Emanuele Cozzi

🚨 New research from EURECOM & Univ. of Milan! [1/3] “Unveiling BYOVD Threats: Malware’s Use and Abuse of Kernel Drivers” (to appear at NDSS’26) reveals how malware exploits signed drivers to gain kernel privileges. This work led to the discovery of 7 unknown weaponized drivers💣

Heya! Our new research on client-side game cheating & anti-cheat systems is out: birmingham.ac.uk/news/2024/wind… Joint work with Sam Collins, Alex Poulopoulos, and @TomChothia. Full paper: cs.bham.ac.uk/~tpc/Papers/An…

We are very excited to share our last research work: 𝐄𝐔𝐂𝐋𝐄𝐀𝐊, authored by Thomas Roche. An electromagnetic Side-Channel Vulnerability in the ECDSA implementation of all Infineon security microcontrollers, notably impacting all YubiKey 5 Series. ninjalab.io/eucleak/

In a few minutes I will present our work on Android evasive malware to @ASIACCS2024 [1]. What better occasion to reveal that DroidDungeon, the sandbox developed for this work, has evolved into a commercial product? Join the beta -> tnemesis.com

Excited to share (albeit with a little delay) that our @binarly_io talk about #LogoFAIL at BlackHat EU is available! Check it out to see the vulnerabilities we found in UEFI image parsing and their security implications: youtube.com/watch?v=ch0t2_…

We are setting up a user study to measure the impact of LLMs during the Reverse Engineering process. If you have ever used LLMs for reversing, click here to start the survey (5 mins) 👉 forms.gle/tKBdNjAKE5oyPq… You can leave your email address for the second phase-with prizes💰

The xz situation is absolutely insane and almost certainly state sponsored. This is an excellent example of a widely used software being maintained by basically one person. Read this web article and then frown and become sad. boehs.org/node/everythin…

🚀 BIG ANNOUNCEMENT! 🚀 The full rev.​ng decompiler pipeline is now fully open source! Also, we'll soon start to invite people to participate in the UI closed beta. Check out our latest blog post: rev.ng/blog/open-sour…

Fuzzing is hard, evaluating fuzzing is harder 🔥 For our new @IEEESSP paper, we studied 150 fuzzing evals and found issues such as lackluster documentation, bad experiment setups, or questionable CVEs 📄 Paper mschloegel.me/paper/schloege… 🔧 Help us fix this github.com/fuzz-evaluator…

I'm about 50% done integrating SAILR into angr master: github.com/angr/angr/issu… 🎉 P.S.: You can also use angr's decompiler more easily now. Try this out: ``` pip3 install angr && \ angr decompile /bin/true --functions main ```

elfconv: AOT compiler for translating Linux/aarch64 ELF → LLVM bitcode → WASM By my colleague @ming_rrr medium.com/nttlabs/elfcon…

Sono lieto di annunciare la disponibilità del primo corso di malware analysis in italiano: "Introduzione alla malware analysis: Un approccio pratico" Oltre 9 ore di corso: t.ly/WPhap (utilizzate questo link, non cercate il corso su udemy ^^) condivisione gradita :)

2024 is the year of the decompiler! Start your year off right by reading a post on the last 30 years of decompilation and one of its hardest problems: structuring! mahaloz.re/dec-history-pt1 Part 2 to be released next week.

I just published the code and hardware for Tamarin-C, the iPhone 15 USB-C exploration tool I presented at #37c3. github.com/stacksmashing/…

As WOOT becomes a more formal Conference, we want to keep receiving industry submissions! WOOT experiments a new model: in addition to the academic submissions, there is a practitioner's track. Submit a draft early, inerract with reviewers to get this written as a paper.

They HACKED A TRAIN. For real. Train operators asked for this to see why their trains didn't run after servicing. Turns out that vendor/producer implemented a geofence lock for trains serviced somewhere else. Amazing story, one of the best hacks in 2023. @q3k/111528165627522619" target="_blank" rel="nofollow noopener">social.hackerspace.pl/@q3k/111528165…

Check it out, it's tmp.0ut Volume 3! tmpout.sh/3/

New write-up on an Intel Ice Lake CPU vulnerability, we can effectively corrupt the RoB with redundant prefixes! 🔥 An updated microcode is available today for all affected products, cloud providers should patch ASAP. lock.cmpxchg8b.com/reptar.html

I'm excited to announce a new decompilation control flow structuring algorithm, SAILR, which is the first to precisely revert compiler optimizations in decompilation. Find out how in our USENIX 2024 paper: zionbasque.com/files/publicat…. Code, info, and links in the 🧵

Earlier this year @AmnestyTech and @_clem1 from Google TAG found an in-the-wild iPhone zero day full chain. Today I’m publishing my analysis of the Safari sandbox escape component, the first in-the-wild sample to break into the new Safari GPU process.