Marius Momeu

43 posts

Marius Momeu

@MariusMomeu

Postdoc at UC Berkeley | PhD at TU Munich | Ex-Brown

Berkeley, California Katılım Kasım 2018

287 Takip Edilen88 Takipçiler

Marius Momeu@MariusMomeu·8 May

We're building an agentic framework for scaling vulnerability research to find and fix (deep) bugs in critical software. Our agents cover the entire spectrum: bug finding, PoC generation, patch synthesis and testing!

Yiwei Hou@yiwei_hou

You are welcome to request a Revelio scan of your own repository: docs.google.com/forms/d/e/1FAI…. 🌟Full blog: m1-llie.github.io/Revelio-agent-…. With @MogicianTony, @MuxiLyu7038, @MariusMomeu, @dawnsongtweets, @koushik77, and David Wagner. @ericnwen and @shtigeryang also contributed.

English

Marius Momeu@MariusMomeu·8 May

Try out our new open-source AI coding assistant for boosting your productivity right in your IDE or CLI! It supports all major models (API key/subscription), is fine tuned for delivering (hard) tasks reliably, and adopts a wide set of effective software engineering practices!

Koushik Sen@koushik77

I am thrilled to announce the release of a new version of KISS Sorcar at github.com/ksenxx/kiss_ai. KISS Sorcar is a general-purpose AI assistant and IDE, implemented as a Visual Studio Code extension and a web/mobile app, built on its KISS Agent Framework. It runs locally, is free and open source, and uses model API keys from major LLM providers such as Anthropic. It also supports Claude Code, or OpenAI Codex. New KISS Sorcar implements parallel agents, a Git worktree isolation, multiple tabs, a Sorcar web/mobile app, third-party agents, and skills. At its core, KISS Sorcar is a reliable coding and research assistant with strong browser support through Chromium and Playwright, multimodal support, Docker container support, and the ability to run agents for extended periods. KISS Sorcar scored 62.2% on Terminal Bench 2.0, slightly ahead of Cursor agent at 61.7% and Claude Code at 58%.

English

447

Marius Momeu@MariusMomeu·12 Şub

I spent $174 getting KISS AI to translate 28K lines of C to Rust. 12 open-source projects, 100% success rate, some ran *faster* than C. The agent caught bugs, generated 1.8K tests, and much more. Full deep dive: dev.to/mariusmomeu/i-…

English

18.8K

Marius Momeu@MariusMomeu·19 May

Had an excellent time last week at @IEEESSP presenting our work IUBIK on hardening OS kernels!

Vasileios Kemerlis@vkemerlis

📢 Last week, Brown Secure Systems Lab (SSL, gitlab.com/brown-ssl/) was at @IEEESSP 2025, where we presented our latest work on hardening OS kernels against attacks that (ab)use heap-based memory-safety vulnerabilities. #brownssl #browncs #ieeesp2025 🧵

English

125

Marius Momeu@MariusMomeu·19 May

Delighted to see my mentor @vkemerlis from @BrownCSDept presenting our work (SafeSlab, CCS'24; ISLAB, AsiaCCS'24; xMP, S&P'20) on hardening OS kernels against memory corruption bugs!

Vasileios Kemerlis@vkemerlis

📢 Honored to return to @Yale last week to speak at the @YaleCSDept colloquium on Operating Systems security -- exactly 10 years after my first talk there on the same topic! #brownssl #browncs 🧵

English

350

Marius Momeu retweetledi

Vasileios Kemerlis@vkemerlis·8 Tem

📢@MariusMomeu at @ASIACCS2024 presenting our work on hardening SLAB-based (kernel) allocators, against memory errors, via SMAP-assisted isolation -- joint work with @TU_Muenchen, @proskurinserg, and @polychronakis | cs.brown.edu/~vpk/papers/is… | #brownssl #islab

English

3.1K

Marius Momeu retweetledi

Xinyang Ge@aegiryy·2 Eyl

We build a hybrid fuzzer for the Hyper-V hypervisor, and have caught 11 critical bugs in the most-privileged software! It enables symbolic execution over a control-flow trace logged by Intel PT, so you can enjoy fuzzing it at full speed. Full paper here: microsoft.com/en-us/research…

English

139

489

Marius Momeu retweetledi

sagitz@sagitz_·27 Ağu

I'm excited to share information about our research, in which we (+@nirohfeld) found a critical vulnerability in Azure Cosmos DB itself - effectively allowing malicious actors to fully compromise databases of thousands of customers. @wiz_io #ChaosDB chaosdb.wiz.io

English

113

222

Marius Momeu retweetledi

is-eqv.bsky.social@is_eqv·26 Ağu

@ms_s3c and I just published the code of our snapshot based hypervisor fuzzer Nyx github.com/RUB-SysSec/Nyx. Paper and talk: usenix.org/conference/use…. Stay tuned for a much more polished version at nyx-fuzz.com

English

166

Marius Momeu retweetledi

Florian Hansemann@CyberWarship·4 Haz

Windows Kernel Exploitation Tutorial Part 1: Setup rootkits.xyz/blog/2017/06/k… Part 2: Stack Overflow rootkits.xyz/blog/2017/08/k… Part 3: Memory Overwrite rootkits.xyz/blog/2017/09/k… Part 4: Pool Overflow rootkits.xyz/blog/2017/11/k… Part 5: NULL Pointer Dereference rootkits.xyz/blog/2018/01/k…

English

602

1.5K

Marius Momeu retweetledi

Jason Kint@jason_kint·28 May

incoming… google more unsealed docs, this time in the Google case led by Arizona Attorney General. The newly unsealed material is underlined in green unsealed this week (left). Last year, Google proactively unsealed less risky material (right) when Judge first ruled. /1

English

304

711

Marius Momeu retweetledi

Vasileios Kemerlis@vkemerlis·28 May

Tune in if you're interested in our work on protecting against data-only attacks using HW-assisted virtualization. #xMP: cs.brown.edu/~vpk/papers/xm… (@IEEESSP #SP20) -- Cc: @proskurinserg @MariusMomeu @s_hamedgh @polychronakis

Hiet Guillaume@GuillaumeHiet

May 28th silm-seminar.gitlabpages.inria.fr/season2/episod… - 14:00 CET - F. Guihéry @_sygus: OpenDTeX: secure boot and secure enclave by leveraging Intel TXT DRTM technology - 15:00 CET - V. Kemerlis @vkemerlis: Protecting Commodity Software against Data-only Attacks using Hardware-assisted Virtualization

English

Marius Momeu@MariusMomeu·27 May

TIL: indirect function calls casted from masked flags exist in C! Guess where I found this!?

English

Marius Momeu retweetledi

Adam J Calhoun@neuroecology·23 May

This is not a motherboard - it's the Gwangyang Steel Plant in South Korea, the world's largest steel mill

English

104

2.2K

11K

Marius Momeu retweetledi

Zuk@ihackbanme·24 May

The author of this post found the SolarWinds attack a 2-3 months before FireEye's announcement on December 8th 🤯reddit.com/r/Solarwinds/c…

English

252

Marius Momeu@MariusMomeu·14 May

@proskurinserg Congratulations!

English

Marius Momeu retweetledi

Steve Weis@sweis·1 May

“I See Dead μops: Leaking Secrets via Intel/AMD Micro-Op Caches” claims to break Spectre mitigations: cs.virginia.edu/~av6ds/papers/…

English

Marius Momeu retweetledi

Mark@offlinemark·29 Nis

Here's my favorite git feature that no one knows about: You can reference commits using the commit message instead of the hash. The ":/" syntax accepts a regex that matches any part of the commit message, returning the youngest matching commit. #Documentation/revisions.txt-emlttextgtemegemfixnastybugem" target="_blank" rel="nofollow noopener">git-scm.com/docs/revisions…

English

579

2.3K

Keşfet

@IEEESSP @vkemerlis @BrownCSDept @ASIACCS2024 @TU_Muenchen @polychronakis @nirohfeld @wiz_io