if you enable MTE on chrome, you can avoid almost exploits for chrome. but there are still some exploits that fight chrome on MTE. only rustlang can knockout memory corruption

the best of js bug in this year. Sergei's bug is always impressive

my hero. i have hoped this moment for about 10years

really happen?

((codeSize*timeOfAudit*K)/filteringDepth/qualityOfQL)/N

ADVANCED_MEMORY_SAFETY_CHECKS

opensource.googleblog.com/2024/04/introd… why not rust?

i think it is first bug on miracleptr implementation ? chromium-review.googlesource.com/c/chromium/src…

🥳🥳🥳

The fourth article (126 pages) of the Exploiting Reversing Series (ERS) is available on: exploitreversing.com/2025/02/04/exp… I would like to thank Ilfak Guilfanov Ilfak Guilfanov and Hex-Rays Hex-Rays SA for their constant and uninterrupted support, which have helped me write these articles. The

the bug hunters faces to inflection point now. we should recognize we are man in old era and then should acquire new techniques.

i bought m2 ultra mac studio in last month and then today…😫😫😫

Over the past few days, the IDA Pro (reverse engineering) MCP server—let’s call it Re MCP—has become a hot topic. In my opinion, it’s not yet capable of automatically uncovering vulnerabilities. However, if we look at it from a different angle, Re MCP is akin to tools like CodeQL

The results of AIxCC are truly impressive. I think offensive researchers will soon have to take on LLMs directly. By the way, I’m curious whether current LLM agents (like Big Sleep, Theori, Team Atlanta) could find in-the-wild bugs that were discovered in the past — for