Hey there, Finally published the article on the exploit for CVE-2025-21333-POC exploit. Here the link to the article: medium.com/@ale18109800/c…

UEFITool NE A70 (and companion tools) is the first release to have all NVRAM parsers generated from KaitaiStruct definitions, replacing hand-crafted ones that are proven to be buggy and hard to maintain. Hope the new ones will behave. Do report new bugs! github.com/LongSoft/UEFIT…

Worth a read. A lot of conference talks have a lot less content than this blog post.

My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp - googleprojectzero.blogspot.com/2025/03/blasti…

The new blog post on supervisor shadow stack restrictions / supervisor shadow-stack control tandasat.github.io/blog/2025/04/0…

Apple’s Darwin OS and XNU Kernel Deep Dive tansanrao.com/blog/2025/04/x…

Slides of my talk at #Zer0Con2025! ⚡️ Kernel-Hack-Drill: Environment For Developing Linux Kernel Exploits ⚡️ I presented the kernel-hack-drill open-source project and showed how it helped me to exploit CVE-2024-50264 in the Linux kernel. Enjoy! a13xp0p0v.github.io/img/Alexander_…

UEFITool / UEFIExtract / UEFIFind NE A71 - added Kaitai-based parser for Dell DVAR varstores - added tracking of recently opened files - macOS built of UEFITool is now developer-signed - fixed a bunch of minor issues github.com/LongSoft/UEFIT…

Gave a talk on external fuzzing of Linux kernel USB drivers with syzkaller at SAFACon by SAFA Team. Includes a demonstration of how to rediscover CVE-2024-53104, an out-of-bounds bug in the USB Video Class driver. Slides: docs.google.com/presentation/d…

If for some reason #semgrep doesn’t fit your use case, here’s a port of my C vulnerability research ruleset to #weggli: github.com/0xdea/weggli-p… Read the linked blog post and check it out!

We're are happy to announce a new release of our #Rust bindings for Hex-Rays SA idalib. What's new: - New APIs for working with IDBs, segments, and more - Rust 2024 support - New homepage: idalib.rs H/T to our contributors Yegor & [email protected] github.com/binarly-io/ida…

Together with Alex Tereshkin we managed to summarize NVIDIA Offensive Security Research (OSR) work on breaking BMC (reference to our DefCon talk youtube.com/watch?v=dbJQIQ…). This blog post also includes a link to the full paper.

The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup: coderush.me/hydroph0bia-pa…

🚨Binarly is documenting the discovery of CVE-2025-3052, a memory-corruption flaw in a Microsoft-signed UEFI module that lets attackers bypass Secure Boot and run unsigned code before the OS starts. 🔗 Full details: binarly.io/blog/another-c… 🛡️ Advisory: binarly.io/advisories/brl…

Published, go check it out, it is a fun ride indeed: coderush.me/hydroph0bia-pa… Part 3 will be done when I see how Insyde fixed the vulnerability and if we could do something about that fix.

Preliminary analysis shows that Insyde fixed Hydroph0bia (CVE-2025-4275) by forcefully removing the NVRAM vars that lead to exploitation during SecureFlashDxe driver startup, and setting a restrictive variable policy for them, so such vars can't be set from the OS anymore.

Published the third part of my blog series about Hydroph0bia (CVE-2025-4275) vulnerability, this one is about the fix as Insyde applied it, and my thoughts on improvements for it. coderush.me/hydroph0bia-pa…

ZeroNights CFP is open 🔥 Long time no see. ZN will take place on Nov 26, 2025 zeronights.ru The program committee is accepting talks in Offensive and SecOps tracks, rewarding exclusive in-person presentations Submit cfp.zeronights.ru/zeronights-202… @cfptime

🔍 Full paper: 📄 syssec.kaist.ac.kr/pub/2025/LLFuz… 💻 github.com/SysSec-KAIST/L… (coming soon) 📢 USENIX Security 2025 Authors: Hoang Dinh Tuan , Taekkyung Oh , CheolJun Park, INSU YUN , Yongdae Kim ([email protected]) #LLFuzz #BasebandSecurity #Fuzzing #CyberSecurity #USENIXSecurity

Published my OFFZONE 2025 presentation slides (in Russian) on GitHub: github.com/NikolajSchlej/… Had a great time at the conf, kudos to Bi.Zone and other sponsors and crew members for organizing and running it.