![ReversingWithMe's profile picture. Object File Analysis, Programming Scientist.
I use [lol, haha, :), !] to deal with Poe's Law.
Reserve right to be wrong sometimes.](https://pbs.twimg.com/profile_images/1599224946038779904/DqxmcYpo.jpg)
Ryan
@ReversingWithMe
Object File Analysis, Programming Scientist. I use [lol, haha, :), !] to deal with Poe's Law. Reserve right to be wrong sometimes.
You might like
woot nice vuln find from @joernchen .. Anyone using LangGraph better upgrade. RCE via json deserialization in graph.invoke() which is the main api github.com/langchain-ai/l…
As part of the research process, the Big Sleep team has been looking at different code bases that present the models with unique technical challenges to solve. We believe transparency is very important, so these findings are shared in the Big Sleep tracker and currently include…
We’re excited to see the security and OSS communities engage on vulnerability disclosure in light of new AI technologies that we believe will enable both defenders and attackers alike. Existing and emerging norms around disclosure are important debates, and we’ve noted the…
To secure the future of software, we must first understand it! A new white paper from @__winn & @sergeybratus touches on a timely ask: "Invest in Research on Software Understanding"
🚨 NEW PAPER 🚨: “From Chaos to Capability: Building the U.S. Market for Offensive Cyber” by myself and @SergeyBratus 👉 ists.dartmouth.edu/programs/publi… Should the U.S. outsource its cyberattacks? We talked to 30 experts across gov, VC, and industry to find out.
A few months ago, @rootxharsh and I gave a talk, sharing the slides here in case they’re helpful to anyone.
oh shiiittttttt
It was a huge honor to give the keynote for this excellent workshop! Thanks so much to @mahal0z for inviting me; I'm delighted to see that the RE research community is thriving!
CCS has come to a close, and so has the first-ever SURE Workshop. We want to thank the authors, the PC, @moyix, our panel, and CCS for making SURE a success. We felt the support for this research area (the room was packed out for more than half the day). See you all next year!
Finally done with #flareon12. The 9th task was quite a ride. I need some tips from those who did the whole thing in less than a week.
No gonna lie, I'm the biggest Apple hater for very very good reasons, but their last research paper explaining why they weren't interested in pursuing LLMs seems more and more like its gonna be correct.
It's been about a week since we completed DARPA's AIxCC, where we came in 5th and had the most accurate autonomous patching system in the competition. In the coming days, I'll be describing how we achieved it on the patching side. Stay tuned. Our CRS: github.com/shellphish/art…
I’ve looked through the AIxCC repos. If you are going to get started and try to adapt for your use, I suggest looking at @trailofbits and @theori_io CRS first. And ofc anyone who takes my AI Agents for Cybersecurity class will get a deep dive on this along with my own agents!
Veracode just dropped a bombshell of a 2025 GenAI Code Security Report showing AI codegen consistently produces code with high rate of vulnerabilities
“Veracode found Java to be the riskiest language for AI code generation, with a security failure rate over 70 percent. Other major languages, like Python, C#, and JavaScript, still presented significant risk, with failure rates between 38 percent and 45 percent. The research also…
businesswire.com
AI-Generated Code Poses Major Security Risks in Nearly Half of All Development Tasks, Veracode...
Veracode today unveiled its 2025 GenAI Code Security Report, revealing that AI-generated code introduces security vulnerabilities in 45% of cases.
Evaluating LLM-based Agents This report has a comprehensive list of methods for evaluating AI Agents. Don't ignore evals. If done right, they are a game-changer. Highly recommend it to AI devs. (bookmark it)
I think it's about time we have a talk about timestamp field in PE and the problem with platforms using it as a detection metric. Let's start off by explaining what "timestamp" field we're talking about here. In a standard compiled PE, a field exists called TimeDateStamp in the…
The code for building and updating the ARVO dataset, a collection of over 5000 memory safety vulnerabilities in open source software, is now open source! Link in reply :)
1/ 🔥 AI agents are reaching a breakthrough moment in cybersecurity. In our latest work: 🔓 CyberGym: AI agents discovered 15 zero-days in major open-source projects 💰 BountyBench: AI agents solved real-world bug bounty tasks worth tens of thousands of dollars 🤖…
Our engineering & research team put together a deep dive on the multi-agent system that powers our Research capability in Claude[dot]ai; lots of fun details architectural diagrams, and prompting learnings here: anthropic.com/engineering/bu…
In my recent conference talks on browser security, I showed a calc-popping exploit demo that targets Firefox 135.0. For educational purpuses, to try to demistify some of that calc popping magic, the demo code is now public project-zero.issues.chromium.org/issues/3890794…
👋 Please join us in welcoming @RolfRolles as Hex-Rays’ new Chief Scientist! Rolf brings decades of RE expertise, with standout work in obfuscation, decompilation, and software protection. At Hex-Rays, he’ll lead research into next-gen decompilation and automated program…
United States Trends
- 1. Veterans Day 123K posts
- 2. Mainz Biomed N/A
- 3. #csm220 N/A
- 4. United States Armed Forces N/A
- 5. Good Tuesday 34.1K posts
- 6. Vets 15.2K posts
- 7. #MYNZ 1,115 posts
- 8. #tuesdayvibe 2,068 posts
- 9. SoftBank 10K posts
- 10. Armistice Day 14.1K posts
- 11. Wike 21K posts
- 12. Nico Harrison 8,234 posts
- 13. #Gratitude 1,759 posts
- 14. #Talus_Labs N/A
- 15. Nasdaq 36.7K posts
- 16. Fritz 8,043 posts
- 17. Taco Tuesday 12.4K posts
- 18. Made in China 3,689 posts
- 19. Bond 63.6K posts
- 20. Antifa 126K posts
Something went wrong.
Something went wrong.