I'm thrilled to announce "HTTP/1 Must Die! The Desync Endgame" is coming to #DEFCON33! This talk will feature multiple new classes of desync attack, mass exploitation spanning multiple CDNs, and over $200k in bug bounties. See you there!

Hexens is happy to announce the completion of our security review for @zealousswap. The first DEX in Kaspa Ecosystem. Our audit focused on 5 key smart contracts, covering core DEX logic, NFT-based fee mechanics, staking, and farming systems. Full report 🔽

One missing subgroup range-check let attackers duplicate proofs & double-spend: When curves, fields, and circuits misalign - duplicated keys, reused proofs, and broken soundness follow. Hexens breaks it down 👇 hexens.io/blog/subgroup-…

🔔 Time for #ZKMeshMini, join us as we unpack the top developments from this past week in the zk-space. 👾 Quang Dao, Justin Thaler, Ingonyama coauther a paper speeding up Sum-Check 👾 Ciara Nightingale releases a course on developing in Noir 👾 hexens writes an article

How This Weird Exploit Primitive Corrupts iOS Heap Memory youtu.be/RWjpM0zDJVA?si…

ZK has broken out of the crypto bubble. Google Wallet, Cloudflare and EZKL now ship zero-knowledge proofs in production. Here’s what that looks like in the real world: hexens.io/blog/zk-usecas…

Uniswap v4 hooks are changing the game, protocol composability up, attack surface even more up. Join our Discord event on July 2 to learn how hooks work, how they can break, and what it means for on-chain security. Get notified on Discord:

A $1M cryptography bounty was just announced by Ethereum Foundation. In this post we discuss RS Codes and the conjecture on Proximity Gaps. Proving it could strengthen soundness of RS-based IOPPs, while disproving it could force new systems: hexens.io/blog/proximity…

For the first time in history, researchers will compete to build a permanent security knowledge base. Every contribution from the contest will become part of a lasting and evolving resource, designed to serve not just today, but also future generations of builders. We're so

Everyone talks about zkVMs. Few talk about the constraint languages that define them. We demonstrated examples with Halo2, Zirgen, and Plonky3 AIR. Not to benchmark, but to show how each expresses computation: hexens.io/blog/zkvm-dsls

pagedout.institute ← we've just released Paged Out! zine Issue #7 pagedout.institute/download/Paged… ← direct link lulu.com/search?page=1&… ← prints for zine collectors pagedout.institute/download/Paged… ← issue wallpaper Enjoy! Please please please RT to spread the news - thank you!

to those who want to find similar bugs in all smart contracts, in seconds. now available to all whitehats.

While AI auditors getting so much hype over a single critical finding, which ends up being misleading... We decided to disclose some of the 22 critical findings discovered by a few Glider researchers in live projects worth ~$250M. Here are technical details that we never shared

the glider contest is starting on november 6. learn glider, contribute query, get paid. prize pool: $50,000 details:

Crypto wallets hold the keys to DeFi but are prone to the same weaknesses across platforms. Andy Koo, Senior Security Researcher at hexens, will speak at DSS about recurring vulnerabilities in browser, mobile, and web wallets and how to secure them against real-world threats.

Glider’s function filters let auditors surgically target suspicious logic. By function signature, modifier presence, or caller relationships. Feels like writing SQL, but for Solidity.

How 0xkasper hunts bugs, with and without Glider. His exact process, query tactics, and time-saving tricks: A practical blueprint for serious bug bounty hunters: youtube.com/watch?v=511dLf…

The security vulnerability we found in Perplexity’s Comet browser this summer is not an isolated issue. Indirect prompt injections are a systemic problem facing Comet and other AI-powered browsers. Today we’re publishing details on more security vulnerabilities we uncovered.

in case you wondered how to run your Glider queries faster, here are some tips 1. set a low exec limit inside the query 2. check what part of the query eats up the resources and optimize it 3. build your own custom solidity scope

did you notice the glider contest in dailywarden? is black okay, or should we go with gold? btw, november 6, $50,000 prize pool. write a query and get paid. easy money. but people still sleeping on this.