The end of an era.

If you don’t know what Tavis (and the P0) has contributed to and changed the vulnerability research community, let me give you just an example: if not because of Tavis and P0, we’d be still waiting 6 or 12 months to get a Windows or Office bug patched.
https://bird.makeup/users/taviso/statuses/1976724463103426860

We've just published "Streamlining Vulnerability Research with the idalib Rust Bindings for IDA 9.2" by @raptor, now live on our freshly restyled blog:

https://hnsecurity.it/blog/streamlining-vulnerability-research-with-the-idalib-rust-bindings-for-ida-9-2/

Originally featured last week as a guest post on the @HexRaysSA blog, this article shows how Marco's headless #IDA plugins written in #Rust can be used to scale up #vulnerability research and uncover real-world security issues efficiently.

If you’re into reverse engineering, automation, or vulnerability discovery, this one's a must-read! 💻 🦀

A nice and short blog post about blinding EDR with WFP by my colleague Florian.

"Blinding EDRs: A deep dive into WFP manipulation"

https://blog.scrt.ch/2025/08/25/blinding-edrs-a-deep-dive-into-wfp-manipulation/

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00867b00

____strtol_l_internal

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00867b00.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00867b00.json&colors=light

RE: https://infosec.exchange/@BleepingComputer/115367382398075001

Another one??

A new breed of analyzers.

And they use AI.

https://daniel.haxx.se/blog/2025/10/10/a-new-breed-of-analyzers/

Frida 17.4 introduces Simmy, a new backend for Apple’s Simulators on macOS.

Spawn, attach, and instrument apps — just like on a real device. #ios #reverseengineering

If you're curious, here are 158 of Joshua's reported issues on #curl to give you an idea what we talk about.

We have manually gone trough them all and dismissed or addressed them. None of them has been deemed a security problem. Not all the PRs for the valid problems have been merged yet.

https://gist.github.com/bagder/d1fff7f0471fbbe71354048a282e098e

It took four years, but now there is spec for lock files https://snarky.ca/why-it-took-4-years-to-get-a-lock-files-specification/

Sent from Los Gatos, California, U.S.A. on July 16, 1995. https://postcardware.net/?id=36-67

INTERVIEW of "MB" WhereWarlocksStayUpLate:

https://wherewarlocksstayuplate.com/interview/mohammed-bagha/

You have inspired many. We are fans:⚡️🌊🎠

https://wherewarlocksstayuplate.com/interview/mohammed-bagha/

Learn Turbo Pascal - a video series originally released on VHS

https://www.youtube.com/watch?v=UOtonwG3DXM

#pascal #turbopascal #retrocomputing

The IBM System/360 machine instructions reference card #s360 #assembly #mainframe https://archive.computerhistory.org/resources/access/text/2010/05/102678081-05-01-acc.pdf

Yes we are all normal here in HUMANSVILLE. We are all HUMANS of course. No need to check.

The Debugging Book

Interactive guide exploring automated debugging, testing, and program repair with Python examples for researchers and developers.

https://www.debuggingbook.org/

#Fuzzing #Testing

Fun times with Telerik UI and DoS by default (it will hit for a long time I think). Sometimes it may lead to more fun, like RCE :)
Gadgeting inspired by @pwntester Oleksandr and @stevenseeley

Blog:

https://labs.watchtowr.com/more-than-dos-progress-telerik-ui-for-asp-net-ajax-unsafe-reflection-cve-2025-3600