One of our security researchers demonstrated a local root shell on Linux using a page-cache poisoning primitive in AF_RXRPC’s RxGK path. We call it DirtyCBC: a sibling to DirtyFrag in the broader CopyFail / DirtyFrag / Fragnesia family. The issue is fixed on mainline. The candidate path was surfaced through Delphos’s agentic analysis workflow, then manually verified and exploited end to end. AES-256 was not broken. It just wasn’t the boundary that mattered. RxGK decrypted data in place before authentication completed. Under the right conditions, that write could land in the page cache. The HMAC check still failed and the connection was aborted, but the page-cache mutation had already happened. Two RESPONSE packets were enough to place a tiny ELF into the cached first page of a readable SUID-root binary. The file on disk stayed unchanged. The next exec produced a root shell. Full writeup and PoC on the Delphos Labs GitHub. delphoslabs.com/blog/3614237…

We’re hiring 🚀 Security Researcher & Software Engineer @ Delphos Labs Build AI-powered systems for reverse engineering — tools where AI understands software, automates binary analysis, and scales how we reason about code. 🔗 jobs.ashbyhq.com/delphos-lab… #securityresearch #hiring

XZ backdoor (liblzma.so.5.6.1) fully exposed in minutes with Delphos Labs. Black-box binaries? No more. Traditional tools would still be unpacking. That’s software, verified.

Binary highlight: “Cyberpunk 7777 / QubePi” ELF. Text-menu game with hard-coded Postgres creds. Every login/chat/coord sent in clear on 5432—no TLS, no sanitization. Delphos auto-exposed the creds & flow in minutes. Sample: delphoslabs.com/uploads/26cc… #ReverseEngineering

At @DelphosLabs, we're building tools to automate reverse engineering, no source code required. Help shape what we build next 👇 docs.google.com/forms/d/e/1F… It takes just a few minutes. Anonymous unless you opt in. Thanks for your input! 🙏

Machine Learning Meets Malware. If cognition becomes an API call and malware can be reverse-engineered by an LLM, then what’s left of “zero trust”? Caleb Fenton joined @patio11 for a chat on AI, nation-states, and the new front in software security. 🎧complexsystemspodcast.com/ep…

If you like building platforms and infrastructure and want to get in on the ground floor of a cyber security startup doing AI and reverse engineering, DM me.

Happy Friday everyone! Want a ProcMon for macOS? Ever wish you had your own Endpoint Security client you could task? Want to peer behind the macOS EDR curtain? Have a go and let us know what you think! github.com/redcanaryco/mac-m…

New Tiny #tinyML #AIoT module M0S coming out~ Based on BL616, WiFi6 BT5.2 Zigbee, 384MHz #RISCV RV32GCP, 4MB Flash 512KB SRAM, and USB2.0 HS in tiny 10x11mm stamp module! It would be <2$ ~

My project is on hackaday 😀hackaday.com/2022/10/17/cust…

A device that no one REALLY needs, but fun project anyway. Here is my Caliper/Digital indicator WiFi adapter. github.com/liba2k/VINCA_read…

The talk that @assaf_carlsbad and I presented at #INS22 is up on youtube. youtube.com/watch?v=ge_TnLfT…

Yesterday @liba2k and I presented our talk "Breaking Secure Boot with SMM" at @1ns0mn1h4ck. The slides, exploit code, and some additional resources are now online and available here: github.com/liba2k/Insomni-Ha… Thanks to everyone who attended, we hope to see you all again next time!

In what seems like nearly perfect conjunction with the latest @binarly_io disclosure, today we publish the 6th installment of our UEFI blog post series where we dissect 6 new vulnerabilities in HP's firmware that allow privilege escalation to SMM. sentinelone.com/labs/another… @liba2k

Yet another batch of SMM vulnerabilities. Blog post to be published soon. support.hp.com/us-en/documen…

Zen and the Art of SMM Bug Hunting: me and @liba2k wrote yet another entry in our blog post series about UEFI firmware security. This time we cover SMM bug classes, discuss potential mitigations and reveal some tools & tactics we employed to uncover them. sentinelone.com/labs/zen-and…

New on SentinelLabs! Part 5 of @@assaf_carlsbad & @liba2k series on #UEFI security research. #smm #cybersecurity #infosec sentinelone.com/labs/zen-and…

This is a really handy script to automatically create a ghidra project and import/analyse the target binary, by @liba2k 🔥 gist.github.com/liba2k/d522b…