🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Great opening at REcon honoring the community, importance of the work, and Sophia d’Antoine - thank you Claudia d’Antoine

What an honor to meet and talk to Cristina Cifuentes, the mother of decompilation, this weekend at REcon!

The award-winning Qualys Threat Research Unit (TRU) has discovered a critical vulnerability in OpenSSH, designated CVE-2024-6387 and aptly named "regreSSHion." This Remote Code Execution bug grants full root access, posing a significant exploitation risk. blog.qualys.com/vulnerabilitie…

This bug is not really a regression because mdowd, who we all know is from the future, clearly knew about it before traveling back in time to 2006 to exploit it the first time (in our timeline). It's only a regression in this timeline. qualys.com/2024/07/01/cve…

Interested in messaging app research on iOS? Follow along with ian dupont in our blog series "You Can't Spell WebRTC without RCE!" Part 1 dives into Signal’s WebRTC calling library and injects bugs to facilitate deeper research: margin.re/2024/07/you-ca…

🚨We are very pleased to announce the nominees for the 2024 Pwnie Awards! Be sure to tag your friends and catch us at Def Con! 🚨 🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇 docs.google.com/document/d/13J…

What does the future look like for the CNE market? Excited to be discussing with an amazing panel DEF CON! Policy@DEF CON

You Can't Spell WebRTC without RCE - Part 2 blog post, which turns the vulnerabilities we injected in Part 1 into remote code execution on iOS 16.4! Follow along with ian dupont to learn more about the iOS shared cache, Corellium, and ROP in ARM64! margin.re/2024/07/you-ca…

"In 28 minutes, XBOW matched 40 hours of work by the most experienced pentester, who has 20 years of experience, with both solving 85%." Very cool results from the XBOW team—and another great example of using generative models to accelerate work. How many automated pentesters

An honor to accept the Pwnie Lifetime Achievement award on behalf of Margin Research’s founder and my sister Sophia Sophia d’Antoine this morning DEF CON Pwnie Awards.

HackingForSoju's captain, Sophia d’Antoine , just got a Pwnie Award, accepted on her behalf by her sister (and also HFS member), Claudia d’Antoine We are proud of both of you.

In Part 3 of our blog series _You Can't Spell WebRTC without RCE_, we conclude our Signal-iOS research with commentary by ian dupont and michael on exploit limitations and IOCs! margin.re/2024/08/you-ca…

Excited for this!!

In Springfield they’re hacking the vote Hacking .. the vote?

🚨The Junkyard Call For Bugs is Open! 🚨We want you to bring your most impactful, creative, or most meme-y bugs in end-of-life (EOL) products, and demonstrate them live on stage! Winners get 💰prize money 💰 districtcon.org/junkyard

Join Vector 35’s Kyle Martin and Margin Research’s Ian Palleiko in Orlando Feb 24-27, 2025 to learn how to apply advanced program analysis techniques to the problem of vulnerability research. re-verse.io/pavr-24

It’s interesting to see how quickly my Black Hat 2023 keynote predictions about AI started to become a reality. The security impacts of these AI agents (e.g. taking non-deterministic actions) are going to dramatically change our threat models. Interesting times ahead.

Excited for RE//verse ! See you there 😎

Time for some Calaquendi action