Exciting story on collaboration between Google Android Offsec and ARM product security on proactively securing Mali GPU attack surface in Android and beyond. Among proactively identified and mitigated issues is CVE-2024-0153 in GPU firmware.

I’m super excited about this blogpost. The approach is so counterintuitive, and yet the results are so much better than anything else that we’ve tried for memory safety. We finally understand why. security.googleblog.com/2024/09/elimin…

We have cleaned up the #LibAFL example fuzzers! This makes things easier to find and understand. Thanks to Romain Take a look 👀👀 github.com/AFLplusplus/Li…

💥PoC is now public! target = "https://{ip_address}/cgi/login.cgi" command = "touch /tmp/BRLY" libc = 0x76283000 # we try to guess gadget1 = 0x000D8874 # pop {r0, r1, r2, r3, fp, pc}; gadget2 = 0x001026D4 # mov r0, sp; blx r3; system = 0x0003C4D4 github.com/binarly-io/Too…

IDAlib is the first idiomatic Rust bindings library for Hex-Rays SA IDA SDK, helping go beyond C/C++ or Python in RE automation. Huge thanks to Sam Thomas for making it happen! Binarly team ❤️ Rust 🙌 🛠️use idalib::idb::*; 🦀crates.io/crates/idalib

Excited to give this talk 🔥🔥🔥

CVE-2024-9143 (openssl-library.org/news/secadv/20…) was disclosed recently, which was found by OSS-Fuzz-Gen! This is a pretty proud example of our team showing the promise of leveraging LLMs enable more fuzzing coverage.

I've written a post on SELinux and some public bypasses for Android kernel exploitation. It's especially relevant for Samsung and Huawei devices due to their use of hypervisors. Check it out here: klecko.github.io/posts/selinux-…

As promised, here is a new article: PlayStation Vita (Part 1). Enjoy! copetti.org/writings/conso…

LibRaw RCE vulnerabilities found by polict from our team: - github.com/google/securit… - github.com/google/securit…

Project Zero blog: LLMs find 0days now! 👀 And: our fuzzer setup did *not* reproduce it! googleprojectzero.blogspot.com/2024/10/from-n…

A while ago I've given a talk on how to build exceptional security research teams: github.com/rrbranco/Prese… - I continue convinced that is all that is needed. The adage "Great people leave managers, not companies" continues to be true.

r00tkitsmm.github.io/fuzzing/2024/1… TL;DR I Implemented a super reliable macOS kernel binary rewriting to instrument any KEXT or XNU at BB or edge level.

Getting made fun of because you cover laptop webcam with a sticker? 😭 Here are materials from my talk about controlling ThinkPad X230 webcam LED over USB presented at POC by POC_Crew 👨‍👩‍👦‍👦 😎 Use these as a comeback 😁 Slides: docs.google.com/presentation/d… Code: github.com/xairy/lights-o…

“Break into the world of vulnerability research... and become a zero-day hunter.” I have a new book with No Starch Press! Behind the curtain of zero-day research, there are fundamental building blocks you can learn. In early access now and out in Spring 2025! nostarch.com/zero-day

Excited to share our latest post on memory safety! We're tackling spatial safety in our massive C++ codebase by hardening libc++ *by default*. It adds bounds checks to things like std::vector, preventing a fair bit of out-of-bounds vulnerabilities: security.googleblog.com/2024/11/retrof…

Slides for my Ekoparty | Hacking everything talk "Advanced Fuzzing With LibAFL" - > docs.google.com/presentation/d…

Custom Linux kernel fuzzing with libFuzzer by . r00tkitsmm.github.io/fuzzing/2024/0…

Slides for my talk at H2HC 2024: Diving into Linux kernel security 🤿 I described how to learn this complex area and knowingly configure the security parameters of your Linux-based system. And I showed my open-source tools for that purpose! a13xp0p0v.github.io/img/Alexander_…