binarly.io/blog/another-crack-in-the-chain-of-trust

#Hydroph0bia (CVE-2025-4275) - a trivial #secureboot bypass for UEFI-compatible firmware based on Insyde #h2o#hydroph0bia part 1 https://coderush.me/hydroph0bia-part1/

New blog post: noratrieb.dev/blog/posts/e...

My greatest achievement so far in the #rust ecosystem: the “security” category in crates.io is gaining traction 😉 https://crates.io/search?q=category%3Asecurity&sort=downloads

[Blog Post] New high-level API in LIEF that allows the creation of DWARF files. Additionally, I present two plugins designed to export program information from Ghidra and BinaryNinja into a DWARF file. lief.re/blog/2025-05... (Bonus: DWARF file detailing my reverse engineering work on DroidGuard)

All papers should publish their code. Help realize this by becoming an artifact reviewer at NDSS'26, apply here: docs.google.com/forms/d/e/1F... You'll review artifacts of accepted papers. We especially encourage junior/senior PhD students & PostDocs to help. Distinguished reviews will get awards!

We're are happy to announce a new release of our #Rust bindings for idalib. What's new: - New APIs for working with IDBs, segments, and more - Rust 2024 support - New homepage: idalib.rs H/T to our contributors @yeggor.bsky.social & @raptor.infosec.exchange.ap.brid.gy github.com/binarly-io/i...

🚨 Blog Post: "Re-compiling Decompiler Output" https://edmcman.github.io/blog/2025-05-02--re-compiling-ghidra-decompiler-output/

[New Blog Post] Proof Objects I Have Loved www.philipzucker.com/proof_objects/

v happy to finally share my slides for my @reconmtl.bsky.social 2024 talk “GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev.” Really proud of this talk + v grateful to the amazing REcon team for another incredible con 🖤 github.com/ic3qu33n/REc...

My first official rust-lang contribution 😜 https://github.com/rust-lang/crates.io/pull/10905 On crates.io, you can now categorize your crate under “security” (“Crates related to cybersecurity, penetration testing, code review, vulnerability research, and reverse engineering.”) […]

My idalib-based "vulnerability divination" tool suite is finally available in the official Hex-Rays Plugins & Apps repository! 🦀 https://plugins.hex-rays.com/search-results?search_term=0xdea #idapro #idalib #vulnerabilityresearch #reverseengineering

The difference between the paper and reality.

I've just pushed to crates.io updated releases of my #vulnerabilityresearch tools written in #rust, compatible with Hex-Rays IDA Pro 9.1 and upgraded to the Rust 2024 Edition. Thanks to @xorpse and Yegor Vasilenko at @binarly_io for the immediate update of their idalib Rust bindings! For more […]

We @binarly.bsky.social are pleased to announce a new release of our Rust bindings for Hex-Rays IDA Pro (crates.io/crates/idalib) with support for the latest v9.1 release! Special thanks to @yeggor.bsky.social for taking care of the changes needed to make everything compatible with this release!

We’re Hiring – Tenured Faculty Positions in Cybersecurity! CentraleSupélec is recruiting 2 tenured Ass. Prof. / Prof. in Cybersecurity at IRISA (UMR CNRS 6074), Rennes, France. Application deadline: April 14, 2025 Full job details: team.inria.fr/sushi/files/... Contact us before applying!

#ESETresearch discovered and reported to #certcc a vulnerability that allows bypassing UEFI Secure Boot on most UEFI-based systems. This vulnerability, #CVE-2024-7344, was found by x.com/smolar_m in a UEFI app signed by Microsoft’s 3rd-party UEFI certificate. welivesecurity.com/en/eset-rese... 🧵1/4

In this new @hnsec blog post, @[email protected] demonstrates how to leverage the I/O Ring technique to bypass the latest #exploit mitigations, such as hypervisor-protected code integrity (#hvci), and achieve local privilege elevation on a recent #windows 11 […]

After an embargo of 8 months, we are glad to finally share our USENIX Security '25 paper! We found more than 4 MILLION vulnerable tunneling servers by scanning the Internet. These vulnerable servers can be abused as proxies to launch DDoS attacks and possibly to access internal networks.

2025 is just around the corner. If #LearningRust is among your New Year’s resolutions, I’ve got you. Following my ongoing #Rust series on the @hnsec#learningrust#rustlog (https://security.humanativaspa.it/tag/rust/) and adding something along the way, in the next days I’ll recommend the learning resources […]

Type-based #rust #cheatsheet 🔥 https://upsuper.github.io/rust-cheatsheet/

Hello Rustaceans! Our technical director @raptor is back at it. In this second installment of our #rust series, “An offensive Rust encore”, he will guide you in bringing your skills to the next level by using a new PoC #redteaming tool as an excuse […]

To showcase this release, I've released parascope, a tool that simplifies weggli pattern scanning by adding a ruleset language and the ability to mass-scan source code and binaries (via idalib) in parallel! github.com/xorpse/paras...

We've (BINARLY) just released idalib v0.2.0, an update to our IDASDK Rust bindings. It includes many new features: bookmarks, comments, and plugins APIs, hex-rays support, and documentation! github.com/binarly-io/i... Thanks to our contributors: @yeggor.bsky.social @0xdea