Security Researcher @nozominetworks
Joined May 2010
- Tweets 1,357
- Following 867
- Followers 288
- Likes 5,045
1 Photos and videos
Just discovered 10 memory corruption vulnerabilities in the popular Mongoose Web Server (11k stars on GitHub) by fuzzing its embedded TLS stack protocol with @aflplusplus. More technical details here: nozominetworks.com/blog/hunt…
44
220
12,701
cdzeno retweeted
Jun 13
I made this Windows security research toolkit for LPE, persistence, COM hijacking, and attack surface enumeration.
Leave a star and follow on GitHub so I can feed my 10 kids <3
github.com/kernelstub/Ferrum
12
98
424
21,913
One of the best FREE Windows exploit development and security research blogs out there. Kernel pool exploitation. PTE overwrites. HVCI and kernel CFG bypass. XFG internals. Browser type confusion. Kernel shadow stacks. Secure kernel internals. ARM64 Pointer Authentication bypass. ETW and PPL research.
Covers everything from ROP fundamentals all the way to cutting edge ARM64 and VBS security research. Still actively publishing in 2026.
connormcgarr.github.io/
Author: @33y0re
#ExploitDevelopment #WindowsInternals #ReverseEngineering
2
93
447
18,342
What Europe should do right now:
1. Call all the European researchers working on AI and return them back with same salary (or they can stay but switch career).
2. Fill EU places having GPUs with money, and put those people there.
3. AI partnerships with China India.
358
361
3,178
198,741
cdzeno retweeted
Jun 12
The rax emulator now lives under the Hex-Rays brand github.com/HexRaysSA/rax
2
33
204
14,546
cdzeno retweeted
🐛New post: Exploiting CVE-2024-1065 via the Page Cache!
A strategy for physical-page UAFs in MIGRATE_MOVABLE, where Dirty Pagetable and Dirty Cred don't apply.
Demonstrated on the Mali GPU UAF found by Project Zero.
kuzey.rs/posts/MaliUAF/
#ExploitDevelopment #KernelSecurity
2
26
109
5,903
cdzeno retweeted
Jun 11
Inspired by @guyru_'s ghidra rpc agentic skill, I ported my mcp server for @HexRaysSA IDA Pro to be a rpc skill plugin as well. What can I say, speed improvements and less tokens needed, it was fully worth porting it. Go test it :) github.com/bkerler/ida_rpc
1
31
167
9,134
3-part series on Linux kernel bug hunting: KASAN, Syzkaller, and kernel fuzzing by @slava_moskvin_
Part 1: slavamoskvin.com/hunting-bug…
Part 2: slavamoskvin.com/finding-bug…
Part 3: slavamoskvin.com/finding-bug…
#infosec
33
174
6,874
cdzeno retweeted
Jun 12
We published a new research article on the Chromium 146 Renderer Process!
In this article, we start from the CVE-2026-3910 Maglev write barrier elision bug and walk through the full exploit chain: building a V8 heap R/W primitive via a GC-induced UAF, achieving an out-of-sandbox read using WebAssembly internals, abusing JSPI UAF and StackMemory / JumpBuffer, and ultimately reaching renderer process RCE.
Our goal was to provide a structured explanation of how modern V8 exploitation works in practice, from compiler-level bug analysis to sandbox-boundary primitives and final code execution. Huge thanks to our team member @m411k_ for conducting this research!
Check out the PoC!
Full article:
research.rewritelab.org/2026…
1
35
165
11,114
🚨 Introducing "ITScape" (CVE-2026-46316)
A Guest-to-Host Escape in KVM/arm64. Guest-side actions alone exploit a use-after-free to run root-privileged code in the host kernel.
Unlike the commonly published QEMU escapes, the bug lives in in-kernel KVM, not QEMU. On a successful exploit, commands run with host kernel privilege rather than the privilege of a user process, threatening the guest-host isolation of multi-tenant arm64 public clouds.
To the best of public knowledge, the first Guest-to-Host Escape Exploit targeting in-kernel KVM/arm64.
Details: itscape.io
4
91
296
25,441
I think this N-day research is potentially the biggest story of AI, vulnerability finding, and exploit development.
red.anthropic.com/2026/n-day…
1/6
8
105
614
47,911
cdzeno retweeted
Jun 4
[...]
Prod chain will be: metal host -> (portable USB-SSD) EFI -> {LUKS2 decrypt} -> GRUB -> VMM -> Debian VM -> Hermes Next step is to boot a Hackintosh/macOS in a VM and let Hermes act as if in a Mac Mini/Book.
Feedback is appreciated: github.com/phretor/phermes
1
3
239
cdzeno retweeted
Jun 6
Kernel Rootkit is a new Telegram community for Linux/Windows rootkit research, ring0/ring3, stealth, defense, forensics and reverse engineering.
Join us, share knowledge and collaborate.
t.me/kernel_rootkit
#rootkits #security #windows #linux #cyber #malware #forensics
4
53
308
32,299
cdzeno retweeted
Jun 6
Great post by @0xkato - How LLMs Actually Work - 0xkato.xyz/how-llms-actually…
2
53
402
20,855
We're mostly an IDA shop at @CellebriteLabs, but I decided to play around with Ghidra. My main motivation was to experiment with agentic reverse engineering techniques. The result is an agent skill for Ghidra, which we are releasing publicly:
github.com/cellebrite-labs/g… >>
7
103
422
59,241
cdzeno retweeted
Jun 3
Cleaned up my old ETW notes from Obsidian and put them into one post.
No new research here.
Just a practical map of the parts I keep coming back to, providers, sessions, kernel loggers, ETWTI, tampering, and detection.
kernullist.github.io/kernull…
56
236
12,034
cdzeno retweeted
Jun 1
After 6 months of extensive research, I have finally published a new blog post! It describes the journey from breaking into my router using a couple of command injections to finding and exploiting a remote heap overflow in a MediaTek kernel driver :D
hacefresko.com/posts/rce-on-…
5
35
141
7,000
cdzeno retweeted
May 30
This is what a personal AI assistant should be!
Looks like @techjarves read my mind! github.com/techjarves/hermes…
I had just wrapped up the setup of a local, isolated Docker-sandboxed Pi agent pointed at my @obsdmd vault and battle-tested it for about 3 weeks.
While searching [...]
3
1
3
575