Alexander Ermolov

Bug count != exploitable bug. Finding != chaining. LLMs are exceptional at pattern recognition on known bug classes. They are not reasoning about novel failure modes in complex multi-component systems. The hard bugs still require humans. voidsec.com/ai-vulnerabili…

New blog post: exploring NVIDIA’s open-source GPU drivers. Kernel modules, IOCTL attack surface, mmap primitives, UVM internals, and CPU↔GPU interactions (pushbuffers → firmware). Not just graphics: a large, exposed kernel surface. fuzzinglabs.com/exploring-nvid…

Don't want to cry wolf just yet, but this magenta-boxed part of LOTS of Insyde H2O-based UEFI FWs is highly suspicious, even if they are currently empty. Neither BootGuard nor FlashDeviceMap covers those volumes, and presence of PEI deps section suggests they are processed.

Intel SGX has fallen! Its most important key is in our hands: we extracted the Global Wrapping Key from an instance of the Intel Gemini Lake platform

Slides and demos for our @REverseConf talk by @francesco_ev and @xorpse are up! If you missed the conference, now's you're opportunity to take a look at the talk content and demos. Slides & demos: github.com/binarly-io/Res… VulHunt framework: vulhunt.re

Vulhunt is now open-source, this is a game changer: github.com/vulhunt-re/vul… @binarly_io @vulhuntdev

We @binarly_io just open-sourced our VulHunt framework at @REverseConf! GitHub: github.com/vulhunt-re/vul… Documentation: vulhunt.re/docs Slack: join.slack.com/t/vulhunt/shar… vulhunt.re

I'm pleased to announce a new release of the Rust bindings for @HexRaysSA IDA SDK! This release includes v9.3 compatibility. Code: git.idalib.rs Docs: docs.idalib.rs Thank you to @yeggorv who contributed to this release, and to @HexRaysSA for their support.

Published my OFFZONE 2025 presentation slides (in Russian) on GitHub: github.com/NikolajSchlej/… Had a great time at the conf, kudos to Bi.Zone and other sponsors and crew members for organizing and running it.

🔍 Full paper: 📄 syssec.kaist.ac.kr/pub/2025/LLFuz… 💻 github.com/SysSec-KAIST/L… (coming soon) 📢 USENIX Security 2025 Authors: @hdtuanss , @ohtaekk_ , @cheoljun_p, @insu_yun , @yongdaek #LLFuzz #BasebandSecurity #Fuzzing #CyberSecurity #USENIXSecurity

ZeroNights CFP is open 🔥 Long time no see. ZN will take place on Nov 26, 2025 zeronights.ru The program committee is accepting talks in Offensive and SecOps tracks, rewarding exclusive in-person presentations Submit cfp.zeronights.ru/zeronights-202… @cfptime

Published the third part of my blog series about Hydroph0bia (CVE-2025-4275) vulnerability, this one is about the fix as Insyde applied it, and my thoughts on improvements for it. coderush.me/hydroph0bia-pa…

Preliminary analysis shows that Insyde fixed Hydroph0bia (CVE-2025-4275) by forcefully removing the NVRAM vars that lead to exploitation during SecureFlashDxe driver startup, and setting a restrictive variable policy for them, so such vars can't be set from the OS anymore.

Published, go check it out, it is a fun ride indeed: coderush.me/hydroph0bia-pa… Part 3 will be done when I see how Insyde fixed the vulnerability and if we could do something about that fix.

🚨Binarly is documenting the discovery of CVE-2025-3052, a memory-corruption flaw in a Microsoft-signed UEFI module that lets attackers bypass Secure Boot and run unsigned code before the OS starts. 🔗 Full details: binarly.io/blog/another-c… 🛡️ Advisory: binarly.io/advisories/brl…

The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup: coderush.me/hydroph0bia-pa…

Together with @AlexTereshkin we managed to summarize NVIDIA Offensive Security Research (OSR) work on breaking BMC (reference to our DefCon talk youtube.com/watch?v=dbJQIQ…). This blog post also includes a link to the full paper.

If for some reason #semgrep doesn’t fit your use case, here’s a port of my C vulnerability research ruleset to #weggli: github.com/0xdea/weggli-p… Read the linked blog post and check it out!

We're are happy to announce a new release of our #Rust bindings for @HexRaysSA idalib. What's new: - New APIs for working with IDBs, segments, and more - Rust 2024 support - New homepage: idalib.rs H/T to our contributors @yeggorv & @0xdea github.com/binarly-io/ida…

Gave a talk on external fuzzing of Linux kernel USB drivers with syzkaller at SAFACon by @SAFATeamGmbH. Includes a demonstration of how to rediscover CVE-2024-53104, an out-of-bounds bug in the USB Video Class driver. Slides: docs.google.com/presentation/d…