This is so cool: The LibAFL_QEMU ASan implementation was ported to rust
https://github.com/AFLplusplus/LibAFL/pull/3023

#LibAFL #QEMU #ASan #Rust

The recording of our webinar is here! 🎬 https://youtu.be/mXr4wBRpp3U

Watch as we analyze and exploit a router vulnerability using Time Travel Analysis in esReverse.

#cybersecurity #reverseengineering #webinar

@cR0w *build tool that allows an LLM to execute arbitrary code*

*LLM executes arbitrary code*

Authors: NO not like that!

IMO the hallmark of a "senior" vuln researcher is not only their ability to discover/exploit vulnerabilities in difficult targets, but, critically, their ability to effectively *invest and allocate resources*. Knowing when to sink more time/effort into an attack surface or difficult bug, and when you need to stop and *move on* is one of the hardest questions as a researcher, and you only develop that instinct through experience and hard-learned lessons.

https://bird.makeup/@sha1lan/1898821710604063177

That is actually my main fear with learning thru CTFs. The sense of time and possibility is quite different. Almost like playing fast chess versus longer time chess games. It could be good practice but it very likely is detrimental if done too often.

https://bird.makeup/@mncoppola/1898866447587197135

X41 performed an audit of Hickory DNS which is an open source Rust based DNS client, server, and resolver. We were sponsored by the great folks at @ostifofficial and supported by @ProssimoISRG

Our full report can be downloaded here: https://x41-dsec.de/security/research/job/news/2025/03/10/hickory-review-2025/

Simply smashing a device that you have physical access to is scored as CVSS 5.2 (Medium):

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

If anyone else ever needs this, here is a pin map of Renesas RL78/F13. Pads with ? are power supply, but there seems to be a bit too many of them, maybe for bonding options.

#electronics #reverseengineering

Broadcom and Cypress chips have the same HCI "backdoor" allowing to write to the Bluetooth chip's RAM. This feature is used for firmware patches.

We didn't request CVEs for that 9 years ago. Instead, we built the InternalBlue Bluetooth research framework.
https://github.com/seemoo-lab/internalblue

https://bird.makeup/@tarlogic/1897620731984273469

I’ve posted a detailed explanation of why the claimed ESP32 Bluetooth chip “backdoor” is not a backdoor. It’s just a poor security practice, which is found in other Bluetooth chips by vendors like Broadcom, Cypress, and Texas Instruments too. https://darkmentor.com/blog/esp32_non-backdoor/

The tension between vulnerability power and exploit technique flexibility

https://pacibsp.github.io/2025/the-tension-between-vulnerability-power-and-exploit-technique-flexibility.html

Stop devaluing your writing by slapping an ugly as fuck error-ridden AI image on your article/blogpost/newsletter.