Sam Thomas

Forgot to mentioned that our talk "How to secure unique ecosystem shipping 1 billion+ cores?" has been accepted to @defcon #defcon33 as well! defcon.org/html/defcon-33…

Back from @PLDI 2025, where Frédéric Recoules and I had the pleasure to give a tutorial on BINSEC and binary-level symbolic execution. Here it is, playable in your browser: binsec.github.io/tutorial-pldi2…

Today I’m celebrating one year of #Rust! 🦀 I started learning it last summer, and since then, I’ve pretty much stopped programming in any other language. I’ve documented my journey in this series of articles: security.humanativaspa.it/tag/rust/ Here’s to many more years with Rust! 🥂

In his latest article, "Specifications Don't Exist," Galois Principal Scientist Mike Dodds explores formal specifications, informal specifications, and the inescapable burden of having to clarify our ideas. Give it a read! galois.com/articles/speci…

Google Wifi Pro - Glitching from Root to EL3 - Part 1 In this first post, we explain in detail, how we were able to inject EM glitches in order to characterize Qualcomm's IPQ5018 SoC susceptibility to EM glitches. raelize.com/blog/google-wi…

I'm pleased to announce a new version of the Rust bindings for @HexRaysSA IDA Pro! With: - Improved strings, metadata, and core APIs - Support for the name API Thank you to @0xdea & @williballenthin for contributing! Docs: idalib.rs Code: git.idalib.rs

In our last blog post, our colleague Gianluca shares the story of a lucky discovery: a bug initially spotted during a routine assessment turned out to be a high impact vulnerability in Microsoft Graph API — earning a $3,000 bounty. security.humanativaspa.it/export-to-pdf-…

new IDA license, who dis?

My first blogpost on the Source Engine is out🔥! (hopefully there'll be more heh) Exploiting the Source Engine’s network protocol to leak vtable pointers – protobuf quirks, ConVar abuses, and good old engine weirdness. mrnbayoh.github.io/blog/source-en…

It’s great to see @xorpse #idalib gaining traction across the industry 🚀 Let’s develop more Rust-based tools for RE 🦀

I love Binarly team! To provide better contextualization, we now have full Lua support for semantic-driven code detection rules 🪄✨

🔎From Hidden Semantics to Structured Insights✨ By combining static analysis techniques and tailored heuristic improvements, we've significantly enhanced the precision of type inference, enabling more effective vulnerability triage. @pr0me @xorpse 👏 binarly.io/blog/type-infe…

Our Deep Vulnerability Analysis (DVA) technology automatically identified 𝗖𝗩𝗘-𝟮𝟬𝟮𝟱-𝟯𝟬𝟱𝟮 as unknown zero-day vulnerability🪄✨ showcase.binarly.io/share/b8XkNJQ6…

Sooooo, our Usenix Security '25 paper on automated synthesis of code-reuse attacks has been pre-published ✨ usenix.org/conference/use…

Exploring fault injection on ESP32 V3! Inspired by Delvaux work, we tested voltage #glitching as an attack vector. With advanced triggers & GDB, we achieved a ~1.5% success rate. #Hardware #FaultInjection is becoming more practical! security.humanativaspa.it/fault-injectio…

Happy to see our research replicated and dug even further! We did it with EMFI, @hnsec did it with Voltage glitching. But the beauty also lies in the systematic approach and rigorous thinking. It's rare to see such a high quality research in the field of #faultinjection.

ONLY 5 DAYS LEFT 🚨 The Crime and Policing Bill is in the House of Commons on Tuesday 17.06. We have 5 days left to email MPs to act. MPs right now have the power to protect our protest rights. We can’t let them ignore us. 📝 Take action: amn.st/60144KmEA

Secure Boot bypasses everywhere, nice find!

🚨Binarly is documenting the discovery of CVE-2025-3052, a memory-corruption flaw in a Microsoft-signed UEFI module that lets attackers bypass Secure Boot and run unsigned code before the OS starts. 🔗 Full details: binarly.io/blog/another-c… 🛡️ Advisory: binarly.io/advisories/brl…

"One prerequisite for this vulnerability is that the IhisiParamBuffer variable must be writable. On Insyde-based devices, this variable is often locked and read-only. Unless there is another vulnerability Insyde-based devices are not vulnerable." CVE-2025-4275 to the rescue!