Woot, thank you ahpaleus (& everybody else Trail of Bits that contributed) for publishing a great walk-through about snapshot fuzzing & how to use github.com/0vercl0k/wtf in their Testing Handbook 🙏 Go check it out: appsec.guide/docs/fuzzing/s…!

Today our AI security team @ Meta launched open source tools to support the open source GenAI ecosystem, including: - LlamaFirewall; a security-first guardrail framework for mitigating agentic prompt injection, misalignment, and insecure coding risks: github.com/meta-llama/Pur…

Mark engineering.fb.com/2025/04/29/ai-… via @metaOpenSource

New blog: Be careful of Your UDP Service: Preauth DoS on Windows Deployment Service (remote, 0-click) sites.google.com/site/zhiniangp…

ManuFuzzer update! 🎉 - Fixed all memory leaks! - Improved shadow memory management - Better instrumentation handling 🧪 NEW: Experimental dyld cache intelligence that auto-instruments frameworks sharing memory pages! Testing & feedback welcome! 🙏 github.com/ant4g0nist/Man…

"DisARMing" code - an exploration into systems programming, #debugging & #reverseEngineering on #Linux/#Android/#Darwin and #Aarch64! 510+ pages #book in COLOR(!) NewDebuggingBook.com for details, because there's more to detail than the margins of a Twitter message can hold.

AArch64/ARM64 Assembly Tutorial mariokartwii.com/armv8/

Thrilled to share our latest deep dive into Windows Kernel Streaming! Just presented this research at offensivecon. Check it out: devco.re/blog/2025/05/1…

This Video Can Exploit Your iPhone (CVE-2025-31200) youtu.be/nTO3TRBW00E?si…

Diaphora, the most advanced Free and Open Source program diffing tool. - joxeankoret/diaphora Source: GitHub Shared via the Google app share.google/j4DCEaq9RyZqaT…

[Research] A spoonful of javascript for windbg hackyboiz.github.io/2025/06/01/pwn… What can you do with javascript in windbg? Today's post is about writing simple scripts and how to use them (mainly with TTD).

LLDBX - LLDB eXtended for macOS & iOS dimitrifourny.github.io/lldbx/

Documented instructions for setting up KGDB on Pixel 8. Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc. xairy.io/articles/pixel…

finally got around to writing up my windows exploit from pwn2own vancouver 2024! (plus some notes about using it on xbox) exploits.forsale/pwn2own-2024/

Cool exploit, if only Qualcomm customers took Kernel Protect this technique wouldn't work. Unlucky.

Hard to believe a $4T company’s PSIRT struggles with basic communication. Delayed disclosure with no heads-up all the time. Disappointing!

Under the Hood of AFD.sys a blog series by Mateusz Lewczak leftarcode.com/posts/afd-reve… leftarcode.com/posts/afd-reve… leftarcode.com/posts/afd-reve… leftarcode.com/posts/afd-reve…

arxiv.org/html/2509.0722…

So cheap!!!💩

This is my debut hour-long talk on exploiting a heap-overflow in Llama.cpp RPC, when I was fifteen at ZeroCon. Enjoy:) research.pwno.io/llama-paradox