@yoavalon profile picture
Yoav Alon @yoavalon

CTO @orcasec | I tweet about fuzzing, bugs, and all that security jazz

Joined April 2014
  • Tweets 638
  • Following 382
  • Followers 1,754
32 Photos and videos
Yoav Alon retweeted
Halvar Flake
@halvarflake
Jun 9
I've been thinking about why I feel so compute-constrained, and I think the issue is: I always had lots of ideas. In the past, building the code to run my experiments was the bottleneck - I had to choose carefully which experiments to run. While AI agents write bad architecture, ...
3
2
43
4,622
Yoav Alon retweeted
Brandon Falk@gamozolabs
Jun 8
Replying to @yoavalon
In theory this gets me redundancy and snapshots and then the desktops are really easy to backup or swap to a different os, etc
1
277
Yoav Alon retweeted
Samuel Colvin
@samuelcolvin
May 23
Loving github today.
2
2
42
1,493
Yoav Alon retweeted
Brendan Dolan-Gavitt
@moyix
May 12
Exim 4.99.3 is out, patching CVE-2026-45185, a critical RCE found by XBOW! Check out our post linked in the reply; I'll summarize some details in this thread.
0:15
5
76
313
33,476
Yoav Alon retweeted
Susan Zhang
@suchenzang
Apr 24
so that explains the delay... deepseek could not fix training instabilities, after doubling from ~15T tokens in v3 to ~33T tokens in v4 the 10 mentions of "stability" tricks seem to be wildly lacking if these two were the main bandages (mismatched routing clamping) but kudos for transparency, as always!
32
85
1,646
256,709
Being an Israeli CEO since 2019 is basically very much like: while True: slack_team(f"Don't come to the office today due to: {random.choice(['pandemic', 'war', 'sirens', 'protests', 'shenanigans'])}")
7
20
516
32,976
Yoav Alon retweeted
Yaron Dinkin@ydinkin
Feb 23
Joining the agentic vuln research hype, @EyalKraft and I did something. Unfortunately, it worked better than we hoped. We spent a few weeks building an agentic loop that reverse-engineers and exploits kernel drivers. We already found 100 exploitable drivers. (link below)
9
48
280
39,503
Yoav Alon retweeted
Dmitry Vyukov@dvyukov
Feb 23
syzkaller/syzbot now has AI agentic framework for kernel bug fix generation, bug assessment, security triage, POC generation, etc: groups.google.com/g/syzkalle… Includes set of tools to build kernels, navigate/edit source, test reproducers, etc. Contributions/research are welcome.

1
39
126
14,403
Very cool! And with the advent of coding agents I believe annotations will come sooner rather than later
Marco Elver@maelver
Feb 11
Clang's -Wthread-safety, named "Context Analysis" for the Linux kernel finally merged after a year's worth of work: git.kernel.org/torvalds/c/09… docs.kernel.org/next/dev-too… Currently opt-in; go and set 'CONTEXT_ANALYSIS := y' for any kernel code you're developing. Needs Clang 22 .
4
530
Yoav Alon retweeted
Armin Ronacher ⇌
@mitsuhiko
8 Aug 2025
Recorded some updated thoughts on agentic coding tools if someone is curious.
34:52
15
86
754
44,824
Yoav Alon retweeted
Rob Zolkos
@robzolkos
2 Aug 2025
Replying to @badlogicgames
"includeCoAuthoredBy": false In ~/.claude/settings.json
1
3
34
2,444
Yoav Alon retweeted
Bryan Cantrill@bcantrill
30 Jul 2025
Our $100M Series B oxide.computer/blog/our-100m…

Our $100M Series B | Oxide Computer Company

Raising our Series B round of financing

oxide.computer
61
32
982
148,838
Yoav Alon@yoavalon
17 Jul 2025
🔍 Calling all **#CloudSecurity** Researchers! 🛡️ Lead Cloud Runtime Sec Eng @orcasec 🇵🇱 Hybrid (Poland/Warsaw) 🎯 Build & Research runtime engine (Go/C /eBPF/AI) 👉 onthespotdev.com/positions/c… #InfosecJobs #Hiring
1
296
Yoav Alon retweeted
Felix Geisendörfer@felixge
20 Dec 2024
🔭🐶 Exciting news: @datadoghq has announced our intend on donating our new Go auto-instrumentation framework to @opentelemetry.
Felix Geisendörfer@felixge
6 Dec 2024
Manually instrumenting Go applications for observability has always been a time-consuming challenge. Solutions based on binary patching and eBPF have attempted to solve this, but they often come with undesirable tradeoffs. That’s why we built Orchestrion … 🧵
4
19
109
12,493
Yoav Alon retweeted
Ivan Fratric 💙💛@ifsecure
15 Nov 2024
Domato Lives! Today, we merged a WebGPU fuzzer written by @btiszka who used it to find several serious bugs in Chrome. Check it out at github.com/googleprojectzero…. Potentially also interesting for other browser vendors working on their own WebGPU implementation ;)
29
97
11,364
Yoav Alon@yoavalon
17 Sep 2024
🇵🇱 Polish Security Experts! 🛡️ We're hiring a Security Researcher for our R&D team. Work with cutting-edge tech (eBPF, Linux, K8s, Malware analysis) to fight cybercrime! join.onthespotdev.com/runtim… RTs appreciated for reach! 🙏 #CloudSecurity #CybersecJobs #PolishTech

2
3
16
1,657
Yoav Alon retweeted
Snyk
@snyksec
11 Sep 2024
Snyk 🤝 @orcasec Together, we're revolutionizing DevSecOps. 💪 Learn how our strategic partnership provides unparalleled visibility into risks throughout the entire app lifecycle - from dev to runtime. #AppSec #CloudSec snyk.co/uhrWl

Snyk and Orca Security Forge Strategic Partnership Strengthening Holistic Application Security |...

Integration Between Developer-First ASPM and CNAPP Leaders Deepens AppSec and CloudSec Collaboration

snyk.io
2
4
822
Yoav Alon retweeted
Justin Elze
@HackingLZ
16 Aug 2024
This was useful github.com/cxiao/rust-revers…
7
61
265
23,907
Yoav Alon retweeted
Ido Frizler
@idofrizler
27 Jul 2024
עכשיו במהדורת RGB מיוחדת עם 16,777,216 עמודים: פיל עם קרחת, את השיער לא חופף. חלמתי על פיל בצבע #A8E04F
19
12
441
20,200
Yoav Alon retweeted
Tal Be'ery
@TalBeerySec
25 Jul 2024
1/ A world first reverse engineering analysis of AWS Session Tokens. Prior to our research these tokens were a complete black box. Today, we are making it more of a glass box, by sharing code and tools to analyze and modify AWS Session Tokens. medium.com/@TalBeerySec/reve…

Revealing the Inner Structure of AWS Session Tokens

TL;DR: A world first reverse engineering analysis of AWS Session Tokens. Prior to our research these tokens were a complete black box…

medium.com
4
152
439
57,866
Load more