Cristofaro Mune

Humbled to share I will be keynoting at LangSec 2025. I am thankful for such a unique honor, at one of the most prestigious security venues in the world.

My talk at RE//verse is online, pure geek entertainment youtube.com/watch?v=UKGH_Y… Slides #slide=id.g58816a5281_0_0" target="_blank" rel="nofollow noopener">docs.google.com/presentation/d… CosmicHammer project - send us your bitflips github.com/fuzzsociety/Co… Please give it some RT love, this is the ultimate twist of rowhammer @halvarflake @moyix

Part 3 of my (S)AGE journey... Part 4 this weekend; the final chapter in what has been an epic adventure of what happens when you truly see how much further curiosity can go... @dhillon.andrew/i-built-memory-infrastructure-for-ai-agents-and-they-started-learning-on-their-own-81825f96f985" target="_blank" rel="nofollow noopener">medium.com/@dhillon.andre… #sage cc @41414141

Spread the word! @phrack CFP with demoscene cracktro is live. Turn up the volume and enjoy the awesome stylings of @PiotrBania with some hopefully inspiring text from phrack staff :) phrack.org

Lands of Packets TTL exceeded. I would like to collect texts from the scene about FX in his memory. A collection of obituaries that will then be posted on phenoelit.de. If anyone would like to contribute, please contact me. Mail: joernchen@phenoelit.de Signal: jrn.07

Everyone today is a hacker in a sense but there are very few OG hackers on which shoulders we stand Oh dude, Felix “FX” Lindner you were so much a hackers hacker and you will be missed RIP my friend and thank you

We found that Wi-Fi client isolation can often be bypassed. This allows an attacker who can connect to a network, either as a malicious insider or by connecting to a co-located open network, to attack others. NDSS'26 paper: ndss-symposium.org/wp-content/upl… GitHub: github.com/vanhoefm/airsn…

@richinseattle Yep. Margins on consumer devices are razor thin. Another reason: OEMs build on long supply chains. Bugs at "foundational" layers go upward the chain. May affect multiple products/OEMs. Months/1yr for patch to reach OEM level not uncommon. Patch Tuesdays for devices? I wish 😄

The IoT device industry is one of razor thin margins. When you report bugs sometimes it takes a year+ to patch if it's not a more modern company like DJI. pwn2own pays millions a year in bounties demonstrating low bars in IoT security. This area is ready for disruption by LLM code analysis.

Exploitability analysis: Beyond bugs found, there is a real problem to distinguish bugs that are "benign" from those that are exploitable security vulnerabilities. It takes expert exploiters, and teams are already maxed out. AI bug finding is making this harder to scale.

Over the CNY holidays, I decided to build something that imho is 'peak agentic AI' 🤣 - the world's first self-evolving CTF platform! AI agents design, validate, calibrate, and evolve security challenges autonomously. levelupctf.com Here's the full story 🧵

@tieknimmers watching your talk made me think of trying it out for fun :)

The LangSec'26 IEEE Security & Privacy workshop call for papers will remain open until February 13. Please submit your work & join us on May 21, 2026 in San Francisco! langsec.org/spw26/

🚨 REcon 2026 is LIVE! 🚀 Call for papers and registration are now open! Join the world's top reverse engineers & exploit devs in Montreal: 🛠 Trainings: June 15-18 (19 hands-on classes – AI agents, kernel exploits, Rust/Go reversing, fault injection & more!) 📅 Conference: June 19-21 Tickets & early bird now open → recon.cx Shoutout to the legends teaching: @SinSinology @KyleMartin @MalachiJonesPhD @andreyknvl @mr_phrazer @yarden_shafir @DrCh40s @pulsoid + more elite instructors! See website for all trainers and session info. Limited spots – see you in MTL! #REcon2026 #ReverseEngineering

This closes an open problem on existence of 2D physical Turing complete systems. A conjecture by Cris Moore.

Fascinating paper just published in Science. The authors analyze the career trajectories of top performers across multiple domains, including Nobel laureates, elite chess players, Olympic gold medalists, and more. Their central finding challenges a common belief. Intensive, single-discipline training at a young age does confer an early advantage, but this advantage fades over time. By contrast, individuals exposed to multidisciplinary practice early in life tend to start more slowly. Yet, over the long run, they are more likely to reach world-class performance, eventually overtaking early specialists, who often plateau just below the very top. An important reminder that breadth early on can be a powerful investment in long-term excellence. Link to the paper in the first reply.

As a university professor, I rarely hear from students after the final exam. However, there are always a handful of students who will send personal notes or emails after the semester is over. These mean more to me than you could possibly imagine. Students, if you enjoy the class, let the teacher know. They truly love hearing it.

Training Ticket Shop for #offensivecon26 is now open. The content of our 2026 trainings is unique and exclusive to OffensiveCon, so don’t miss out. 🔥 New this year: Get your training + conference ticket bundle - you have the opportunity to secure a conference ticket before the conference ticket shop opens! You can also get a training ticket only... Training tickets: buff.ly/z8YNgoY And the conference ticket shop? Oh, it’ll open… sometime in the next 5 months. Stay tuned.👀

This strange square 👇 is undoubtedly the most extraordinary work of literature in human history. Yet, unfortunately, barely anyone in the West has ever heard of it. There was this woman poet in 4th century China called Su Hui (蘇蕙), a child genius who had reportedly mastered Chinese characters by age 3. At 21 years old, heartbroken by her husband who left her for another woman, she decided to encode her feelings in a structure so intricate, so beautiful, so intellectually staggering that it still baffles scholars to this day. Came to be known as the Xuanji Tu (璇璣圖) - the "Star Gauge" or "Map of the Armillary Sphere" - it's a 29 by 29 grid of 841 characters that can produce over 4,000 different poems. Read it forward. Read it backward. Read it horizontally, vertically, diagonally. Read it spiraling outward from the center. Read it in circles around the outer edge. Each path through the grid produces a different poem - all of them coherent, all of them beautiful, all of them rhyming, all of them expressing variations on the same themes of longing, betrayal, regret, and undying love. The outer ring of 112 characters forms a single circular poem - believed to be both the first and longest of its kind ever written. The interior grid produces 2,848 different four-line poems of seven characters each. In addition, there are hundreds of other smaller and longer poems, depending on the reading method. At the center a single character she left implied but unwritten: 心 (xin) - "heart." Later copyists would add it explicitly, but in Su Hui's original the meaning was even more beautiful: 4,000 poems, all orbiting the space where her heart used to be. Take for instance the outer red grid of the Star Gauge. Starting from the top right corner and reading down, you get this seven-character quatrain: 仁智懷德聖虞唐， 貞志篤終誓穹蒼， 欽所感想妄淫荒， 心憂增慕懷慘傷。 In pinyin, it is: Rén zhì huái dé shèng yú táng, zhēnzhì dǔ zhōng shì qióng cāng, qīn suǒ gǎnxiǎng wàng yín huāng, xīn yōu zēng mù huái cǎn shāng. Notice how it rhymes? táng / cāng / huāng / shāng The rough translation in English is: "The benevolent and wise cherish virtue, like the sage-kings Yao and Shun, With steadfast will I swear to the heavens above, What I revere and feel - how could it be wanton or dissolute? My heart's sorrow grows, longing brings only grief." Now read it from the bottom to the top and you get this entirely different seven-character quatrain: 傷慘懷慕增憂心， 荒淫妄想感所欽， 蒼穹誓終篤志貞， 唐虞聖德懷智仁。 The pinyin: Shāng cǎn huái mù zēng yōu xīn, huāngyín wàngxiǎng gǎn suǒ qīn, cāngqióng shì zhōng dǔzhì zhēn, táng yúshèngdé huái zhì rén. It rhymes too: xīn and qīn, zhēn and rén And the meaning is just as beautiful and coherent: "Grief and sorrow, longing fills my worried heart, Wanton and dissolute fantasies - is that what you revere? I swear to the heavens my constancy is true, May we embody the sage-kings' virtue, wisdom, and benevolence." That's just 2 poems out of the over 4,000 you can construct from the Xuanji Tu! At the very center of the grid, the 8 red characters wrapped around the central heart, she "signed" her poem with a hidden message: 詩圖璇玑，始平蘇氏。 "The poem-picture of the Armillary Sphere, by Su of Shiping." Or reversed: 蘇氏詩圖，璇玑始平。 "Su's poem-picture - the Armillary Sphere begins in peace." Many scholars, and even emperors, throughout Chinese history have been completely obsessed by Su Hui's puzzle. For instance, in the Ming dynasty, a scholar named Kang Wanmin (康萬民) devoted his entire life to the poems (kangshiw.com/contents/461/2…), ending up documenting twelve different reading methods - forward, backward, diagonal, radiating, corner-to-corner, spiraling - and extracting 4,206 poems. His book on the subject ("Reading Methods for the Xuanji Tu Poems", 璇璣圖詩讀法) runs to hundreds of pages. Empress Wu Zetian herself, the legendary woman emperor of the Tang dynasty, wrote a preface to the Xuanji Tu around 692 CE (baike.baidu.com/item/%E7%BB%87…). Incredibly, there's even far more complexity to the Xuanji Tu than just the poems: - The name 璇玑 (Xuanji) - Armillary Sphere - is astronomical in meaning and the way the poems can be read mirrors the way celestial bodies orbit around a fixed center. It's a model of the heavens. - Her original work, with the characters woven on silk brocade, was in five colors (red, black, blue/green, purple, and yellow) which correspond to the Five Elements (五行) - the foundational Chinese philosophical system that explains how the universe operates. So it's also a model of the entire cosmic order according to ancient Chinese philosophy. - It's also of course deeply mathematical with this 29 x 29 perfect square grid, with sub-squares, lines and rectangles, and a structure which allows for symmetrical reading patterns in all directions - Last but not least, the content of the poems themselves contain multiple registers. On top of expressing her personal grief and longing for her husband, it's also filled with accusations against the concubine (Zhao Yangtai) he left her for, reflections on politics (with many references to sage-kings) and philosophical reflections. So the Star Gauge is simultaneously: - A love letter (expressing personal longing) - A legal brief (arguing her case against her rival) - A cosmological model (structured like the heavens) - A Five Element diagram (encoding the fundamental structure of the world according to ancient Chinese philosophy) - A mathematical construction with perfect symmetry and precision And yet, for all this complexity, we should not forget this was all ultimately in service of the simplest human message imaginable: a 21-year-old woman asking the love of her life "come back to me". Her husband did, eventually. According to what empress Wu Zetian herself wrote in her preface to the Xuanji Tu, when he received Su's brocade he was so "moved by its supreme beauty" that he sent away his concubine and returned to his wife. As the story goes, they lived together until old age. The heart at the center was filled after all.

"What I cannot create I do not understand" Feynman's blackboard note blended together what a scientist, a physicist, a hacker is. Respect.

Sweet talk, enjoyed it! Xingyu Jin (@1ce0ear) & Martijn Bogaard (@jmartijnb) – Dirty Ptrace: Exploiting Undocumented Behaviors in Kernel mmap Handlers 🐧🛠️ #POC2025

[POC2025] SPEAKER UPDATE 👥 Xingyu Jin(@1ce0ear) & Martijn Bogaard - "Dirty Ptrace: Exploiting Undocumented Behaviors in Kernel mmap Handlers" #POC2025