Alon Zahavi

Just discovered a simple bug that can make your ChatGPT completely unusable: a persistent DoS across all chats using the 'Voldemort' bug, a jailbreak trick, and its memory feature. Full breakdown below! 🧵👇

Slides and recording from my "SLUB Internals for Exploit Developers" talk at @LinuxSecSummit yesterday 🥳 Slides: docs.google.com/presentation/d… Slides PDF: static.sched.com/hosted_files/l… Recording: youtu.be/WWQh4yAoXME?t=…

A deep dive into CVE-2023-2163: How we found and fixed an eBPF Linux Kernel Vulnerability An article by @thatjiaozi and Meador Inge about exploiting a bug in the eBPF subsystem found with buzzer. bughunters.google.com/blog/630322602…

Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller #NVMe #Linux #KernelFuzzer #NVMeOF #Subsystems cyberark.com/resources/thre…

My talk at #HITBxPHDays "A Bug Hunter's Reflections on Fuzzing" I describe what is special in fuzzing for vulnerability discovery and how to adapt the syzkaller kernel fuzzer for security research. Video: youtube.com/watch?v=wTbFmd… Slides: a13xp0p0v.github.io/img/Alexander_… It's fun, enjoy!

Update: Alon also gave a talk at @1ns0mn1h4ck about his research. Video: youtube.com/watch?v=Jc25CM… Slides: download.scrt.ch/insomnihack/in…

Had an amazing experience at @1ns0mn1h4ck this year, talking about adding NVMe-of/TCP to syzkaller. In case you want to check it out: Here’s the recording - m.youtube.com/watch?v=Jc25CM… And the slides - download.scrt.ch/insomnihack/in…

Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller An article by @Alon_Z4 about externally fuzzing the NVMe-over-TCP packet parsing paths with syzkaller. cyberark.com/resources/thre…

Be sure to check out my recent blog about my latest research “Your NVMe had Been Syz’ed”. In there I show how to add new subsystems to syzkaller, and how to use it to find new vulnerabilities. cyberark.com/resources/thre…

It was a pleasure to talk about my latest project of adding NVMe-oF/TCP to syzkaller during the @1ns0mn1h4ck conference.

📢New Blog Post!📢 Curious about fuzzing on Hyper-V? Check out Fuzzer-V, a powerful fuzzing tool that uses WinAFL and IPTKernelDll. Get all the insights in our latest blog post: cyberark.com/resources/thre… #fuzzing #HyperV #cybersecurity #VulnerabilityResearch

The recorded session of my talk at @reconmtl is live! youtube.com/watch?v=szCZH6…

Submit your talk today at INTENTsummit.org.

A deep dive into how we've found some cool low-hanging-fruits in the Linux kernel 🐞🔍cyberark.com/resources/thre…

כולם אשמים חוץ ממני כמובן

ביבי: נעגן בחוק את זכויותיהם של כל אזרחי מדינת ישראל. גם ביבי: מצביע נגד חוק האיזוק האלקטרוני. מסתבר שאזרחיות זה לא אזרחים

👍Check out my new blog post about a bug in the not-so-well maintained NTFS3 driver in the Linux Kernel 👍 cyberark.com/resources/thre…

The #NTFS3 driver for #Linux is not without its flaws. I #bug has been found by @Alon_Z4 that could lead to a denial-of-serveice attack. #DoS cyberark.com/resources/thre…

Drivers, bugs, and where to find them cyberark.com/resources/thre…