Linux memory management hasn't had a proper guide since 2004. Lorenzo Stoakes fixed that with a 1,300-page work of art.

Building an electric vehicle simulator to research EVSEs: At #Pwn2Own Automotive, we built a custom device to let the EV chargers "charge". ZDI researcher Thanos Kaliyanakis explains how to put one together for your research. zerodayinitiative.com/blog/2025/3/14…

nice Linux kernel pwn challenge write up by Shunt for LACTF 2025. exploiting a 3 byte OOB write primitive terawhiz.github.io/2025/2/oob-wri…

beautiful and incredibly interesting talk on reverse engineering the OG xbox by RET2 Systems's Markus, incl. building a custom interposer to upgrade the CPU a deep dive into hardware hacking, an ode to hw engineering and a call for software-focused researchers to try new things

Unfortunately it looks like we'll need to do a bit more work to save our jobs 😔 The red herrings did not interrupt the vibes, even after some 'hardening'. Added the example to the MCP reversing dataset if you want to check out the report!

Wrote a MCP server for #CodeQL, tried it out with Cursor and it's quite fun so far! I think the next step would be adding support for query-models. Allowing an LLM to easily add sources/sinks to existing queries could be very promising😁 github.com/JordyZomer/cod…

🧵 1/ How well do LLMs actually do on Olympiad-level math? We evaluated frontier models on 455 problems from the IMO Shortlist. Unlike most benchmarks, we emphasize proof validity, not just final answer correctness. Here’s what we found 👇

ManuFuzzer update! 🎉 - Fixed all memory leaks! - Improved shadow memory management - Better instrumentation handling 🧪 NEW: Experimental dyld cache intelligence that auto-instruments frameworks sharing memory pages! Testing & feedback welcome! 🙏 github.com/ant4g0nist/Man…

Launching a student-only free workshop: ".NET Exploitation Basics" 🪲 If you're a student (or know one), let's write some deserialization exploits, Manchester, July 12. 10 seats. summoning.team/free-training-…

Out-of-bounds swap on iOS heap when decoding a malicious audio stream (CVE-2025-31200) youtu.be/RWjpM0zDJVA?si…

sudi @[email protected] j j only problem is i didn’t know shit about the V8 sandbox, so had to spend a few days wrapping my head around it. then found a bunch of n-day sandbox bypasses, but the “V8 Sandbox escape via regexp” one is just beautiful, needs a sweet little ROP chain: issues.chromium.org/issues/3304048…

Automating MS-RPC vulnerability research by Remco van der Meer incendium.rocks/posts/Automati…

Hexagon Fuzz: Full-System Emulated Fuzzing of Qualcomm Basebands by srlabs srlabs.de/blog-post/hexa…

Inference Time Learning++…💬⏸️📚🧠💬

Coding agents trying to fix compilation errors: > ✦ Okay, I have the correct content of project.go. I will now remove the file to fix these errors. No code, no errors 🧠

Crazy how many times Kernel Panics when you touch any ML frameworks on macOS... device = torch.device('mps') <- interesting to screw around for more easier vulns

Team Shellphish came in 5th place in AIxCC! It took an incredible amount of work and 2 years of dedication from all of my amazing team members. Please check out our CRS ARTIPHISHELL Open Source now on GitHub! github.com/shellphish/art…

Will post more later but: please check out Theori's landing page for AIxCC! We've got source code, agent traces, and blog posts to understand the system we built! theori-io.github.io/aixcc-public/