@gannimo.bsky.social
Great time at the Intel Academic Security Conference hosted by Intel Labs! 🚀 I presented our work on SecureCells & PtrShield. #Security #Research #Intel Full details: infosec.exchange/@gannimo/115...
September 11, 2025 at 5:33 PM
Great time at the Intel Academic Security Conference hosted by Intel Labs! 🚀 I presented our work on SecureCells & PtrShield. #Security #Research #Intel Full details: infosec.exchange/@gannimo/115...
Last week, @icepfl.bsky.social hosted #LakeCTF, a major academic CTF competition with amazing challenges. Congrats to @polygl0ts.ch for the flawless organization! I especially enjoyed the retro-challenges on real devices, especially hacking old basic interpreters! 👾👾👾 actu.epfl.ch/news/zer0roc...
Zer0RocketWrecks has won LakeCTF, Switzerland's top Capture the Flag
Ten teams have taken part in the third edition of this security hacking contest organized by EPFL’s Capture the Flag team, the polygl0ts and the School of Computer and Communication Sciences.
actu.epfl.ch
May 14, 2025 at 7:34 PM
Last week, @icepfl.bsky.social hosted #LakeCTF, a major academic CTF competition with amazing challenges. Congrats to @polygl0ts.ch for the flawless organization! I especially enjoyed the retro-challenges on real devices, especially hacking old basic interpreters! 👾👾👾 actu.epfl.ch/news/zer0roc...
So many amazing papers at #IEEESSP Oakland'25 this year. Congratulations to all authors on your accepted papers and an amazing program overall. Sadly, I couldn't make it this year but my fallback program to go hike with the kids was not too bad either!
May 14, 2025 at 5:39 PM
So many amazing papers at #IEEESSP Oakland'25 this year. Congratulations to all authors on your accepted papers and an amazing program overall. Sadly, I couldn't make it this year but my fallback program to go hike with the kids was not too bad either!
Today I received my first spear phishing attempt with a great context and reasonable request. 🤩🤩🤩 Does that mean I'm important now?
May 2, 2025 at 1:50 PM
Today I received my first spear phishing attempt with a great context and reasonable request. 🤩🤩🤩 Does that mean I'm important now?
The universe is sending a very clear signal that I should stay TF out of France. Flight cancelled after 3hr delay and we ended up driving all night because no flights or trains were available the next three days. Thanks #easyjet!
April 12, 2025 at 3:59 AM
The universe is sending a very clear signal that I should stay TF out of France. Flight cancelled after 3hr delay and we ended up driving all night because no flights or trains were available the next three days. Thanks #easyjet!
The #THcon organizers suggested that I take a hotel in the city center and commute to the conference. In spite of bad past experiences in every major city in France, I took their advice and learned why Toulouse does not have a problem with transport strikes: they got rid of the conductors!
April 10, 2025 at 8:17 PM
The #THcon organizers suggested that I take a hotel in the city center and commute to the conference. In spite of bad past experiences in every major city in France, I took their advice and learned why Toulouse does not have a problem with transport strikes: they got rid of the conductors!
What great fun to speak at #THCON2025 in Toulouse and present some of the #HexHive research on Android (in-)security. Find me if you want to nerd out about fuzzing, system mitigations, and any insecure components.
April 10, 2025 at 3:48 PM
What great fun to speak at #THCON2025 in Toulouse and present some of the #HexHive research on Android (in-)security. Find me if you want to nerd out about fuzzing, system mitigations, and any insecure components.
In Switzerland we take our security and our pocket knives seriously. That's why you can buy pocket knives right before boarding at Geneva airport. 🗡️🛫
April 8, 2025 at 2:38 PM
In Switzerland we take our security and our pocket knives seriously. That's why you can buy pocket knives right before boarding at Geneva airport. 🗡️🛫
Good bye San Diego and #NDSS25, it was a pleasure. Until next year (hopefully) for #NDSS26. What an amazing trip overall with great discussions, the best tacos and the best people! nebelwelt.net/blog/2025/02...
February 28, 2025 at 12:08 AM
Good bye San Diego and #NDSS25, it was a pleasure. Until next year (hopefully) for #NDSS26. What an amazing trip overall with great discussions, the best tacos and the best people! nebelwelt.net/blog/2025/02...
To anyone fuzzing JavaScript: check out Dumpling, our new oracle for precise state comparison #NDSS25. nebelwelt.net/blog/2025/02...
Dumpling: dumping fine-grained execution state
JavaScript engines face a dilemma: on one end, they need to be extremely efficient as they are processing millions of lines of JavaScript code,...
nebelwelt.net
February 27, 2025 at 7:36 PM
To anyone fuzzing JavaScript: check out Dumpling, our new oracle for precise state comparison #NDSS25. nebelwelt.net/blog/2025/02...
Did you always want to fuzz with #MSan but were worried about false positives? Fear no more, with QMsan #NDSS25, we create a binary-rewriting based approach that reduces false positives efficiently! nebelwelt.net/blog/2025/02...
QMSan: discovering uninitialized memory errors in binaries
Sanitizers serve as the primary bug detection Oracle during automated testing. They
nebelwelt.net
February 27, 2025 at 4:18 PM
Did you always want to fuzz with #MSan but were worried about false positives? Fear no more, with QMsan #NDSS25, we create a binary-rewriting based approach that reduces false positives efficiently! nebelwelt.net/blog/2025/02...
Interested in #fuzzing #hypervisors? With Truman we create precise device models that are state-aware and precisely mutate message sequences #NDSS25 nebelwelt.net/blog/2025/02...
Truman: discovering hypervisor bugs through virtual device models
Hypervisors power not just the cloud but are becoming a commodity in mobile phones and desktops as well. They separate virtual machines from each...
nebelwelt.net
February 27, 2025 at 4:17 PM
Interested in #fuzzing #hypervisors? With Truman we create precise device models that are state-aware and precisely mutate message sequences #NDSS25 nebelwelt.net/blog/2025/02...
I'm on my way to San Diego for Internet Society's yearly Symposium on Networked and Distributed Systems. If you're around, reach out and ping me if you want to go for a run along the beach in the morning! 🏃 #NDSS25
February 24, 2025 at 9:37 AM
I'm on my way to San Diego for Internet Society's yearly Symposium on Networked and Distributed Systems. If you're around, reach out and ping me if you want to go for a run along the beach in the morning! 🏃 #NDSS25
Great summary of the benefits of memory safety. For security, one key angle is IMO missing: compartmentalization which will contain faults and enable higher level reasoning about control and data flow across compartments.
I gave a day 1 closing keynote at DistrictCon yesterday. Surprisingly, it was a security talk about memory safety.
Slides are here:
docs.google.com/presentation...
Slides are here:
docs.google.com/presentation...
Memory Safety
Is this memory safety here in the room with us? Halvar Flake / Thomas Dullien DistrictCon 0 2025
docs.google.com
February 23, 2025 at 1:02 PM
Great summary of the benefits of memory safety. For security, one key angle is IMO missing: compartmentalization which will contain faults and enable higher level reasoning about control and data flow across compartments.
As always, the congress #38c3 was amazing. Lots of great discussions, insane hacks, and some secret adventures. Check out my blog with some recommended talks: nebelwelt.net/blog/2024/12...
December 30, 2024 at 5:04 PM
As always, the congress #38c3 was amazing. Lots of great discussions, insane hacks, and some secret adventures. Check out my blog with some recommended talks: nebelwelt.net/blog/2024/12...
Luca and Rokhaya rocking the #38c3 stage, shitting on ML and ranting about binary similarity. What a fun talk! events.ccc.de/congress/202...
December 29, 2024 at 7:27 PM
Luca and Rokhaya rocking the #38c3 stage, shitting on ML and ranting about binary similarity. What a fun talk! events.ccc.de/congress/202...
Reposted
This Salt Typhoon stuff is insane. The entire FISA surveillance infrastructure has been completely owned by China and literally no part of our telecom infrastructure is safe to use without end-to-end encryption.
December 29, 2024 at 9:50 AM
This Salt Typhoon stuff is insane. The entire FISA surveillance infrastructure has been completely owned by China and literally no part of our telecom infrastructure is safe to use without end-to-end encryption.
Reposted
Tomorrow I'll present a talk in CCC, "Ultrawide Android Archaeology". We uncover how massively outdaded native libraries are (still vulnerable to 5+ yrs old CVEs) and we also use the occasion to rant on ML. Find me tomorrow at 20:15 in Saal Glitch! #38c3
December 28, 2024 at 4:37 PM
Tomorrow I'll present a talk in CCC, "Ultrawide Android Archaeology". We uncover how massively outdaded native libraries are (still vulnerable to 5+ yrs old CVEs) and we also use the occasion to rant on ML. Find me tomorrow at 20:15 in Saal Glitch! #38c3
As it turns out, Volkswagen has been collecting extensive geo data from all their electric cars and made them available online in an AWS bucket. Almost 10TB of geo traces from 15 MiO cars. Amazing detail and patterns. This is why I don't want a smart car 🤯 events.ccc.de/congress/202... #Volksdaten
38c3: Wir wissen wo dein Auto steht - Volksdaten von Volkswagen
Welche Folgen hat es, wenn VW massenhaft Fahrzeug-, Bewegungs- und Diagnosedaten sammelt und den Schlüssel unter die Fußmatte legt?
Was verraten Fahrzeugdaten über die Mobilität von Behörden, Ämtern,...
events.ccc.de
December 27, 2024 at 9:52 PM
As it turns out, Volkswagen has been collecting extensive geo data from all their electric cars and made them available online in an AWS bucket. Almost 10TB of geo traces from 15 MiO cars. Amazing detail and patterns. This is why I don't want a smart car 🤯 events.ccc.de/congress/202... #Volksdaten
2024 has been an exciting year! We pushed the boundaries of fuzzing and ventured into Android security, uncovering some fascinating bugs along the way. Don’t miss the highlights: check out my latest blog post for a summary with links to some of our most fun papers: nebelwelt.net/blog/2024/12...
From Fuzzing to Frameworks: 2024 Research Highlights
2024 was an active year for the HexHive research group, marked by tireless efforts to enhance the security of various complex systems. A key trend...
nebelwelt.net
December 27, 2024 at 3:45 PM
2024 has been an exciting year! We pushed the boundaries of fuzzing and ventured into Android security, uncovering some fascinating bugs along the way. Don’t miss the highlights: check out my latest blog post for a summary with links to some of our most fun papers: nebelwelt.net/blog/2024/12...
Security startups need to be super vigilant. They become targets of sophisticated attacks as supply chain attacks increase www.vulnu.com/p/breaking-c...
Breaking: Cyberhaven Chrome Extension Compromised in Holiday Attack Campaign
An attacker successfully phished a Cyberhaven employee, gained access to Chrome Web Store admin credentials, published a malicious version of the extension
www.vulnu.com
December 27, 2024 at 7:45 AM
Security startups need to be super vigilant. They become targets of sophisticated attacks as supply chain attacks increase www.vulnu.com/p/breaking-c...
Fun day, snow day, ski day! ⛷️
December 15, 2024 at 9:34 PM
Fun day, snow day, ski day! ⛷️