Alexander Ermolov @flothrone
Security researcher, team lead & speaker. Low-level design, firmware and system software. Fuzzing & testing automation for CI/CD pipelines. Joined July 2017-
Tweets617
-
Followers1K
-
Following130
-
Likes1K
Bug count != exploitable bug. Finding != chaining. LLMs are exceptional at pattern recognition on known bug classes. They are not reasoning about novel failure modes in complex multi-component systems. The hard bugs still require humans. voidsec.com/ai-vulnerabili…
New blog post: exploring NVIDIA’s open-source GPU drivers. Kernel modules, IOCTL attack surface, mmap primitives, UVM internals, and CPU↔GPU interactions (pushbuffers → firmware). Not just graphics: a large, exposed kernel surface. fuzzinglabs.com/exploring-nvid…
Don't want to cry wolf just yet, but this magenta-boxed part of LOTS of Insyde H2O-based UEFI FWs is highly suspicious, even if they are currently empty. Neither BootGuard nor FlashDeviceMap covers those volumes, and presence of PEI deps section suggests they are processed.
Intel SGX has fallen! Its most important key is in our hands: we extracted the Global Wrapping Key from an instance of the Intel Gemini Lake platform
Slides and demos for our @REverseConf talk by @francesco_ev and @xorpse are up! If you missed the conference, now's you're opportunity to take a look at the talk content and demos. Slides & demos: github.com/binarly-io/Res… VulHunt framework: vulhunt.re
Vulhunt is now open-source, this is a game changer: github.com/vulhunt-re/vul… @binarly_io @vulhuntdev
We @binarly_io just open-sourced our VulHunt framework at @REverseConf! GitHub: github.com/vulhunt-re/vul… Documentation: vulhunt.re/docs Slack: join.slack.com/t/vulhunt/shar… vulhunt.re
I'm pleased to announce a new release of the Rust bindings for @HexRaysSA IDA SDK! This release includes v9.3 compatibility. Code: git.idalib.rs Docs: docs.idalib.rs Thank you to @yeggorv who contributed to this release, and to @HexRaysSA for their support.
Published my OFFZONE 2025 presentation slides (in Russian) on GitHub: github.com/NikolajSchlej/… Had a great time at the conf, kudos to Bi.Zone and other sponsors and crew members for organizing and running it.
🔍 Full paper: 📄 syssec.kaist.ac.kr/pub/2025/LLFuz… 💻 github.com/SysSec-KAIST/L… (coming soon) 📢 USENIX Security 2025 Authors: @hdtuanss , @ohtaekk_ , @cheoljun_p, @insu_yun , @yongdaek #LLFuzz #BasebandSecurity #Fuzzing #CyberSecurity #USENIXSecurity
ZeroNights CFP is open 🔥 Long time no see. ZN will take place on Nov 26, 2025 zeronights.ru The program committee is accepting talks in Offensive and SecOps tracks, rewarding exclusive in-person presentations Submit cfp.zeronights.ru/zeronights-202… @cfptime
Published the third part of my blog series about Hydroph0bia (CVE-2025-4275) vulnerability, this one is about the fix as Insyde applied it, and my thoughts on improvements for it. coderush.me/hydroph0bia-pa…
Preliminary analysis shows that Insyde fixed Hydroph0bia (CVE-2025-4275) by forcefully removing the NVRAM vars that lead to exploitation during SecureFlashDxe driver startup, and setting a restrictive variable policy for them, so such vars can't be set from the OS anymore.
Published, go check it out, it is a fun ride indeed: coderush.me/hydroph0bia-pa… Part 3 will be done when I see how Insyde fixed the vulnerability and if we could do something about that fix.
There will soon be a part two of the writeup, where we'll use Hydroph0bia for getting arbitrary code execution during FW update and obtain full control over the DXE volume (and all other parts that happen to not be covered by BG/FDM hashing). youtube.com/watch?v=1uJF44…
🚨Binarly is documenting the discovery of CVE-2025-3052, a memory-corruption flaw in a Microsoft-signed UEFI module that lets attackers bypass Secure Boot and run unsigned code before the OS starts. 🔗 Full details: binarly.io/blog/another-c… 🛡️ Advisory: binarly.io/advisories/brl…
The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup: coderush.me/hydroph0bia-pa…
Together with @AlexTereshkin we managed to summarize NVIDIA Offensive Security Research (OSR) work on breaking BMC (reference to our DefCon talk youtube.com/watch?v=dbJQIQ…). This blog post also includes a link to the full paper.
Baseboard Management Controllers (BMCs) are vital for remote server management, but they can also be a significant security risk. Explore findings and recommendations to safeguard your #datacenter infrastructure from NVIDIA's Offensive Security Research team. ➡️
If for some reason #semgrep doesn’t fit your use case, here’s a port of my C vulnerability research ruleset to #weggli: github.com/0xdea/weggli-p… Read the linked blog post and check it out!
We're are happy to announce a new release of our #Rust bindings for @HexRaysSA idalib. What's new: - New APIs for working with IDBs, segments, and more - Rust 2024 support - New homepage: idalib.rs H/T to our contributors @yeggorv & @0xdea github.com/binarly-io/ida…
Gave a talk on external fuzzing of Linux kernel USB drivers with syzkaller at SAFACon by @SAFATeamGmbH. Includes a demonstration of how to rediscover CVE-2024-53104, an out-of-bounds bug in the USB Video Class driver. Slides: docs.google.com/presentation/d…
Alex Matrosov @matrosov
20K Followers 2K Following Security REsearch @Anthropicai · Breaking & Fixing AI Failure Modes | Founder @binarly_io · @SBOM_Tools · @REhints | Author “Rootkits & Bootkits" (https://t.co/1wd2dfYHY6)
Xeno Kovah @XenoKovah
13K Followers 75 Following Interested in reverse engineering, firmware, bluetooth, trusted computing, and training. Founder of OpenSecurityTraining2 https://t.co/slK2fsMRwU
Mickey @HackingThings
7K Followers 750 Following Low hanging fruit maven. Cluster Head. Tweets are my own. https://t.co/NsUyMzcogk
BINARLY🔬 @binarly_io
4K Followers 448 Following ⛓️Binarly is the world’s most advanced automated software supply chain security platform.
Satoshi Tanda @standa_t
8K Followers 397 Following Software security engineer and trainer https://t.co/tenaquooTc
Pietro Borrello @borrello_pietro
3K Followers 634 Following Security Researcher | PhD @SapienzaRoma | Pwner at @TheRomanXpl0it and @mhackeroni | https://t.co/g77o9Ojdjf | https://t.co/q5KZ4e8wkX
Ivan Rouzanov @ivanrouzanov
3K Followers 1K Following Debug Engineer. Windows, drivers and all things kernel mode. I express my views, not my employer's. My views are my own and just my personal opinions.
hardwear.io @hardwear_io
10K Followers 499 Following #HardwareSecurity Training & Conference Upcoming Conference & Training #hw_ioUSA2026 CFPs now open. Submit Below.
Simone Margaritelli @evilsocket
48K Followers 2K Following Music, cybersecurity, open source and AI • Author of bettercap, pwnagotchi, opensnitch, bleah, legba and a few other things. Chief Architect @ 🥷
mdowd @mdowd
33K Followers 758 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
gk98 @98erKAG
44 Followers 2K Following
João Felipe Rodrigue... @0xb0nvs
16 Followers 154 Following Learning Malware Analysis | Reverse Engineering | C & Assembly
Mike Voronov @VMS11
396 Followers 1K Following Math/CS substack https://t.co/EQpUjKs3mk tg blog: https://t.co/p0oMX1YsrO
Ray Ray @RayRay18340
0 Followers 49 Following
Haris Saeed Malik @HarisSaeed97
19 Followers 226 Following Electrical Engineer ⚡ Web Developer 😎 Reader🧐
Juan Pablo Giziriian @jpgizirian
21 Followers 783 Following Computer Engineer Scientist .:.. Hardware Hacker .:. Network Security .:. Technology Consultant //
Roy K @vladkeane
11 Followers 691 Following
Mohammad Edris Amarkh... @EdrisAmarkhil
13 Followers 2K Following
Jeff Tchelong @jeff_tchelong
13 Followers 611 Following Passionné par la sécurité informatique et le Ethical Hacking
Alexandr Sh @shuraGlyph
73 Followers 873 Following programming, reversing. c, asm, python. x86, arm, pic. BSUIR ... NeroElectronics ... CheckPoint
AMI @AMI_PR
1K Followers 282 Following AMI is a global leader in Dynamic Firmware for computing platforms. We enable the future of compute.
Matias Soler @gnuler
881 Followers 382 Following Security Researcher | Formerly @ImmunityInc & @Intel | Figuring out how things work, reversing one puzzle at a time
Igor Korkin @IgorKorkin
790 Followers 570 Following PhD | OS & Hypervisor Security Researcher | Speaker | Author of “Kernel Protection of Operating Systems Under Countermeasures” (https://t.co/7Ms2j4H7My)
ᐯ+ᖇᗩᒪ @0x13370x
203 Followers 1K Following Security Researcher| Prevented data breaches affecting 135M+ individuals | Engineer| Featured in @techcrunch @indiatoday @boomlive_in & many others| 3+ CVEs
Norbert @NB1r0
45 Followers 3K Following
` @skylamer
78 Followers 4K Following |||||||||||||||__________________________________________________________________________________________________________________________________|||||||||||||||
AVA @a1v7a9
6 Followers 1K Following
Gangetik Prophet🕊�... @0xojaxwi
74 Followers 2K Following Old-school OS & Offensive Security REsearcher | ⚡Kernel Pwner⚡
Rishi @HackerRishi
0 Followers 264 Following Wndows Hacker/Security practitioner/Reverse Engineer (Sorry If you are following me & expecting to follow back please dont follow me..)
kuvee04 @GamingFreeFire1
41 Followers 866 Following
Payload666 @Payload666x
28 Followers 1K Following
Jevin Sweval @jevinskie
2K Followers 5K Following Fuck Elon Musk and his fascist & racist friends This account is archived. Find me elsewhere. https://t.co/aPN2y5oggJ
cr0@Defensive-Securit... @cr0nym
3K Followers 3K Following Focus on Linux/Kubernetes Attack/Detection/Forensics/Incident Response/Threat Hunting/Active Defense. Learning hard every single day.
Look at my homepage @cole_meyer43343
21 Followers 3K Following Virtual currency game platform, deposit and get 50% bonus, recruit agents to earn 100,000 USDT per month, contact us https://t.co/j3jdAz4niL
andre @andre09839499
2 Followers 153 Following
Thitirsh @Thitirshkfu
124 Followers 3K Following
Hamas Trump @ProtoMammal_
13 Followers 902 Following It is easy to be unaware of how much we don't know. 🐢
Not Me @NotMe19618102
672 Followers 4K Following The general population doesn't know what's happening and it doesn't even know that it doesn't know. - Noam Chomsky ----------------
ept_violation @ept_violation
18 Followers 168 Following
Illusion31 @Keshavan3107
17 Followers 3K Following Security Researcher | Bug Hunter | VAPT | Pentest | Red Teaming | Liverpool FC | CR7 |
Guardian Angel Intell... @GAIA_Sasuki
4 Followers 414 Following
Leausare @LeausaremmsMZ5
72 Followers 2K Following
CherryBomb @cadenasxoxo
2 Followers 42 Following
Mohamed Hashem @MohamedHashemXO
5K Followers 2K Following Senior Frontend Engineer | ex @Microsoft | Building AI Agent Platform 🤖 | Session Lead @Udacity | CS Instructor 🧑💻| Swimmer🤿| Padel 🎾 #react #frontend #ai
Gonzales Spidy @GonzalesSp46994
1 Followers 104 Following
Yannick Wang @h1k0naka
4 Followers 142 Following Cyber Team @ Xiaomi Mimo PhD Student @ UCAS IIE pre-CTFer @ Never Stop Exploiting Cyber Security | Vulnerability Discovery | AI for Security
Sunil Shahi @IttechShahi
0 Followers 33 Following
Solomon Alan-Dei @salandei
150 Followers 99 Following Firmware/I.T Guy. Transforming the technological landscape of Africa 💯(CEO - Alansa Technologies)
James Ibrahim @JamesIb54140322
53 Followers 4K Following
Ekim Saribardak @baaluo
1K Followers 1K Following Head of Software Development @ Rewire Security, Forbes Technology Council Member
0xor0ne @0xor0ne
91K Followers 508 Following Cybersecurity | Reverse Engineering | Vulnerability Research | Embedded & Silicon Security | My Tweets, My Opinions :)
Alex Matrosov @matrosov
20K Followers 2K Following Security REsearch @Anthropicai · Breaking & Fixing AI Failure Modes | Founder @binarly_io · @SBOM_Tools · @REhints | Author “Rootkits & Bootkits" (https://t.co/1wd2dfYHY6)
Xeno Kovah @XenoKovah
13K Followers 75 Following Interested in reverse engineering, firmware, bluetooth, trusted computing, and training. Founder of OpenSecurityTraining2 https://t.co/slK2fsMRwU
Nicolas Krassas @Dinosn
157K Followers 770 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKZLB Posting content that I find interesting.
Yarden Shafir @yarden_shafir
26K Followers 319 Following A circus artist with a visual studio license
Mickey @HackingThings
7K Followers 750 Following Low hanging fruit maven. Cluster Head. Tweets are my own. https://t.co/NsUyMzcogk
BINARLY🔬 @binarly_io
4K Followers 448 Following ⛓️Binarly is the world’s most advanced automated software supply chain security platform.
Satoshi Tanda @standa_t
8K Followers 397 Following Software security engineer and trainer https://t.co/tenaquooTc
Alex Plaskett @alexjplaskett
14K Followers 586 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
offensivecon @offensive_con
28K Followers 1 Following OffensiveCon is a technical international security conference focused on offensive security only. Organised by @Binary_Gecko. Stay tuned #Offensivecon #Tokyo.
Binni Shah @binitamshah
141K Followers 165 Following Linux Evangelist, Malwares, Security enthusiast ,Investor,World Economy, Finance,Contrarian , Philanthropist , Reformist , Sigma female [email protected]
Project Zero Bugs @ProjectZeroBugs
37K Followers 0 Following A bot that posts the latest blog posts and disclosures from Google's Project Zero
Pietro Borrello @borrello_pietro
3K Followers 634 Following Security Researcher | PhD @SapienzaRoma | Pwner at @TheRomanXpl0it and @mhackeroni | https://t.co/g77o9Ojdjf | https://t.co/q5KZ4e8wkX
The Hacker News @TheHackersNews
1.7M Followers 2K Following The #1 trusted source for cybersecurity news, insights, and analysis — built for defenders and trusted by decision-makers.
Alex Ionescu @aionescu
47K Followers 2K Following Chief Technical Innovation Officer @crowdstrike. Windows Internals author and trainer. He/Him. RTs are not endorsements, opinions are my own.
Ivan Rouzanov @ivanrouzanov
3K Followers 1K Following Debug Engineer. Windows, drivers and all things kernel mode. I express my views, not my employer's. My views are my own and just my personal opinions.
Rodrigo Branco @bsdaemon
13K Followers 4K Following Chief Architect, Security Research of BigTech Advisor of Grsecurity. BYOS Commitee Member of OffensiveCon, Langsec, DistrictCon, Secdev
James Forshaw @tiraniddo
49K Followers 336 Following Security researcher in Google Project Zero. Author of Attacking Network Protocols. Tweets are my own etc. Mastodon: @[email protected]
[email protected]... @daviddiaul
1K Followers 3K Following Security Guy. All posts are my own and do not represent the opinions of my employer etc. @[email protected]
blackorbird @blackorbird
42K Followers 702 Following Peace and Love. Just Analysis/Hunter/Youtuber/AiCoder/Entrepreneur/. #APT #threatIntelligence #Exploit #CTI #meme #cyber #hacker #OSINT #Ai Need Remote Job
watchTowr @watchtowrcyber
12K Followers 12 Following watchTowr enables organizations to get ahead of in-the-wild exploitation with Preemptive Exposure Management technology.
Anton Cherepanov @cherepanov74
4K Followers 982 Following Malware researcher at ESET Slovakia. Opinions are my own.
Matias Soler @gnuler
881 Followers 382 Following Security Researcher | Formerly @ImmunityInc & @Intel | Figuring out how things work, reversing one puzzle at a time
Igor Korkin @IgorKorkin
790 Followers 570 Following PhD | OS & Hypervisor Security Researcher | Speaker | Author of “Kernel Protection of Operating Systems Under Countermeasures” (https://t.co/7Ms2j4H7My)
ic3qu33n @nikaroxanne
2K Followers 212 Following reverse engineer | hacker | vx artist | malware witch | my artistic process is a daemon process. @[email protected]
n3k @kiqueNissim
2K Followers 535 Following Full Heap Developer. I transform monster and DnB into bugs
Piotr Król @pietrushnic
580 Followers 292 Following Advancing trustworthy platform security with @Dasharo_com @3mdeb_com. Tweeting about Root of Trust, TPM, coreboot, UEFI, EDK II, Yocto, U-Boot, and Linux.
Mobile Hacker @androidmalware2
60K Followers 49 Following Mobile Offensive Security 🔴 #redteam Android Reverse Engineering | malware analysis
Crowdfense @crowdfense
3K Followers 1K Following Crowdfense is the world-leading research hub and acquisition platform for zero-day exploits and vulnerability research. We offer the highest bounties
quarkslab @quarkslab
13K Followers 13 Following Securing every bit of your data https://t.co/hqdd8jMkYM https://t.co/GOXPtukIXE
Pwnie Awards @PwnieAwards
12K Followers 24 Following An annual awards ceremony celebrating and making fun of the achievements and failures of security researchers and the wider security community.
MachineHunter @InfPCTechStack
411 Followers 220 Following Security Researcher, UEFI, Kernel, Hypervisor, SMM (RT is mainly for me to read them later...)
Krzysztof Okupski @exminium
310 Followers 186 Following Embedded security, reverse engineering and software exploitation
Vigilant Labs @vigilant_labs
3K Followers 3 Following Official account of Vigilant Labs (https://t.co/PzW4HkfAwd).
mdowd @mdowd
33K Followers 758 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
Dekeneas @dekeneas
327 Followers 94 Following phrack author | detecting (unknown) browser exploits since 2016 AD
No Context Brits @NoContextBrits
1.8M Followers 0 Following A “mordant celebration of British mediocrity” according to the Washington Post. Contains sarcasm, irony and context. Blocked by John Cleese.
Fabio Pagani @pagabuc
999 Followers 610 Following Vulnerability Research Lead @binarly_io. Prev: Postdoc @ucsantabarbara. Binary analysis, memory forensics et al. Captures flags with Shellphish and NOPS.
Nikita Tarakanov @NikitaTarakanov
744 Followers 345 Following 0day analysis. Previous account @NTarakanov
Tom Garrison @tommgarrison
39K Followers 4K Following Prior. VP & Chief Strategy Officer, @Intel PC Client Group. Passionate about technology, sustainability, fishing, food, travel, and the Oregon Ducks.
Shift @Shiftreduce
3K Followers 2K Following
Zaolin @_zaolin_
737 Followers 590 Following Head of Solution Engineering @Binarly, IT-Consultant @ Niche Systems. Ex-CEO of @immune_gmbh. Founder of @9eSec, President of the @osfw_foundation.
3mdeb @3mdeb_com
1K Followers 292 Following Creators of @Zarhus_com & @Dasharo_com. Specializing in trusted computing, embedded firmware, coreboot, UEFI, U-Boot, and Yocto https://t.co/EqPyWEobn1
Sam Thomas @xorpse
679 Followers 634 Following Program analysis. Reverse engineering. Backdoor detection.
Solar Designer @solardiz
13K Followers 1K Following @Openwall founder, @oss_security maintainer, @lkrg_org co-author, @CtrlIQ Linux security engineer. RTs don't imply agreement with points of view.
Claudiu Teodorescu @cteo13
360 Followers 66 Following Co-founder @Binarly_io Previously worked at Cylance, FireEye, EnCase, eEye Digital Security
Alexander Popov @a13xp0p0v
7K Followers 378 Following Linux Kernel Developer / Security Researcher / Free Software Maintainer. Admin of @linkersec. This is my personal account.You might like
