🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

I found a vulnerability that allowed me to unlock any Google Pixel phone without knowing the passcode. This may be my most impactful bug so far. Google fixed the issue in the November 5, 2022 security patch. Update your devices! bugs.xdavidhu.me/google/2022/11…

Highly recommend checking this out. It's really well-written and easily understandable for someone who has never worked with fuzzers.

TIL: You can use unicode characters in WLAN SSIDs. 🤯

Come learn to fuzz like a pro: Live now on Twitch and YouTube! twitch.tv/trailofbits youtube.com/watch?v=bhb_y8…

"There are approximately 1.5 million total lines of Rust code in AOSP ... To date, there have been zero memory safety vulnerabilities discovered in Android’s Rust code." security.googleblog.com/2022/12/memory…

After continuing to see new tools emerging, which rely on extracting the NTDLL syscall IDs from "mov eax, X" instruction, I wanted to remind everyone that syscall IDs can easily be calculated by sorting the addresses of Nt*/Zw* functions in NTDLL from lowest to highest. 🍻

fun coding problems are like, the most addictive thing to me. i was planning to play more video games but i got so sucked into coding instead lol. i’ve been coding for 12+ hours today. like jesus christ.

Even Bjarne is jumping on the "blindly cite CVEs to bash Rust" train. It's not just randos on the internet, unfortunately. Maybe I should write a Rust CVE explainer…

If you missed us (CC: Moritz Schloegel) at REcon 2022, the recording of our talk "The Next Generation of Virtualization-based Obfuscators" has been released. We talk about how to break current VMs, the next-gen deployed in industry and their impact on code deobfuscation research.

Technologieplauscherl 79!

whoa, this is bigger than ChatGPT to me. google almost solved music generation, i'd say. google-research.github.io/seanet/musiclm…

My display hackery is pushed to GitHub now github.com/shinyquagsire2…

Web Security vs. Binary Exploitation

Wrote a new blog post about hacking a silent disco. Read it here: not-matthias.github.io/posts/hacking-…

All the details about this vuln and much more will be revealed tomorrow by us (me, Leonid Bezvershenko, Georgy Kucherin) during our talk “Operation Triangulation: What You Get When Attack iPhones of Researchers” at #37c3 (14:45 CET). There will also be a live stream. fahrplan.events.ccc.de/congress/2023/…

Absolutely enjoyed every little piece about this talk. Highly recommend checking it out!

A preprint of my paper "Deobfuscation of Semi-Linear Mixed Boolean-Arithmetic Expressions" (arxiv.org/abs/2406.10016) is now available. This work extends algebraic MBA deobfuscation techniques to handle semi-linear MBAs - a class that existing techniques struggle with.