New blogpost! I put together a thorough survey of security mitigations && architectures from the past few years. HW solutions, SW mitigations, and safe languages. CHERI, MTE, Rust, Swift, kalloc_type, Firebloom, GuardedMemcpy, CastGuard, and more! saaramar.github.io/memory_safety_…

Cerramos la semana con nueva ponencia aceptada - "TripleCross: A Linux eBPF Rootkit". Enhorabuena Marcos Sánchez y Juan Tapiador ;) #criptoredCON2023 Criptored /RootedCON Juan Tapiador - criptored.es/con/

Nos vemos en la rooted :)

We just published a study on attribution in the Android ecosystem. This is the first large-scale empirical analysis of the availability, volatility and overall suitability of publicly available market and app metadata for author attribution in Android markets. 1/

Our book written with Farenain on fuzzing embedded IoT is coming! It includes iOS/Android/OpenWRT full-system and native library fuzzing. Packt Publishing Kudos to: Nikias Bassen Nitay Artenstein Grant H Trung Nguyễn OpenWRT Adrian Hacar NCC Group Research & Technology RT amazon.com/dp/B0BSNNBP1D?…

My friend jeppojeps - Antonio Nappa told me to write a book about Qemu focused on fuzzing some time ago during the worst times of the pandemy. Some months later we started to write something that these days became a real book: amazon.com/dp/B0BSNNBP1D?… that we called: Fuzzing Against the Machine

Del libro «La cuenta atrás para el verano». ♥️ #DíaMundialContraElCancer

One year ago, we noticed that Roskomnadzor---Russia’s media regulator---deployed information control measures to block access to some Western media that were covering the invasion of Ukraine. Information controls are frequent in wartime, and so are manoeuvres to bypass them. 1/

A Linux eBPF Rootkit. Juan Tapiador y Marcos S. Bajo en #criptoredcon2023 hablando de su investigación TripleCross - Criptored /RootedCON Alfonso Muñoz, Phd

Marcos Bajo y Juan Tapiador nos vienen a contar sobre eBPF y sus usos para crear malware. Resumen, Marcos es un malote, y deduzco que Juan nos enseñará a cómo defendernos de eBPF; el chico bueno

If you want to learn about offensive eBPF and you missed our talk at RootedCON this year, you can now watch it on youtube!

Did you know that there is a powerful debugger embedded in Chromium-based browsers and that extensions can use it by requesting the ‘debugger’ permission? A thread about our upcoming EuroS&P 2023 paper, with Jos� Miguel and Narseo Vallina. (1/n)

📢 PhD Position available in my group. Please RT! I will be recruiting a new PhD student to start soon after the summer break. The position is fully funded for up to 48 months. I will soon post an official announcement, but feel free to DM me for details if you're interested.

Gracias por todo, Francisco Ibáñez.

📢I'm hiring! Fully-funded PhD position in my group to work in the area of cyber threat analysis. More details about the position and how to apply here: 0xjet.github.io/openings.html DM || email me if you have questions. Deadline is Feb 20 but may be extended. Please RT for reach!

We @CISPA discovered that attackers could trigger infinite message loops at the application layer between servers of popular protocols such as DNS, FTP, or NTP. To trigger such an infinite loop, attackers just have to send a single (!) IP-spoofed trigger message. 1/4

This year I'll be giving a talk at Black Hat USA (Las Vegas) and USENIX Security (Seattle). So excited!! We'll share more details soon :)

In the #BHUSA Briefings course "Coroutine Frame-Oriented Programming: Breaking Control Flow Integrity by Abusing Modern C++," speakers will discuss Coroutine Frame-Oriented Programming (CFOP), a new exploitation technique that bypasses key CFI defenses (CET, CFG, LLVM CFI) on

It's finally happening! I'm heading to Black Hat USA to discuss our latest public research. There will be data-only attacks, control flow hijacking, CFI bypasses and lots of crazy ideas going on. See you there!! Black Hat