Last day to submit your CFP for Recon recon.cx #reverseengineering #infosec #cybersecurity

my biggest fear is posting something like “very interesting bug i found that results in a very tight race condition, unfortunately it’s not exploitable” and having a CTF person respond 43 minutes later with an exploit PoC

Our iOS Pwn2Own bug in a nutshell. I spent so much time trying to heap groom w/ memory leaks in the MDS PPT parser and failed to get it any more reliable than just simple sprays. Hacker beard food. I think that experience made me hate the heap.

The libarchive e8 vulnerability is actually really cool, but the ZDI advisory doesn't explain why it's so wild lol. For some reason, I know about RAR filters, so let me provide the background. 🧵 1/n

Chris wrote a post about tweaking models for an RE assistant plug-in. There’s a few of those but the blog is a good travel journal describing the trip to get a local model working well (all new to me). Code and blog link at github.com/atredispartner…

🔺New on the Apple Security Research blog: introducing Private Cloud Compute! We believe this is the most advanced security architecture ever deployed for cloud AI compute at scale. security.apple.com/blog/private-c…

What happens if we let randomly initialized strings of code interact with each other in a closed system? In our latest work we show how surprisingly often self-replicators arise in a wide range of environments and computational substrates! 1/N arxiv.org/abs/2406.19108

24 hours until my REcon talk. Make sure to stop by! I apologize for the 10AM time slot (not my choice). Don’t party too hard tonight. I’ll have ibuprofen, caffeine gum, and some 5 Hour Energy for those who need it.

If you’re at REcon, Chris’s BootROM adventure at 4pm should be good. I wish I could have gone this year — super cool lineup as always. cfp.recon.cx/recon2024/talk…

Here's Chris' slides from his REcon talk on the DA1469x BootROM! bit.ly/3ztw8qe

My second sticker (from Blackwing Intelligence) obtained by begging someone on Twītter after seeing someone post a picture (also their FemtoCTF is neat)

Just to draw a larger picture: Performance optimization is a root cause of many other critical vulnerabilities, e.g, * Memory corruption (via UB deliberatly left undefined), * Side channels (via µ-arch/compiler opt), and * Working exploits despite known, but disabled mitigations.

Super cool potential ASLR leak via dictionary hashing by Jann Horn - [email protected]! googleprojectzero.blogspot.com/2025/09/pointe…

Vulnerability research is boring with few (very interesting) exceptions. Writing an exploit is the interesting part: a puzzle that obliging trillion dollar companies keep making more interesting! Figuring out how AI impacts the latest puzzles is going to be a blast.

I can't wait to slowly hand write my own exploits for IE8 in retirement. Polishing my heap spray and writing my Python payload generator character by character. Go down to the VFW parking lot on a Saturday morning to display it next to some old nerds rebuilt Apache remote.

It’s funny how the new models refuse to write my Windows 3.1 ROP chain for me because they’re too pure. Do you think I can get access to gpt-5.4-cyber if I say I want to pop a calc in software from 1992?

AI is having a really hard time exploiting a Win 3.1 app specific heap overflow. Win 3.1 has a sort-of DEP and non-OS modules are loaded at unpredictable segment addresses. The vuln needs a less greedy approach but trying to avoid too many breadcrumbs.