Sn0rkY

Slides of our talk “Turning your BMC into a revolving door” are online airbus-seclab.github.io/ilo/ZERONIGHTS… #Zeronights cc: Alex.G @0xf4b @ZeroNights @AirbusSecLab @Synacktiv

@ch0ks @BSidesSF Please share your slides after the conference 🤓

Speaking at @BSidesSF 2026 Sunday 4:10pm PDT AMC Theatre 10! From Noise to Notes: Orchestrating SAST with Developers through AI-Driven Remediation Lessons from rolling out SAST: cut noise, rebuild trust, measure adoption, use AI (Vibe Security Patching) to remediate findings.

@matthias_kaiser All the best man 🤘

This week is my last week at my current employer. The last few months were quite intense, so after 18 months, I finally made the decision to start working as an independent vulnerability researcher. I wish the company all the best and speedy recovery. 1/2

I infected my iPhone with the ‘Coruna’ spyware. Here’s what I found. youtu.be/XQvZ2mLnZVI

@theevilbit Excellent 🤩 good luck and keep us posted on your progress

After long time planning, last week I have started my UIMLA International Mountain Leader training, which will take minimum of 2 years. I will be around IT for long time, but I eventually plan to take people to the mountains as well. IFMGA/UIAGM (guides) and UIMLA (leaders) are the only two globally recognized, international certifications for mountain professionals. IFMGA covers technical, glacial, and high-altitude mountaineering, whereas UIMLA focuses on trekking, hiking, and snowshoeing in non-technical terrain.

@ITSecurityguard @domchell Excellent write up 🤓 thanks for sharing this

I finally let Claude do my pentest this week. Full 5-day engagement, zero human input. Here's what the client got: 😏 clawd.it/posts/10-repla… #bugbounty #pentesting #AI #cybersecurity #infosec #claudeai

@matrosov All the best with your next gig Alex !

To the Binarly Board, Team, Investors, Partners, and Community: When I started Binarly, we weren’t trying to build another “security” company. We built Binarly to solve a problem that the industry kept ignoring: You can’t secure what you can’t see, and in the software supply chain, too much is invisible. Over the last five years, we built something real. We advanced the state of the art in program analysis, accelerated real-world AI adoption, and raised the bar for vulnerability research. We brought supply-chain security out of theory and into production. We shipped the most advanced product in the market, and we launched open-source projects that have helped raise the bar for the entire industry. Most importantly, we built a team that refuses to accept limits, people who keep going after the hard problems because they matter. That day is now. Not because my passion is gone; far from it. But because it’s time for me to pursue new ventures and contribute in new ways. I’m incredibly proud of what we’ve built, and I’m confident in what comes next. Binarly is entering its next phase, and it deserves leadership that wakes up every morning thinking about the mission: scaling this platform, always improving customer service, and winning the market. To our team: You are the reason Binarly exists and succeeds. To our investors: Thank you for your conviction, your patience, and your partnership, especially when the work was hard and the outcome isn’t guaranteed. To our customers and partners: Thank you for trusting us with mission-critical risk, for pushing us to be better, and for placing your trust in Binarly when the stakes were highest. As a continuing Board member, I will remain deeply connected to Binarly and its mission, and I’ll be cheering for this team every step of the way. With gratitude for the journey, and full confidence in the road ahead.

Lands of Packets TTL exceeded. I would like to collect texts from the scene about FX in his memory. A collection of obituaries that will then be posted on phenoelit.de. If anyone would like to contribute, please contact me. Mail: joernchen@phenoelit.de Signal: jrn.07

An interesting wrap-up presentation from the security researcher who found the COROS watch security vulnerabilities last year. Worth a watch if you're into geekery: youtube.com/watch?v=WmY9XB…

RIP @41414141 🕯️ youtube.com/watch?v=IZYQIL…

RIP my dear friend and thanks so much and you know why …

Is ESLogger or Mac Monitor your friend for dynamic malware analysis on macOS? Then i've got something that might come to use! An browser based ES/Mac Monitor log analyzer with a lot of neat features like story timelines, Sigma rule matching, an in-depth process tree analyzer and much more and the neat thing is, nothing is uploaded to any backend! I'm looking for feedback! Take a look at es.decompiler.dev #macos #malware #reverseengineering #re #ThreatHunting #dfir

Introducing Claude Code Security, now in limited research preview. It scans codebases for vulnerabilities and suggests targeted software patches for human review, allowing teams to find and fix issues that traditional tools often miss. Learn more: anthropic.com/news/claude-co…

Co-RedTeam - Orchestrated Security Discovery and Exploitation with LLM Agents - arxiv.org/pdf/2602.02164 by @Google We propose Co-RedTeam, a security-aware multi-agent framework for automatic software vulnerability discovery and exploitation, explicitly designed to overcome core limitations of existing LLM-based security systems, namely brittle single-shot reasoning, lack of execution-grounded validation, and the inability to learn from prior attacks. Inspired by how human security experts conduct red teaming, Co -RedTeam tightly integrates four capabilities essential for realistic cybersecurity tasks: security grounding, code-aware analysis, execution-driven reasoning, and experience accumulation. Authors: Pengfei He, Ash Fox, Lesly Miculicich, @stfn42, Daniel Fabian, Burak Gokturk, @tangjiliang, @chl260, @tomaspfister, Long T. Le - @michiganstateu #AISecurity #LLMAgents #RedTeaming #VulnerabilityResearch #AppSec #SecureCoding #AIForSecurity #OffensiveSecurity #AgenticAI #CybersecurityResearch #CodeAuditing #ExploitDevelopment

A small rant: The State of Art in Red Team is whatever you want to believe x-c3ll.github.io/posts/Rant-Red…

The blog with how to use the rainbow tables for Net-NTLMv1 is finally live! cloud.google.com/blog/topics/th… My slides from presenting at BRCC are still available if you're curious about how crazy of a three year journey it was to get them created. content.burningrivercybercon.com/talks/nic-losb…

How to Setup WireGuard on #OpenBSD: The Ultimate Self-Hosted VPN Guide (2026) 👉thelonestack.com/openbsd-wiregu…

@nono2357 On the “Bitcoin shop types” it will be nice to filter per country and have the map visualization 🙏

First release of my Bitcoin adoption stats page: nono2357.github.io/btcstats/ Suggestions&ideas are welcome, enjoy! 😎

Pleased to announce that I'm launching Magicall, end-to-end encrypted videoconferencing in the browser. Try it out: magicall.online

Mi serviva un tool per vedere tutto quello che parte in automatico sul Mac. Per Windows c'è Autoruns, per Mac non ho trovato nulla che facesse quello che volevo io. Quindi, come la solito... me lo sono scritto. Metto qui, magari serve anche a voi. github.com/Pinperepette/M…