Anderson Nascimento
@andersonc0d3.bsky.social
📤 201
📥 547
📝 409
Director & Security Researcher
@alleleintel.com
Blog:
https://blog.andersonc0d3.io
pinned post!
We (
@alleleintel.com
) offer efficient security services: vulnerability research (Linux, Android, Windows), reverse engineering, malware analysis, deep code auditing (systems/web apps), pentest/advanced threat simulation, and specialized training. DM or visit:
allelesecurity.com
loading . . .
Allele Security Intelligence
Allele Security Intelligence is an independent security company that offers consulting, intelligence, training and research services in information security.
https://allelesecurity.com
3 months ago
0
2
1
I've argued about this with friends for almost my entire life. Back then, I didn't have the foundational knowledge I have today, and I can't trace the sources of my earlier arguments. But I never accepted that I couldn't do serious work in vulnerability research just because I wasn't "born for it."
add a skeleton here at some point
1 day ago
1
1
0
Beyond nature and nurture How mathematics changed my view on talent
davidbessis.substack.com/p/beyond-nat...
loading . . .
Beyond nature and nurture
How mathematics changed my view on talent
https://davidbessis.substack.com/p/beyond-nature-and-nurture
1 day ago
0
2
1
Announcing Systing 1.0
josefbacik.github.io/kernel/systi...
2 days ago
0
0
1
Is it normal for an iPhone’s analytics data to be wiped out?
2 days ago
0
0
0
GDB will now have a save history command to save the command history to a file whenever you want. This is cool as I usually need to manually copy-paste commands anyway because GDB tends to crash during my debugging sessions.
3 days ago
1
3
1
EP19 The Art of Deconstructing Problems: Tools, Tactics, and the ScatterBrain Obfuscator with Nino Isakovic
podcasts.apple.com/br/podcast/b...
ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator
cloud.google.com/blog/topics/...
3 days ago
0
2
1
reposted by
Anderson Nascimento
Hackaday
5 days ago
How the Intel 8087 FPU Knows Which Instructions to Execute
loading . . .
How the Intel 8087 FPU Knows Which Instructions to Execute
Hackaday Article
https://hackaday.com/2026/02/21/how-the-intel-8087-fpu-knows-which-instructions-to-execute/
1
23
6
[Clang][CodeGen] Fix __builtin_counted_by_ref for nested struct FAMs
github.com/llvm/llvm-pr...
Using __builtin_counted_by_ref on a struct defined within another struct crashes Clang
github.com/llvm/llvm-pr...
5 days ago
1
0
0
It took me a year to win this race. This game is amazing.
youtu.be/7xgODo0Qoxc
loading . . .
Gran Turismo 7 - Daytona Road Course - GTcup Gr.3 - 1st Place
YouTube video by Anderson Nascimento
https://youtu.be/7xgODo0Qoxc
5 days ago
0
0
0
Good to be able to do an easy long run again. I ran today for 1 hour 48 minutes and listened to three full podcast episodes.
6 days ago
1
2
0
Attention is all we have A conjectural theory of cognitive inequality
davidbessis.substack.com/p/attention-...
14 days ago
0
0
0
The end of a good time slab: remove struct kmem_cache_cpu
git.kernel.org/pub/scm/linu...
slab: remove cpu (partial) slabs usage from allocation paths
git.kernel.org/pub/scm/linu...
15 days ago
1
1
1
A security researcher is like a fuzzer. When your code coverage increases, you improve.
16 days ago
0
0
0
Linux kernel is adding support for a new mechanism to validate lock usage during compile-time. It depends on a new Clang feature called Thread Safety Analysis.
16 days ago
1
3
1
Wow, code diffs in commit messages are also applied to the code being patched. Interesting and weird. On patch vs commit messages
seclists.org/oss-sec/2026...
19 days ago
0
0
0
Distinct AI Models Seem To Converge On How They Encode Reality
www.quantamagazine.org/distinct-ai-...
21 days ago
0
0
0
Reproducing a syzbot Bug in 5 Minutes — Now with virtme-ng!
fosdem.org/2026/schedul...
loading . . .
FOSDEM 2026 - Reproducing a syzbot Bug in 5 Minutes — Now with virtme-ng!
https://fosdem.org/2026/schedule/event/99ULYW-repro-linux-kernel-bug-5-min-virtme-ng/
22 days ago
0
0
0
reposted by
Anderson Nascimento
Linux Kernel Security
22 days ago
[Cryptodev-linux] Page-level UAF exploitation nasm_re posted an article about exploiting a page-level UAF in the out-of-tree cryptodev-linux driver. The researcher modified struct file sprayed into a freed page to escalate privileges.
nasm.re/posts/crypto...
loading . . .
[Cryptodev-linux] Page-level UAF exploitation
IntroductionIn november 2025 I started a fuzzing campaign against cryptodev-linux as part of a school project. I found +10 bugs (UAF, NULL pointer dereferences and integer overflows) and among all of
https://nasm.re/posts/cryptodev-linux-vuln/
0
3
1
mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge
git.kernel.org/pub/scm/linu...
22 days ago
0
0
0
I don’t know if this is a dumb question, but is there any side-channel, covert-channel, or microarchitectural attack targeting the APIC? Something like an internal hint about when/whether the APIC timer will fire (or is about to fire)?
22 days ago
0
0
0
Is Particle Physics Dead, Dying, or Just Hard?
www.quantamagazine.org/is-particle-...
loading . . .
Is Particle Physics Dead, Dying, or Just Hard? | Quanta Magazine
Columnist Natalie Wolchover checks in with particle physicists more than a decade after the field entered a profound crisis.
https://www.quantamagazine.org/is-particle-physics-dead-dying-or-just-hard-20260126/
23 days ago
0
0
0
Evolution of the x86 context switch in Linux
www.maizure.org/projects/evo...
24 days ago
0
0
0
In 2024, I returned to attending security conferences after a long hiatus. I attended a local event in my city, as well as H2HC and CCC. I wrote about my experience at these events in March last year, but only in Portuguese. Today, I translated the blog post into English.
loading . . .
Security Conferences in 2024
After a few years without attending conferences, I returned to attend in 2024. I participated in the Null Byte Security Conference in Salvador, H2HC in São Paulo, and CCC (38c3) in Hamburg, Germany…
https://blog.andersonc0d3.io/2026/01/31/security-conferences-in-2024/
26 days ago
1
0
0
I started running seriously in 2024. I originally wrote about my progress in May 2025, but only in Portuguese. Today, I’ve translated that story into English.
27 days ago
1
2
0
Lawfare Daily: Elizabeth Tsurkov on Her Captivity in Iraq
shows.acast.com/lawfare/epis...
28 days ago
0
1
0
The Hidden Bottleneck: Blocking in Async Rust Using eBPF to find blocking code in Tokio applications without instrumenting your code
cong-or.xyz/blocking-asy...
loading . . .
The Hidden Bottleneck: Blocking in Async Rust
Using eBPF to find blocking code in Tokio applications without instrumenting your code.
https://cong-or.xyz/blocking-async-rust
28 days ago
0
0
0
ProfInfer: An eBPF-based Fine-Grained LLM Inference Profiler
arxiv.org/abs/2601.20755
28 days ago
0
2
0
Cisco is using eBPF to rethink firewalls, vulnerability mitigation
thenewstack.io/cisco-is-usi...
loading . . .
Cisco is using eBPF to rethink firewalls, vulnerability mitigation
Cisco is integrating eBPF directly into its enterprise hardware and "smart software" to provide kernel-level security.
https://thenewstack.io/cisco-is-using-ebpf-to-rethink-firewalls-vulnerability-mitigation/
28 days ago
0
1
0
A Nobel laureate on the limits of evidence-based policy
thebigquestion.libsyn.com/a-nobel-laur...
28 days ago
0
0
0
#59 Category Theory and Inclusivity - Valeria de Paiva
www.typetheoryforall.com/episodes/cat...
28 days ago
0
0
0
The GNU C Library version 2.43 is now available
sourceware.org/pipermail/li...
about 1 month ago
0
1
0
reposted by
Anderson Nascimento
Adam Kucharski
about 1 month ago
New post, on the pop quizification of knowledge:
kucharski.substack.com/p/the-pop-qu...
2
12
5
Qualcomm has developed and released a set of crash-utility plugins to help with Linux/Android kernel and userspace analysis. The crash utility is already great, and it becomes even better with these plugins.
about 1 month ago
1
1
0
This is a good example of the complex world we live in. A subtle change can cause a catastrophic effect. What came first: the CNAME or the A record?
blog.cloudflare.com/cname-a-reco...
about 1 month ago
1
0
0
Becoming a Kernel Developer (1/3): Posting Your First Patch
www.linaro.org/blog/becomin...
loading . . .
Becoming a Kernel Developer (1/3): Posting Your First Patch | Blog | Linaro
Contributing to the Linux kernel can seem daunting and complex. In this three-part blog series, we will share our experience sending patches to the Linux kernel and interacting with the community. Che...
https://www.linaro.org/blog/becoming-a-kernel-developer-part1-posting-your-first-patch/
about 1 month ago
1
0
0
reposted by
Anderson Nascimento
Allele Security Intelligence
about 1 month ago
AI is very useful for security research, as many researchers have already demonstrated. It will likely become—or perhaps already is—a tool that many researchers depend on. It has been very helpful for us as well.
1
1
1
Head First Reporting of Linux Kernel CVEs: Practical Use of the Kernel Fuzzer
static.sched.com/hosted_files...
loading . . .
https://static.sched.com/hosted_files/sosscdjapan2024/7a/Head%20First%20Reporting%20of%20Linux%20Kernel%20CVEs%20-%20sosscj24.pdf
about 1 month ago
0
0
0
Tracing the ptrace
blogs.oracle.com/linux/tracin...
about 1 month ago
0
0
0
GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)
sourceware.org/pipermail/li...
about 1 month ago
0
1
0
Integer overflow in memalign leads to heap corruption
sourceware.org/pipermail/li...
loading . . .
The GNU C Library security advisories update for 2026-01-16
https://sourceware.org/pipermail/libc-announce/2026/000049.html
about 1 month ago
0
0
0
I noticed a vulnerability was fixed in vsftpd a few days ago (CVE-2025-14242). It’s a very interesting project, and Chris Evans' work has taught me several important lessons.
about 1 month ago
1
0
0
I haven’t found any bugs with AI yet, but it’s really helping me a lot. Yesterday I managed to diagnose an RCU stall involving an exploit that would have taken me weeks to understand on my own. It’s seriously impressive!
about 1 month ago
0
0
0
Stupid RCU Tricks: rcutorture Catches an RCU Bug
paulmck.livejournal.com/37782.html
Verification Challenge 2: RCU NO_HZ_FULL_SYSIDLE
paulmck.livejournal.com/38016.html
loading . . .
Stupid RCU Tricks: rcutorture Catches an RCU Bug
My previous posting described an RCU bug that I might plausibly blame on falsehoods from firmware. The RCU bug in this post, alas, I can blame only on myself. In retrospect, things were going altogeth...
https://paulmck.livejournal.com/37782.html
about 1 month ago
1
0
0
Trees I: Radix trees
lwn.net/Articles/175...
Trees II: red-black trees
lwn.net/Articles/184...
loading . . .
Trees I: Radix trees
The kernel includes a number of library routines for the implementation of useful data structur [...]
https://lwn.net/Articles/175432/
about 1 month ago
0
0
0
Pharmacoeconomic analysis of Zirconium Cyclosilicate for hyperkalemia in a public hospital in Salvador, Bahia
rsdjournal.org/rsd/article/...
loading . . .
Pharmacoeconomic analysis of Zirconium Cyclosilicate for hyperkalemia in a public hospital in Salvador, Bahia | Research, Society and Development
https://rsdjournal.org/rsd/article/view/50476
about 2 months ago
0
0
0
Reviving a Dell Inspiron with Faulty Soldered RAM: How Linux Kernel Parameters & AI Saved My Motherboard
www.dell.com/community/en...
loading . . .
Reviving a Dell Inspiron with Faulty Soldered RAM: How Linux Kernel Parameters & AI Saved My Motherboard | DELL Technologies
The Problem It started with small annoyances: Chrome tabs crashing randomly with "Aw, Snap!" errors. Then it got worse. My Dell Inspiron 5490 started failing to boot, getting stuck in loops, or dro...
https://www.dell.com/community/en/conversations/inspiron/reviving-a-dell-inspiron-with-faulty-soldered-ram-how-linux-kernel-parameters-ai-saved-my-motherboard/6961cf4604bdbe7915cebb5f
about 2 months ago
0
0
0
Live Debugging Techniques for the Linux Kernel, Part 1 of 3
blogs.oracle.com/linux/live-k...
Live Debugging Techniques for the Linux Kernel, Part 2 of 3
blogs.oracle.com/linux/live-k...
Live Debugging Techniques for the Linux Kernel, Part 3 of 3
blogs.oracle.com/linux/live-k...
loading . . .
https://blogs.oracle.com/linux/live-kernel-debugging-1
about 2 months ago
0
0
0
Matrix Polynomial Attack on the Megrelishvili Key Exchange Protocol
cic.iacr.org/p/2/4/16
loading . . .
Matrix Polynomial Attack on the Megrelishvili Key Exchange Protocol
https://cic.iacr.org/p/2/4/16
about 2 months ago
0
0
0
InputPlumber: Lack of D-Bus Authorization and Input Verification allows UI Input Injection and Denial-of-Service (CVE-2025-66005, CVE-2025-14338)
security.opensuse.org/2026/01/09/i...
loading . . .
InputPlumber: Lack of D-Bus Authorization and Input Verification allows UI Input Injection and Denial-of-Service (CVE-2025-66005, CVE-2025-14338)
InputPlumber is a utility for combining Linux input devices into virtual input devices. It includes a D-Bus daemon offering an interface to all users in the system. A lack of D-Bus client authorizatio...
https://security.opensuse.org/2026/01/09/inputplumber-lack-of-dbus-auth.html
about 2 months ago
0
0
0
TLP: Polkit Authentication Bypass in Profiles Daemon in Version 1.9.0 (CVE-2025-67859)
security.opensuse.org/2026/01/07/t...
loading . . .
TLP: Polkit Authentication Bypass in Profiles Daemon in Version 1.9.0 (CVE-2025-67859)
TLP is a utility for saving laptop battery power when running Linux. In version 1.9.0 of TLP a profiles daemon has been added to the project, which provides a D-Bus interface for controlling different...
https://security.opensuse.org/2026/01/07/tlp-polkit-authentication-bypass.html
about 2 months ago
0
0
0
Load more
feeds!
log in