Security Researcher
Joined September 2010
- Tweets 1,141
- Following 1,068
- Followers 5,332
- Likes 1,279
5 Photos and videos
Pinned Tweet
3 Jun 2024
A big honor to coauthor with @abc_sup and Gulshan the very first blog from Android Red Team on analysis and exploitation of CVE-2023-20938 in Android Binder driver at androidoffsec.withgoogle.com… 🔥
The slide-deck presented at @offensive_con is available at androidoffsec.withgoogle.com…
2
37
87
14,318
Eugene Rodionov retweeted
2 Sep 2025
My new article: "Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel"⚡️
I tell a bug collision story and introduce my pet project kernel-hack-drill, which helped me to exploit the hard bug that received @PwnieAwards 2025
a13xp0p0v.github.io/2025/09/…
4
85
257
34,679
Eugene Rodionov retweeted
15 Dec 2024
Slides for my talk at @h2hconference 2024:
Diving into Linux kernel security 🤿
I described how to learn this complex area and knowingly configure the security parameters of your Linux-based system.
And I showed my open-source tools for that purpose!
a13xp0p0v.github.io/img/Alex…
5
79
260
27,503
Custom Linux kernel fuzzing with libFuzzer by @R00tkitSMM r00tkitsmm.github.io/fuzzing…
20
104
8,068
Eugene Rodionov retweeted
15 Nov 2024
Slides for my @ekoparty talk "Advanced Fuzzing
With LibAFL"
- >
docs.google.com/presentation…
91
346
40,772
Eugene Rodionov retweeted
15 Nov 2024
Excited to share our latest post on memory safety! We're tackling spatial safety in our massive C codebase by hardening libc *by default*. It adds bounds checks to things like std::vector, preventing a fair bit of out-of-bounds vulnerabilities: security.googleblog.com/2024…
2
49
246
77,143
Eugene Rodionov retweeted
11 Nov 2024
“Break into the world of vulnerability research... and become a zero-day hunter.” I have a new book with @nostarch!
Behind the curtain of zero-day research, there are fundamental building blocks you can learn. In early access now and out in Spring 2025!
nostarch.com/zero-day
21
135
618
40,952
Eugene Rodionov retweeted
11 Nov 2024
Getting made fun of because you cover laptop webcam with a sticker? 😭
Here are materials from my talk about controlling ThinkPad X230 webcam LED over USB presented at POC by @POC_Crew 😎
Use these as a comeback 😁
Slides: docs.google.com/presentation…
Code: github.com/xairy/lights-out
9
137
395
51,172
Eugene Rodionov retweeted
1 Nov 2024
A while ago I've given a talk on how to build exceptional security research teams: github.com/rrbranco/Presenta… - I continue convinced that is all that is needed. The adage "Great people leave managers, not companies" continues to be true.
2
29
125
13,065
Eugene Rodionov retweeted
1 Nov 2024
Project Zero blog:
LLMs find 0days now! 👀
And: our fuzzer setup did *not* reproduce it! googleprojectzero.blogspot.c…
9
150
604
62,240
Eugene Rodionov retweeted
23 Oct 2024
As promised, here is a new article: PlayStation Vita (Part 1). Enjoy!
copetti.org/writings/console…
8
77
346
21,334
Eugene Rodionov retweeted
21 Oct 2024
CVE-2024-9143 (openssl-library.org/news/sec…) was disclosed recently, which was found by OSS-Fuzz-Gen! This is a pretty proud example of our team showing the promise of leveraging LLMs enable more fuzzing coverage.
23
123
46,741
I've written a post on SELinux and some public bypasses for Android kernel exploitation. It's especially relevant for Samsung and Huawei devices due to their use of hypervisors. Check it out here: klecko.github.io/posts/selin…
10
126
412
37,599
Eugene Rodionov retweeted
2 Oct 2024
Excited to give this talk 🔥🔥🔥
2 Oct 2024
2
6
40
3,358
Eugene Rodionov retweeted
1 Oct 2024
IDAlib is the first idiomatic Rust bindings library for @HexRaysSA IDA SDK, helping go beyond C/C or Python in RE automation. Huge thanks to @xorpse for making it happen! Binarly team ❤️ Rust 🙌
🛠️use idalib::idb::*;
🦀crates.io/crates/idalib
1 Oct 2024
Our REsearch team is thrilled about the new IDA v9.0! #efiXplorer is fully compatible with v9.0 and still supports IDA v8.4🚀
🔬github.com/binarly-io/efiXpl…
We are thrilled to announce IDAlib — idiomatic Rust bindings for the IDA SDK 🎉 Kudos to @xorpse!
⚙️github.com/binarly-io/idalib
1
26
79
11,103
Eugene Rodionov retweeted
27 Sep 2024
💥PoC is now public!
target = "https://{ip_address}/cgi/login.cgi"
command = "touch /tmp/BRLY"
libc = 0x76283000 # we try to guess
gadget1 = 0x000D8874 # pop {r0, r1, r2, r3, fp, pc};
gadget2 = 0x001026D4 # mov r0, sp; blx r3;
system = 0x0003C4D4
github.com/binarly-io/ToolsA…
26 Sep 2024
🚨New! "CVE-2024-36435 Deep-Dive: The Year’s Most Critical BMC Security Flaw."
🔥Classic buffer overflow vulnerabilities resurface in BMCs, remotely opening the gates from the castle.
🏆Kudos to @AlexTereshkin for the initial discovery and disclosure!
binarly.io/blog/cve-2024-364…
4
90
267
60,375
Eugene Rodionov retweeted
27 Sep 2024
We have cleaned up the #LibAFL example fuzzers!
This makes things easier to find and understand.
Thanks to @rmalmain
Take a look 👀👀
github.com/AFLplusplus/LibAF…
1
23
118
11,217
Eugene Rodionov retweeted
25 Sep 2024
I’m super excited about this blogpost. The approach is so counterintuitive, and yet the results are so much better than anything else that we’ve tried for memory safety. We finally understand why.
security.googleblog.com/2024…
6
73
271
54,683
24 Sep 2024
Exciting story on collaboration between Google Android Offsec and ARM product security on proactively securing Mali GPU attack surface in Android and beyond. Among proactively identified and mitigated issues is CVE-2024-0153 in GPU firmware.
24 Sep 2024
We teamed up with @Arm to boost GPU security on #Android! Fuzzing, firmware analysis, and close collaboration led to key vulnerability discoveries and a stronger #Android ecosystem. Read more in our joint blog: security.googleblog.com/2024…
6
22
2,603
3 Jun 2024
A big honor to coauthor with @abc_sup and Gulshan the very first blog from Android Red Team on analysis and exploitation of CVE-2023-20938 in Android Binder driver at androidoffsec.withgoogle.com… 🔥
The slide-deck presented at @offensive_con is available at androidoffsec.withgoogle.com…
2
37
87
14,318
20 Sep 2024
Continuing the series on exploiting Android Binder with Binder internals blog androidoffsec.withgoogle.com… Deep dive into Binder driver by @abc_sup and Gulshan. We also release github.com/androidoffsec/lib… -- tiny lib featuring how to do IPC via Binder driver. Happy Binder hacking!
18
68
4,971
Eugene Rodionov retweeted
17 Sep 2024
Slides and recording from my "SLUB Internals for Exploit Developers" talk at @LinuxSecSummit yesterday 🥳
Slides: docs.google.com/presentation…
Slides PDF: static.sched.com/hosted_file…
Recording: youtu.be/WWQh4yAoXME?t=23158
11 Sep 2024
Gonna be giving a talk "SLUB Internals for Exploit Developers" at @LinuxSecSummit next week.
Plan to cover the basics one needs to know before writing exploits for slab bugs; slides coming along 😁
Also gonna stay around for @linuxplumbers.
lsseu2024.sched.com/event/1e…
2
79
255
32,392