In which Brandon graces us with his transcendent 🤯 Rust skills 🦀 by leveraging the power of Linux Kernel technology 🐧 and AI 🤖 to solve h0mbre’s parsing question by pulling down a copy of the image he tweeted and OCRing 📖 it as Middle English ⚔️

Okay Brandon Falk just blew my mind with this knowledge that x86 is an octal machine. How is this not more commonly understood. The opcode mods use values that are obvious enums when you see them displayed as octal. gist.github.com/seanjensengrey…

short post introducing `biodiff`, a tool by 8051 enthusiast for diffing binary files, and how you might use it to find malware configuration changes. the UI is really quick and the algorithms handle file alignment very well. williballenthin.com/post/2022-03-0…

Postmortem on the BGP hijack used to steal $2m in KLAYswap cryptocurrency

My turn to add to the Linux security "fun" of the past few weeks :) I walk through the entire process of discovering and exploiting CVE-2022-25636, a 0day in the Linux kernel. nickgregory.me/linux/security…

vaguely burnt waffle Tyson Key Diadem Salawu Like x86 CPUs booting in real mode, the LLAM (Low Level Actual Machine) will boot in LLVM 1, with higher versions enabled gradually during the boot process

Looking forward to reading this and finally learning Rust!

🚨Linux Kernel Security Blog🚨 Corporate, automated bug-finders in the #linux kernel- how much do we know about them? Dave Aitel Ian Roos and I look @ closed source, corporate interests in the world’s biggest open source project. THREAD 🧵 margin.re/media/watching…

Lots of interesting tools in here

I bet this will be a great talk

In just 10 minutes, Zhenghao Hu will be presenting IRQDebloat, which automatically reverse engineers interrupt handling on embedded devices so that unwanted peripherals can be disabled! If you're at S&P, be sure to check it out in G.Ballroom A!

The first image from the Webb Space Telescope represents a historic moment for science and technology. For astronomy and space exploration. And for America and all humanity.

Some cool-looking work on vulnerability injection at USENIX Sec by Mike Hicks et al. this year! Looking forward to reading it! usenix.org/conference/use…

About our USENIX Security paper: HTTP/2-to-HTTP/1 conversion anomalies were first looked at by James Kettle and Emil Lerner in the context of Request Smuggling. To take an in-depth look at the conversion anomalies and their security implications, we developed an HTTP/2 (1/3)

🔥 New Post: Announcing InAppBrowser - see what JavaScript commands get injected through an in-app browser 👀 TikTok, when opening any website in their app, injects tracking code that can monitor all keystrokes, including passwords, and all taps. krausefx.com/blog/announcin…

Recently Northeastern U. decided to install an IoT surveillance system in our lab that researches the security and privacy of IoT devices. Turns out these devices lack privacy, security, and more importantly good adhesives.

That tweet is work of art. I see it as a commentary on passing down rules without principles. The subdued colours with the screaming yellow accents draws the audience's attention to distressing code change.

1/ Excited to share a new blog post from the U.S. AI Safety Institute! AI agents are becoming increasingly capable. But they are vulnerable to prompt injections in external content – an agent may be given task A, but then be “hijacked” and perform malicious task B instead.

Today, thanks to President Trump’s AI Action Plan, U.S. Commerce Dept. and National Institute of Standards and Technology’s Center for AI Standards and Innovation have released a groundbreaking evaluation of American vs. adversary AI. Result: American AI models dominate. Our systems outperform DeepSeek across nearly every