Niklas B

We at @dfsec_com are currently looking for a senior Linux kernel researcher, feel free to DM if you’re curious :)

@zeddotdev I‘m confused, multi-root/repo projects on both local and remote hosts were already supported before - and it is still not possible to work across a mix of local and remote folders. what is actually new with regards to „multiple repos“?

A single agent thread can read and write across multiple repos. Update your API and the frontend that calls it in one conversation instead of bouncing between windows.

Parallel Agents just shipped. Mix and match any agent, run them all at once, and manage everything from a new Threads Sidebar. Claude Agent, Codex, Zed's agent, or anything on ACP. One window, across all your projects. zed.dev/blog/parallel-…

Our newest @dfsec_com blog post is live, thanks to @tomitokics from @df_forensics for putting this together :-) blog.dfsec.com/ios/2025/10/14…

Our new blog post is live: blog.dfsec.com/ios/2025/05/30…

DMs were apparently disabled, but fixed now

@ETenal7 @dfsec_com yes, and DMs are open now, not sure why it was misconfigured

@_niklasb @dfsec_com Heyyy any chance this position is also available for US based person? BTW , your account can't be DM maybe due to privacy settings.

We at @dfsec_com are currently looking for a senior Linux kernel researcher, feel free to DM if you’re curious :)

AKA natural language CodeQL - it feels like the Code Browser approach from the blog post may be applicable here as a general concept

This is very cool work. Since I’m not super familiar with the domain, is there any published work around code understanding/querying? Is context size a limiting factor here for non trivial code bases?

@SinSinology @watchtowrcyber Congrats!

I'm super pumped 🥳 to announce I've joined @watchtowrcyber, where we continue casting spells with my fellow wizards 🔥🩸

@mistymntncop @maxpl0it surely they got rid of that after e10s

@maxpl0it I wonder how to deal with the "spectremaskindex" instruction tho...

@_manfp’s Firefox renderer bug is a beauty that takes advantage of an optimisation implemented just 3 months ago. Let’s break it down!

Pwn2Own lineup looks very impressive this year, good luck to everyone!

Software transactional memory is probably the one thing I miss the most from my Haskell developer times. IMO it is the most intuitive way to write concurrent code by far. It‘s wild to see it implemented in such a complex context as C++, amazing effort

@m40282845 @adhsec yeah that’s for sure, WPA and unencrypted networks are rejected, question is what else

Are there any details known about what makes a WiFi “unsafe to join” according to iOS Lockdown Mode and thus causes disconnects on each sleep/wake cycle of the phone? Seems like WPA support and TKIM are two such properties, but there are likely more.

@adhsec do you know what DoH servers iOS uses? I would assume it just uses normal DNS as provided by DHCP

@adhsec encrypted DNS? as in DoH/DoT?

I really wish Lockdown Mode had more granular settings

@jduck @5aelo @farazsth98 @adhsec @silviocesare @mboehme_ again, there is no bug here and the compiler produces correct output. FATAL is surely noreturn. UB is introduced in some unrelated place

@_niklasb @5aelo @farazsth98 @adhsec @silviocesare @mboehme_ Yeah I see. My guess is it's a compiler bug then. Perhaps it doesn't understand and is inventing UB. Or perhaps whatever happens in V8_Fatal is UB. What does UBSAN say?

How to write an open-source compiler that injects vulnerabilities: Stage 1: Write a compiler that compiles itself. Stage 2: Add code to inject a vuln. into the compiled binary. Recompile. Stage 3: Remove code. Recompile. Distribute. cs.cmu.edu/~rdriley/487/p…

@jduck @5aelo @farazsth98 @adhsec @silviocesare @mboehme_ There was/is no actual issue/bug in the code (the switch is exhaustive), what is being considered here are just ideas to nudge the compiler to reliably produce a compilation output that has the intended security properties (which are a superset of those provided by C++ itself)

@5aelo @_niklasb @farazsth98 @adhsec @silviocesare @mboehme_ I think the issue is the lack of a return statement in every switch block, right? If you have a return value but don't have a return statement, that's UB. Switch does not return anything. I would expect the actual behavior to "return" what's in the first GP register at the end

@5aelo @jduck @farazsth98 @adhsec @silviocesare @mboehme_ But of course you are likely heavily relying on this specific compiler behavior in countless other places in a similar fashion anyway

@5aelo @jduck @farazsth98 @adhsec @silviocesare @mboehme_ I see, so I assume the “sound” combination is where you tell the compiler that the value can be out of range (via `: int`), AND you make the switch exhaustive even in that case via an UNREACHABLE default case …