Yoav Alon

630 posts

Yoav Alon

@yoavalon

CTO @orcasec | I tweet about fuzzing, bugs, and all that security jazz

Katılım Nisan 2014

381 Takip Edilen1.8K Takipçiler

Yoav Alon retweetledi

𝙿𝚊𝚟𝚎𝚕 𝙶𝚞𝚛𝚟𝚒𝚌𝚑@PashaGur·28 Şub

Being an Israeli CEO since 2019 is basically very much like: while True: slack_team(f"Don't come to the office today due to: {random.choice(['pandemic', 'war', 'sirens', 'protests', 'shenanigans'])}")

English

516

32.9K

Yoav Alon retweetledi

Yaron Dinkin@ydinkin·23 Şub

Joining the agentic vuln research hype, @EyalKraft and I did something. Unfortunately, it worked better than we hoped. We spent a few weeks building an agentic loop that reverse-engineers and exploits kernel drivers. We already found 100+ exploitable drivers. (link below)

English

281

38.8K

Yoav Alon retweetledi

Dmitry Vyukov@dvyukov·23 Şub

syzkaller/syzbot now has AI agentic framework for kernel bug fix generation, bug assessment, security triage, POC generation, etc: groups.google.com/g/syzkaller/c/… Includes set of tools to build kernels, navigate/edit source, test reproducers, etc. Contributions/research are welcome.

English

127

10.9K

Yoav Alon@yoavalon·14 Şub

Very cool! And with the advent of coding agents I believe annotations will come sooner rather than later

Marco Elver@maelver

Clang's -Wthread-safety, named "Context Analysis" for the Linux kernel finally merged after a year's worth of work: git.kernel.org/torvalds/c/092… docs.kernel.org/next/dev-tools… Currently opt-in; go and set 'CONTEXT_ANALYSIS := y' for any kernel code you're developing. Needs Clang 22+.

English

490

Yoav Alon@yoavalon·17 Eki

@roeeshenberg Elaborate please?

English

104

Roee Shenberg@roeeshenberg·17 Eki

Wanted to replicate modded-nanogpt to try out a small idea to accelerate convergence. "Let's try runpod, it'll be simple." Big mistake. Gimme back VMs, this isn't functional...

English

215

Yoav Alon retweetledi

Armin Ronacher ⇌@mitsuhiko·8 Ağu

Recorded some updated thoughts on agentic coding tools if someone is curious.

English

761

44.4K

Yoav Alon retweetledi

Rob Zolkos@robzolkos·2 Ağu

@badlogicgames "includeCoAuthoredBy": false In ~/.claude/settings.json

English

2.4K

Yoav Alon retweetledi

Bryan Cantrill@bcantrill·30 Tem

Our $100M Series B oxide.computer/blog/our-100m-…

English

987

148.3K

Yoav Alon@yoavalon·17 Tem

🔍 Calling all **#CloudSecurity** Researchers! 🛡️ Lead Cloud Runtime Sec Eng @orcasec 🇵🇱 Hybrid (Poland/Warsaw) 🎯 Build & Research runtime engine (Go/C++/eBPF/AI) 👉 onthespotdev.com/positions/clou… #InfosecJobs #Hiring

English

281

Yoav Alon@yoavalon·26 Haz

@mitsuhiko Has a very similar experience

English

101

Armin Ronacher ⇌@mitsuhiko·26 Haz

So far my experience with Gemini Code is … not amazing. It's really bad at actually doing edits. It's sometimes marinating for 5 minutes for a basic edit.

English

129

12.7K

Yoav Alon@yoavalon·28 May

@jarredsumner @charliermarsh please do the same for uv 🙏🏻

English

Jarred Sumner@jarredsumner·28 May

In the next version of Bun `bun init` detects if you're using Cursor and adds a Cursor rule to guide the agent to use Bun's CLI & APIs

English

1.2K

72.6K

Yoav Alon retweetledi

Felix Geisendörfer@felixge·20 Ara

🔭🐶 Exciting news: @datadoghq has announced our intend on donating our new Go auto-instrumentation framework to @opentelemetry.

Felix Geisendörfer@felixge

Manually instrumenting Go applications for observability has always been a time-consuming challenge. Solutions based on binary patching and eBPF have attempted to solve this, but they often come with undesirable tradeoffs. That’s why we built Orchestrion … 🧵

English

110

12.5K

Yoav Alon retweetledi

Ivan Fratric 💙💛@ifsecure·15 Kas

Domato Lives! Today, we merged a WebGPU fuzzer written by @btiszka who used it to find several serious bugs in Chrome. Check it out at github.com/googleprojectz…. Potentially also interesting for other browser vendors working on their own WebGPU implementation ;)

English

11.3K

Yoav Alon@yoavalon·17 Eyl

🇵🇱 Polish Security Experts! 🛡️ We're hiring a Security Researcher for our R&D team. Work with cutting-edge tech (eBPF, Linux, K8s, Malware analysis) to fight cybercrime! join.onthespotdev.com/runtime-securi… RTs appreciated for reach! 🙏 #CloudSecurity #CybersecJobs #PolishTech

English

1.6K

Yoav Alon retweetledi

Snyk@snyksec·11 Eyl

Snyk 🤝 @orcasec Together, we're revolutionizing DevSecOps. 💪 Learn how our strategic partnership provides unparalleled visibility into risks throughout the entire app lifecycle - from dev to runtime. #AppSec #CloudSec snyk.co/uhrWl

English

814

Yoav Alon retweetledi

Justin Elze@HackingLZ·16 Ağu

This was useful github.com/cxiao/rust-rev…

English

265

23.9K

Yoav Alon retweetledi

Ido Frizler@idofrizler·27 Tem

עכשיו במהדורת RGB מיוחדת עם 16,777,216 עמודים: פיל עם קרחת, את השיער לא חופף. חלמתי על פיל בצבע #A8E04F

עברית

441

20.2K

Yoav Alon retweetledi

Tal Be'ery@TalBeerySec·25 Tem

1/ A world first reverse engineering analysis of AWS Session Tokens. Prior to our research these tokens were a complete black box. Today, we are making it more of a glass box, by sharing code and tools to analyze and modify AWS Session Tokens. @TalBeerySec/revealing-the-inner-structure-of-aws-session-tokens-a6c76469cba7" target="_blank" rel="nofollow noopener">medium.com/@TalBeerySec/r…

English

154

442

57.8K

Yoav Alon retweetledi

shubs@infosec_au·11 Tem

Our security researcher @hash_kitten found one of the most critical exploit chains in the history of @assetnote. Affecting 40k+ instances of ServiceNow, we could execute arbitrary code, access all data without authentication. You can read our blog here: assetnote.io/resources/rese…

English

219

789

73.1K

Yoav Alon retweetledi

Ace Pace@ace__pace·22 Haz

@yoavalon @zensploitation

lcamtuf@lcamtuf

Frankly, I'm appalled by the prospect of LLMs taking offensive security research jobs from honest, hard-working fuzzers

QAM

332

Keşfet

@eyalkraft @roeeshenberg @badlogicgames @orcasec @mitsuhiko @jarredsumner @charliermarsh @datadoghq