HN Security
@hnsec
Trust, but verify.
Today I’m celebrating one year of #Rust! 🦀 I started learning it last summer, and since then, I’ve pretty much stopped programming in any other language. I’ve documented my journey in this series of articles: security.humanativaspa.it/tag/rust/ Here’s to many more years with Rust! 🥂
I'm pleased to announce a new version of the Rust bindings for @HexRaysSA IDA Pro! With: - Improved strings, metadata, and core APIs - Support for the name API Thank you to @0xdea & @williballenthin for contributing! Docs: idalib.rs Code: git.idalib.rs
🔍 Durante un assessment, Gianluca Baldi di @hnsec ha individuato una vulnerabilità ad alto impatto nella Microsoft Graph API: un bug che gli è valso un bounty da 3.000$! 🔗 security.humanativaspa.it/export-to-pdf-… 🟠 #HumanativaGroup #HNSecurity #CyberSecurity #BugBounty #Microsoft365
As an old fart in #xdev, I often get asked how to get into binary exploitation in 2025. I looked around, and here’s my recommendation: pwn.college #pwncollege is a huge collection of free #lectures and practical #challenges maintained by a team of #hackers at @ASU.
In our last blog post, our colleague Gianluca shares the story of a lucky discovery: a bug initially spotted during a routine assessment turned out to be a high impact vulnerability in Microsoft Graph API — earning a $3,000 bounty. security.humanativaspa.it/export-to-pdf-…
![hnsec's tweet card. Some months ago, while analyzing a […]](https://pbs.twimg.com/card_img/1950092713254338560/8cSaU-uL?format=png&name=orig)
Power users are taking IDA headless with idalib. Think large-scale diffing, custom UIs, and CI pipelines... all without launching a GUI. 💡 Get inspired: eu1.hubs.ly/H0lkrQl0
My #idalib based tools are featured in the latest @HexRaysSA blog! hex-rays.com/blog/4-powerfu…
Releasing this fun tool Golem based on @0xdea, LLVM, LLM and @semgrep Golem automates C/C++ vulnerability discovery by combining Semgrep rule scans, LLVM call-graph & CFG slicing, and AI-driven context analysis. Tool: github.com/20urc3/golem Article: bushido-sec.com/index.php/2025…
Our FI training #TAoFI is, in itself, a broad experiment in porting FI attacks across different techniques, from EMFI to VCC glithching. More on the process in our latest bog post: raelize.com/blog/espressif… And for the real experience, just join #TAoFI: raelize.com/training/
Another Week, Another EXPLOITS CLUB 📰 --- 🎉 Binja giveaway: sign up to support the newsletter 🎉 --- Tesla wall charger falls to @Synacktiv @bugscale pops a Chrome bug @binarly_io Secure Boot bypass RCE from @watchtowrcyber + Jobs & MORE 👇 blog.exploits.club/exploits-club-…
And, of course, credit goes to @0x696e6f6465 for this outstanding research.
Happy to see our research replicated and dug even further! We did it with EMFI, @hnsec did it with Voltage glitching. But the beauty also lies in the systematic approach and rigorous thinking. It's rare to see such a high quality research in the field of #faultinjection.
Exploring fault injection on ESP32 V3! Inspired by Delvaux work, we tested voltage #glitching as an attack vector. With advanced triggers & GDB, we achieved a ~1.5% success rate. #Hardware #FaultInjection is becoming more practical! security.humanativaspa.it/fault-injectio…
Exploring fault injection on ESP32 V3! Inspired by Delvaux work, we tested voltage #glitching as an attack vector. With advanced triggers & GDB, we achieved a ~1.5% success rate. #Hardware #FaultInjection is becoming more practical! security.humanativaspa.it/fault-injectio…
![hnsec's tweet card. Intro A few months ago, I […]](https://pbs.twimg.com/card_img/1947943289635692544/Eo0gFxY9?format=png&name=orig)
And here are the latest #VulnerabilityResearch and #ReverseEngineering tools that I wrote in #Rust github.com/0xdea/rhabdoma… github.com/0xdea/haruspex github.com/0xdea/augur github.com/0xdea/oneiroma… Make sure to check the accompanying @hnsec blog posts for additional details 🪲🎯
We're are happy to announce a new release of our #Rust bindings for @HexRaysSA idalib. What's new: - New APIs for working with IDBs, segments, and more - Rust 2024 support - New homepage: idalib.rs H/T to our contributors @yeggorv & @0xdea github.com/binarly-io/ida…
new idalib release! for folks interested in writing headless analysis scripts for IDA in rust, I can recommend @0xdea's blog post with some neat example use cases: security.humanativaspa.it/streamlining-v…
We're are happy to announce a new release of our #Rust bindings for @HexRaysSA idalib. What's new: - New APIs for working with IDBs, segments, and more - Rust 2024 support - New homepage: idalib.rs H/T to our contributors @yeggorv & @0xdea github.com/binarly-io/ida…
How was it like to attend the exclusive #ZeroDayQuest event? How did a Unix hacker even qualify in the first place? How can you become one of the @msftsecresponse MVRs? Our @0xdea answers these and other questions in his latest article: security.humanativaspa.it/my-zero-day-qu…
![hnsec's tweet card. “If you shame attack research, you […]](https://pbs.twimg.com/card_img/1950094238248562689/SWhfi76p?format=jpg&name=orig)
It’s been a real pleasure, thank you for having me at the @MSFTBlueHat #podcast!
On this episode of The BlueHat Podcast, we’re joined by Marco Ivaldi (@0xdea), co-founder of HN Security and a veteran of the security research community. Marco shares his journey from teenage hacker in the '80s to bug bounty hunter, including his experience at Microsoft’s Zero…
On this episode of The BlueHat Podcast, we’re joined by Marco Ivaldi (@0xdea), co-founder of HN Security and a veteran of the security research community. Marco shares his journey from teenage hacker in the '80s to bug bounty hunter, including his experience at Microsoft’s Zero…
It’s been a real pleasure, thank you for having me at the @MSFTBlueHat #podcast!
If you care about securing legacy systems and staying ahead in bug bounty, don’t miss this episode with @0xdea on The BlueHat Podcast.