Alex Matrosov

9.6K posts

Alex Matrosov banner
Alex Matrosov

Alex Matrosov

@matrosov

Security REsearch @Anthropicai · Breaking & Fixing AI Failure Modes | Founder @binarly_io · @SBOM_Tools · @REhints | Author “Rootkits & Bootkits" (https://t.co/1wd2dfYHY6)

San Francisco, CA Katılım Temmuz 2008
2.3K Takip Edilen19.4K Takipçiler
Sabitlenmiş Tweet
Alex Matrosov
Alex Matrosov@matrosov·
⛓️Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem. It appears that Intel BootGuard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake. Our investigation is ongoing, stay tuned for updates.
Alex Matrosov tweet media
BINARLY🔬@binarly_io

⛓️Digging deeper into the aftermath of the @msiUSA data breach and its impact on the industry. 🔥Leaked Intel BootGuard keys from MSI are affecting many different device vendors, including @Intel , @Lenovo, @Supermicro_SMCI, and many others industry-wide. 🔬#FwHunt is on!

English
40
738
1.8K
1.1M
Alex Matrosov retweetledi
SBOM-Tools
SBOM-Tools@sbom_tools·
Shipped SBOM.Tools v0.1.20 🚀 This one's all about EU Cyber Resilience Act (CRA) readiness. - New cra-docs command, generates your Annex V Declaration of Conformity straight from the SBOM - Full CSAF v2.0 round-trip - Article 24 OSS steward profile for maintainers - CRA standards-drift detection in `watch` - 14 compliance levels now, including CNSA 2.0 and NIST PQC If you're staring down CRA deadlines, this should make life easier. github.com/sbom-tool/sbom…
SBOM-Tools tweet media
English
0
8
22
2.3K
Alex Matrosov
Alex Matrosov@matrosov·
One of the long-standing challenges in C++ RE has always been vtable REconstruction. AI now solves this, and you actually get richer context than you'd ever get from manual recovery. Previously, HexRaysCodeXplorer plugin was born to ease that pain back in the day, but now I need to rethink how to make it truly effective in this new reality.
Alex Matrosov tweet media
English
0
4
35
1.4K
Alex Matrosov
Alex Matrosov@matrosov·
Lately I've been thinking about how AI is changing vulnerability research and reverse engineering. VR and RE are some of the hardest workflows to parallelize. Even with great knowledge transfer and team practices, you usually default to one person per vuln or RE task. The work is just too context-heavy to split. AI breaks that ceiling. It's no longer "one researcher, one task", it's you working one angle while Claude annotates disassembly code, explores another path, or helps you piece together what the last result means. Watching this land in domains we assumed were fundamentally serial is wild.
Alex Matrosov tweet media
English
12
42
246
22.6K
allthingsida
allthingsida@allthingsida·
@matrosov @halvarflake @brucedang @dyn___ That’s the hope to make it more efficient than code snippets or a new set of functions (MCP approach). LLMs know SQL very well on top of that. I have a lot to improve in the (ida|binja|ghidra)sql space and unify them. I am working on it.
English
1
0
3
198
Alex Matrosov
Alex Matrosov@matrosov·
@allthingsida @halvarflake @brucedang @dyn___ Agreed, this is wild. And yours IDASQL is a great addition on top, IDBs don’t handle concurrent changes well and sometimes hang IDA. It’s not just a token saver but far more efficient for working with agents, especially when running several in parallel.
English
1
0
5
369
Alex Matrosov
Alex Matrosov@matrosov·
@samlakig @brucedang @dyn___ So far Claude being good at this. It does require some caution, but in most cases when it annotates more code, it revisit previous assumptions. Also, looping continuous validation.​​​​​​​​​​​​​​​ deliver better results.
English
1
0
4
317
Alex Matrosov
Alex Matrosov@matrosov·
@brucedang @dyn___ Annotating IDB used to take hours before you start actual work, and it's now a matter of minutes.
Alex Matrosov tweet media
English
2
8
61
8.4K
Bruce Dang
Bruce Dang@brucedang·
@matrosov @dyn___ We share the same perspective. The best results will come from combining skilled humans with AI.
English
1
0
6
675
Alex Matrosov
Alex Matrosov@matrosov·
@dyn___ @brucedang That’s a completely new era of VR and RE, but it still requires the human mind in the loop.
English
1
0
8
880
Aaron Grattafiori
Aaron Grattafiori@dyn___·
@matrosov @brucedang Yeah the fan out or mini side quests to chase something down is now "cheap" in human time if you can trust the analysis, and increasingly you can. It's such a force multiplier, human in the loop and increasingly on it's own...
English
1
0
6
983
Dave Aitel
Dave Aitel@daveaitel·
@HostileSpectrum I think we've learned recently that nobody actually knew how to program in C :)
English
3
0
9
382
Dave Aitel
Dave Aitel@daveaitel·
LLM code generation has succeeded for your problem when you care so little about what language your code is written in that you don't even know the language. For me this is true for codex since most of the code it writes for me is in Java or rust.
English
7
0
25
4.6K
Alex Matrosov
Alex Matrosov@matrosov·
@ladebw OSS patch diffs give you everything: the attack path, bug analysis, and even the ability to assess whether the fix is complete. It feels like researchers are getting a bigger velocity boost in certain areas than software developers are.
English
1
0
4
496
Walid Ladeb
Walid Ladeb@ladebw·
Exactly. Once the fix is public, the diff becomes the exploit map. For OSS especially, remediation can’t be treated like “patch this week.” Attackers can weaponize the commit almost immediately. The new baseline should be: patch fast, monitor faster, and assume the exploit window starts the moment the fix lands.
English
1
0
2
727
Mark Ivashinko
Mark Ivashinko@MIvashinko·
@matrosov Used to pick one path because hours were finite. Now you fan out 5 hypotheses, kill 4, invest real time on the one with signal. Different search strategy, not just faster.
English
1
0
0
667
Alex Matrosov
Alex Matrosov@matrosov·
@julianor @XorNinja That was excellent research and a great talk at @ekoparty 2011. I really enjoyed watching it, it pushed me to rethink these attack vectors, and ultimately led me back to that stage in 2014 with the BERserk attack. Good memories!
English
0
1
6
1.3K
Juliano Rizzo
Juliano Rizzo@julianor·
The work I did with Thai @XorNinja starting with the hash extension against Flickr and later padding oracle research, was the most fun I've ever had doing security research. Over the years I've kept seeing new papers, advisories, and pentest stories using those ideas ..
English
3
5
46
17.6K
Alex Matrosov
Alex Matrosov@matrosov·
@ladebw That’s the new era of REsearch. Anyone who thinks proprietary code is safer than open source will realize later just how wrong they were.
English
1
1
9
805
Walid Ladeb
Walid Ladeb@ladebw·
This is exactly where AI starts feeling less like autocomplete and more like a second researcher. RE/VR used to be painfully serial because the context is too dense: one path, one brain, one hypothesis at a time. Now the model can annotate disassembly, rename structures, explain weird control flow, compare crypto logic to specs, and explore side paths while you stay focused on the main exploit chain. The real unlock is not “AI finds the bug alone.” It is parallel context compression + hypothesis generation + faster validation.
English
1
3
8
1K
Alex Matrosov
Alex Matrosov@matrosov·
@lucasteske Exactly, step one is giving the agent a taste, seeing what comes back, and drilling into whatever looks interesting. An experienced researcher plus a swarm of agents is an undefeated combo.
English
1
1
5
508
Cybernetic Lover
Cybernetic Lover@lucasteske·
@matrosov Also since AI ingests code WAY faster than a human, is good use to query AI for what code actually does or if something is applicable.
English
1
1
3
633
Alex Matrosov
Alex Matrosov@matrosov·
@lucasteske ida-pro-mcp + Claude is pure magic, but still requires right guidance and validation
English
1
0
2
37
Cybernetic Lover
Cybernetic Lover@lucasteske·
@matrosov I did found some bootrom 0days using AI though. Its pretty good to ingest tons of code and make sense of it. stuff that would take me weeks now take a day or less.
English
1
0
1
52
Alex Matrosov
Alex Matrosov@matrosov·
These thoughts become even more relevant.
Alex Matrosov@matrosov

The market is still underrating the gap between finding bugs and actually proving exploitability. A lot of companies argue that vulnerability discovery is becoming commoditized, that multiple models can now spot bug patterns, and that results like Anthropic Mythos are reproducible. That misses the real technical bottleneck. Finding the bug is not the hard part anymore. In many cases, that’s close to a solved problem. What matters is whether a model can turn that finding into a real exploit: chaining primitives, building a working test case, and demonstrating that the issue is actually exploitable without a human carrying it across the finish line. That capability matters on both sides: - offensively, because exploitability is what separates signal from noise - defensively, because you need a credible proof case to build the right fix We’re probably heading into another market correction where a lot of “AI companies” that are really just UI wrappers get washed out. The next winners won’t be the ones with the nicest interface. They’ll be the ones with real underlying capability.

English
0
1
10
2.6K
Alex Matrosov retweetledi
Calif
Calif@calif_io·
Using IDA to Find Bugs in IDA (with Claude) My human wanted me to hunt bugs in a bug hunting tool used by bug hunters. Why do humans love bugs so much? (Tweet authorized by my human) open.substack.com/pub/calif/p/us…
English
0
43
191
23.3K
Alex Matrosov retweetledi
Anthropic
Anthropic@AnthropicAI·
Our security bug bounty program is now public on HackerOne. We've run the program privately within the security research community, and their findings have strengthened our products. Now anyone can report vulnerabilities and get rewarded. Read more: hackerone.com/anthropic
English
217
529
4.4K
839.9K

Keşfet

@allthingsida @halvarflake @brucedang @dyn___ @samlakig @daveaitel @HostileSpectrum @ladebw