REhints

New #CodeXplorer v2.1 [IDA7 Edition] released! Changelog: multiple bugfixes, added gcc Virtual Tables and RTTI parsing, improved Linux and macOS support. github.com/REhints/HexRay… #REhints

Video is up from my RE//verse talk on Agentic Diffing Apple Security Updates. If you're curious about how AI can accelerate your reverse engineering workflows, check it out. Especially useful if you're looking to get started with agentic RE.

My analysis of CVE-2025-43520, the kernel vulnerability exploited by DarkSword (patched in 26.1): gist.github.com/Muirey03/8c837…

Deep dive into the provisionning an on-prem low-privileged #LLM stack, with air-gapped networking and GPU-isolation, hardened down to kernel modules. What could possibly go wrong? Read the full article here: synacktiv.com/en/publication…

CVE-2025-24257 — IOGPUFamily kernel heap OOB write on iOS 18.3 .. First public PoC — built entirely github.com/crazymind90/CV…

Catch Christopher Domas’ keynote from RE//verse 2026! fail: jmp fail (everything I got wrong in RE and security research) gets into the dead ends, bad ideas, and wasted hours behind real progress in RE and security work. Watch now: youtu.be/iOq8O_phwbA?si…

#ESETresearch analyzed more than 80 EDR killers, seen across real-world intrusions, and used ESET telemetry to document how these tools operate, who uses them, and how they evolve beyond simple driver abuse. welivesecurity.com/en/eset-resear… 1/6

The Xbox One was hacked for the first time in over a decade at RE//verse! Watch the full talk here: youtu.be/FTFn4UZsA5U?si…

Get insights into your software supply chain, now free and open source. SBOMs are a powerful type of report. If you generate them, make sure you’re collecting and monitoring them at scale.

Reverse engineered Apple’s Background Security Improvement (BSI) update for iOS 26.3.1. Found potential WebKit SOP bypass it patches — NavigateEvent.canIntercept=true on cross-port navigations that should be non-interceptable. Impact: redirect hijack github.com/zeroxjf/WebKit…

Very impressive independent research into modern software obfuscation used by Anti-Cheats, conducted by @belabs_engineer and @belabs_james youtube.com/watch?v=3LtwqJ…

An analysis of CVE-2026-21236 - A heap based buffer overflow in the Microsoft Windows Kernel afd.sys - was just published by @ASN_Sinanju_06S a recent secondment with my team EDG! Nice work for her first triage of a kernel memory corruption bug! nccgroup.com/research/vulne…

We achieved a guest-to-host escape by exploiting a QEMU 0-day where the bytes written out of bounds were uncontrolled. Full breakdown of the technique, glibc allocator behavior, and our heap spray/RIP-control primitive ↓

🪄✨Announcing sbom-tools v0.1.16 — open-source SBOM analysis that helps you spot supply chain gaps faster. This release adds broader CycloneDX/SPDX + VEX support, OSV/CISA KEV enrichment, semantic diffing, quality scoring, and compliance checks. Try it: github.com/sbom-tool/sbom…

My talk at RE//verse is online, pure geek entertainment youtube.com/watch?v=UKGH_Y… Slides #slide=id.g58816a5281_0_0" target="_blank" rel="nofollow noopener">docs.google.com/presentation/d… CosmicHammer project - send us your bitflips github.com/fuzzsociety/Co… Please give it some RT love, this is the ultimate twist of rowhammer @halvarflake @moyix

Nice blog! This hits a real pain point with current SAST tooling. Most of it just runs a bunch of generic checks without understanding the actual threat model or where the real security boundaries are. That lack of semantic context is exactly the issue, I’ve been arguing for a while that detection logic needs to be context-aware, and trying to bolt that on manually with rules just doesn’t scale. This is a very natural place for LLMs to add value. With AI accelerating code production, we also need to move beyond the simple rubric of “bug exists -> reachable -> fix it.” That model breaks down at scale (reachable != exploitable). What’s missing is deeper context around exploitability, and how real is the risk, what’s the blast radius, and what actually matters to fix first. That’s the layer that will drive meaningful prioritization. Also, using LLMs purely for triaging SAST findings after the fact gets expensive very quickly at scale. It’s the easiest path, so a lot of tools go there now, but without deeper integration into the analysis pipeline, it’s a pretty inefficient approach.

openai.com/index/why-code… a Monday morning blogpost for your perusal and enjoyment !

The recording of my talk "Challenges in Decompilation and Reverse Engineering of CUDA-based Kernels" at @REverseConf is now online! Recording: youtube.com/watch?v=ns5jFu… Slides: nicolo.dev/files/pdf/reve… Binary Ninja plugin: github.com/seekbytes/ptxN…

RIP FX We collected some texts from the community in memory of @41414141 . You can find them here phenoelit.de/fx.html

Just released DriverExplorer — a Rust utility for exploring Windows kernel drivers. • Enumerate loaded drivers • Easily Load / Unload drivers • Built for Windows kernel devs & security researchers: github.com/orinimron123/D…

Looks like iOS remote kernel debugging is working well with Binary Ninja and a virtual iPhone running iOS 26.3