Linux/macOS: curl --proto '=https' --tlsv1.2 -sSfL https://sh.vulhunt.re | sh Windows: irm https://ps.vulhunt.re | iex
Our aim is to build a community and ecosystem around VulHunt to provide a comprehensive toolkit and rule collection that aids researchers and practitioners performing any kind of binary analysis. Give it a try!
VulHunt is the culmination of 4 years of R&D with a goal to scale vulnerability detection in binaries. While the foundation is built on tried and true static analysis techniques, weβve embraced the AI era and expose VulHuntβs capabilities to agents and tools via MCP and skills.
We @binarly.bsky.social just open-sourced our VulHunt framework at RE//verse!
GitHub: github.com/vulhunt-re/v...
Documentation: vulhunt.re/docs
Slack: join.slack.com/t/vulhunt/sh...
vulhunt.re
I'm pleased to announce a new release of the Rust bindings for
@hex-rays.bsky.social IDA SDK! This release includes v9.3 compatibility.
Code: git.idalib.rs
Docs: docs.idalib.rs
Thank you to @yeggor.bsky.social who contributed to this release, and to @hex-rays.bsky.social for their support.
We conducted the first public third-party security assessment of EVerest, an open-source firmware stack for electric vehicle charging stations, deployed in hundreds of thousands of charging points worldwide.
The audit was mandated by @ostifofficial.bsky.social π
blog.quarkslab.com/everest-secu...
Created a single binary headless IDA MCP server in Rust using the awesome idalib by @binarly.bsky.social π¦π©βπ¬
It adds tool discovery to not pollute your context (before @claudeai fixed it on their side π)
github.com/blacktop/ida...
Rust bindings for Apple's on-device LLM just dropped π¦π
fm-rs lets you use Apple Intelligence from Rust - streaming, tool calling, structured output, all running locally
https://github.com/blacktop/fm-rs
π¨ Blog Post: ""Idioms: A Simple and Effective Framework for Turbo-Charging Local Neural Decompilation with Well-Define... https://edmcman.github.io/blog/2026-01-15--idioms-a-simple-and-effective-framework-for-turbo-charging-local-neural-decompilation-with-well-defined-types-accepted-to-ndss-2026/
πIn case you missed it...
IDA Domain API.
This new open-source Python API is designed to make scripting in IDA simpler, more consistent, and more natural.
Check out the key features, code examples, documentation and more:
ida-domain.docs.hex-rays.com
Talk Tomorrow: "Scalable Static Analysis and High-Performance Logic Programming" (github.com/kmicinski/mi...)
π’ The Hex-Rays IDA Plugin Contest is open!
We've updated the submission process, added more prizes, and IDA Free users can now enter to win.
π
Submissions close: January 15, 2026
Get the full update here: hex-rays.com/plugin-contest
Good luck!
π¨ EURECOM is recruiting a PhD student (and master-level interns) on verification and testing at the hardware-software boundary
π Amazing location between sea & mountain
π‘ 3-year position
π International environment (no French required!)
You're a curious and motivated student? Reach out!
I'm happy to share that LIEF 0.17.0 is out: lief.re/blog/2025-09...
I'm pleased to announce a new release of the Rust bindings for
@hex-rays.bsky.social IDA SDK! This release includes v9.2 compatibility, and a number of new features and fixes.
Code: git.idalib.rs
Thank you to our contributors: @withzombies.bsky.social Cole Leavitt Irate-Walrus @yeggor.bsky.social
This looks like a cool way to declaratively orchestrate data processing: snakemake.github.io
How haven't I heard of this before?
At USENIX Security? Then check out:
Studying the Use of CVEs in Academia, won distinguished paper award www.usenix.org/conference/u...
Discovering and Exploiting Vulnerable Tunnelling Hosts, won most innovative research Pwnie @ DEFCON www.usenix.org/conference/u...
Big thanks to all co-authors!!
vx-underground Black Mass Volume III zine print edition, cover
Article βEFI Byte Code Virtual Machine, A Monster Emergesβ in vx-underground Black Mass Volume III zine print edition
seeing my @vxundergroundre.bsky.social Black Mass article βEFI Byte Code Virtual Machine - A Monster Emergesβ in the print copy of vol III at long last has me verklempt.
All the blood,sweat+tears that I poured into writing the first UEFI EBC virus were v worth it. π€
My GitHub contribution graph for the past year
Today Iβm celebrating one year of #Rust! π¦
I started learning it last summer, and since then, Iβve pretty much stopped programming in any other language. Over the past year, Iβve gone from playing with the basics to building some (hopefully π) useful [β¦]
[Original post on infosec.exchange]
I'm pleased to announce a new version of the Rust bindings for IDA Pro! With:
- Improved strings, metadata, and core APIs.
- Support for the names API.
Thank you to @raptor.infosec.exchange.ap.brid.gy & Willi Ballenthin for contributing!
Docs: idalib.rs
Code: git.idalib.rs
Our research on open tunneling servers got nominated for the Most Innovative Research award :)
The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security
Brief summary and code: github.com/vanhoefm/tun...
Paper: papers.mathyvanhoef.com/usenix2025-t...
CTADL - a Datalog-based interprocedural static taint analysis engine for Java/Android bytecode (via JADX) and Pcode (via Ghidra)
Code: github.com/sandialabs/c...
Talk (via @krismicinski.bsky.social): youtu.be/3ec9VfMUVa8?...
May 25-27, 2025, I hosted an event, the "Minnowbrook Logic Programming Seminar," in Blue Mountain Lake, NY. I recorded 11 talks on Datalog-related interests, totaling over 9+ hours of video, which I have just now published on YouTube youtu.be/3ec9VfMUVa8
Exploring fault injection on ESP32 V3!
Inspired by Delvaux work, we tested voltage #glitching as an attack vector. With advanced triggers & GDB, we achieved a ~1.5% success rate. #Hardware #FaultInjection is becoming more practical! [β¦]
π¨ Blog Post: ""A Human Study of Automatically Generated Decompiler Annotations" Published at DSN 2025" https://edmcman.github.io/blog/2025-06-16--a-human-study-of-automatically-generated-decompiler-annotations-published-at-dsn-2025/
placard saying protesting is our human right, with split image showing Westminister in the background
ONLY 5 DAYS LEFT
π¨ The Crime and Policing Bill is in the House of Commons on Tuesday 17.06.
We have 5 days left to email MPs to act.
MPs right now have the power to protect our protest rights.
We canβt let them ignore us.
π Take action: www.amnesty.org.uk/actions/emai...
Another Crack in the Chain of Trust: Uncovering (Yet Another) #SecureBoot Bypass
https://www.binarly.io/blog/another-crack-in-the-chain-of-trust
#Hydroph0bia (CVE-2025-4275) - a trivial #SecureBoot bypass for UEFI-compatible firmware based on Insyde #H2O, part 1
https://coderush.me/hydroph0bia-part1/
My greatest achievement so far in the #rust ecosystem: the βsecurityβ category in crates.io is gaining traction π
https://crates.io/search?q=category%3Asecurity&sort=downloads
