Julien Lancia
@julienlancia.bsky.social
Embedded security, vulnerability researcher
Reposted by Julien Lancia
How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia:
techcrunch.com/2025/11/03/h...
#exploit #exploitation #zeroday #infosec #informationsecurity #cybersecurity
techcrunch.com/2025/11/03/h...
#exploit #exploitation #zeroday #infosec #informationsecurity #cybersecurity
How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia | TechCrunch
Peter Williams sold eight exploits to a Russian zero-day broker by smuggling them from his employer’s highly secured air-gapped network. A court document, plus exclusive reporting by TechCrunch and in...
techcrunch.com
November 4, 2025 at 9:16 PM
How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia:
techcrunch.com/2025/11/03/h...
#exploit #exploitation #zeroday #infosec #informationsecurity #cybersecurity
techcrunch.com/2025/11/03/h...
#exploit #exploitation #zeroday #infosec #informationsecurity #cybersecurity
Reposted by Julien Lancia
Cyber Resilience Act: Overview for affected companies www.taylorwessing.com/en/insights-...
The Cyber Resilience Act – EU-Wide Requirements for the Cybersecurity of Products
www.taylorwessing.com
November 4, 2025 at 9:21 AM
Cyber Resilience Act: Overview for affected companies www.taylorwessing.com/en/insights-...
Reposted by Julien Lancia
aischolar.0x434b.dev Pretty cool project by @434b.bsky.social: A neat web interface to explore security (and in particular: Fuzzing) papers with AI summaries. Seems super useful to get/stay up to date with recent papers :)
AIScholar - Paper Database
aischolar.0x434b.dev
February 4, 2025 at 3:29 PM
aischolar.0x434b.dev Pretty cool project by @434b.bsky.social: A neat web interface to explore security (and in particular: Fuzzing) papers with AI summaries. Seems super useful to get/stay up to date with recent papers :)
Reposted by Julien Lancia
OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically thehackernews.com/2025/10/open...
OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically
OpenAI’s GPT-5 Aardvark scans, exploits, and patches software flaws autonomously—marking a leap in AI-driven cybersecurity.
thehackernews.com
November 2, 2025 at 9:42 AM
OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically thehackernews.com/2025/10/open...
Reposted by Julien Lancia
Making USB devices - end to end guide to your first gadget
popovicu.com/posts/making...
#programming #hardware #linux #blog
popovicu.com/posts/making...
#programming #hardware #linux #blog
Making USB devices - end to end guide to your first gadget
Introduction to implementing USB devices. Minimal overview of hardware and software with an example with STM32 microcontroller. Also contains an index to very detailed guides for more information.
popovicu.com
October 30, 2025 at 7:47 PM
Making USB devices - end to end guide to your first gadget
popovicu.com/posts/making...
#programming #hardware #linux #blog
popovicu.com/posts/making...
#programming #hardware #linux #blog
Reposted by Julien Lancia
Following their presentation at @hexacon.bsky.social, @mtalbi.bsky.social & Etienne detail how they exploited CVE-2023-40129, a critical vulnerability affecting the Bluetooth stack in Android ⬇️
www.synacktiv.com/en/publicati...
www.synacktiv.com/en/publicati...
Paint it blue: Attacking the bluetooth stack
Paint it blue: Attacking the bluetooth stack
www.synacktiv.com
October 27, 2025 at 4:02 PM
Following their presentation at @hexacon.bsky.social, @mtalbi.bsky.social & Etienne detail how they exploited CVE-2023-40129, a critical vulnerability affecting the Bluetooth stack in Android ⬇️
www.synacktiv.com/en/publicati...
www.synacktiv.com/en/publicati...
Reposted by Julien Lancia
Les pauvres milliardaires français surtaxés
October 12, 2025 at 8:03 AM
Les pauvres milliardaires français surtaxés
Reposted by Julien Lancia
Fault injection for secure boot bypass and secret extraction targeting RP2350
www.usenix.org/system/files...
#infosec
www.usenix.org/system/files...
#infosec
October 12, 2025 at 11:59 AM
Fault injection for secure boot bypass and secret extraction targeting RP2350
www.usenix.org/system/files...
#infosec
www.usenix.org/system/files...
#infosec
Reposted by Julien Lancia
Finding a buggy driver is one thing, abusing it is another🧠
In his latest blog post, Luis Casvella shows you how BYOVD can be used as a Reflective Rootkit Loader ! 🚀
➡️ blog.quarkslab.com/exploiting-l...
In his latest blog post, Luis Casvella shows you how BYOVD can be used as a Reflective Rootkit Loader ! 🚀
➡️ blog.quarkslab.com/exploiting-l...
October 9, 2025 at 4:22 PM
Finding a buggy driver is one thing, abusing it is another🧠
In his latest blog post, Luis Casvella shows you how BYOVD can be used as a Reflective Rootkit Loader ! 🚀
➡️ blog.quarkslab.com/exploiting-l...
In his latest blog post, Luis Casvella shows you how BYOVD can be used as a Reflective Rootkit Loader ! 🚀
➡️ blog.quarkslab.com/exploiting-l...
Reposted by Julien Lancia
We have made Francesco Pollicino's "Fuzzing 1001: Introductory Fuzzing" class playlist public here: www.youtube.com/playlist?lis... for those who'd like to download the videos for offline consumption.
Fuzzing 1001: Introductory Fuzzing - YouTube
View the full free MOOC at https://ost2.fyi/Fuzz1001. This hands-on fuzzing course introduces a software-testing technique for finding security vulnerabiliti...
www.youtube.com
October 10, 2025 at 11:53 AM
We have made Francesco Pollicino's "Fuzzing 1001: Introductory Fuzzing" class playlist public here: www.youtube.com/playlist?lis... for those who'd like to download the videos for offline consumption.
Reposted by Julien Lancia
Exploiting a libANGLE offset integer underflow read the Chrome WebGPU heap
qriousec.github.io/post/oob-angle
#infosec
qriousec.github.io/post/oob-angle
#infosec
October 5, 2025 at 11:25 AM
Exploiting a libANGLE offset integer underflow read the Chrome WebGPU heap
qriousec.github.io/post/oob-angle
#infosec
qriousec.github.io/post/oob-angle
#infosec
Reposted by Julien Lancia
Updated syzkaller documentation on USB fuzzing to explain how to handle certain tricky cases (e.g. driver quirks applied based on Vendor/Product IDs).
github.com/google/syzka...
github.com/google/syzka...
docs: update USB documentation · google/syzkaller@e2beed9
github.com
September 23, 2025 at 1:56 PM
Updated syzkaller documentation on USB fuzzing to explain how to handle certain tricky cases (e.g. driver quirks applied based on Vendor/Product IDs).
github.com/google/syzka...
github.com/google/syzka...
Reposted by Julien Lancia
Hosting a Website on a Disposable Vape
Hosting a Website on a Disposable Vape
For the past years people have been collecting disposable vapes primarily for their lithium-ion batteries, but as these disposable vapes have begun to incorporate more elaborate electronics, these too have …read more
hackaday.com
September 15, 2025 at 8:30 PM
Hosting a Website on a Disposable Vape
Reposted by Julien Lancia
Strategies for Analyzing Native Code in Android Applications: Combining Ghidra and Symbolic…
Strategies for Analyzing Native Code in Android Applications: Combining Ghidra and Symbolic…
revflash.medium.com
September 15, 2025 at 1:24 AM
Strategies for Analyzing Native Code in Android Applications: Combining Ghidra and Symbolic…
Reposted by Julien Lancia
🚨 Time to reveal our first-class lineup for HEXACON 2025! ✨
A few training spots are still available if you want to join the party! 🎉
Unfortunately, trainings + conference packs are sold out
www.hexacon.fr/conference/s...
A few training spots are still available if you want to join the party! 🎉
Unfortunately, trainings + conference packs are sold out
www.hexacon.fr/conference/s...
Hexacon - Conference – Speakers
Discover the accepted talks for this edition!
www.hexacon.fr
September 12, 2025 at 9:12 AM
🚨 Time to reveal our first-class lineup for HEXACON 2025! ✨
A few training spots are still available if you want to join the party! 🎉
Unfortunately, trainings + conference packs are sold out
www.hexacon.fr/conference/s...
A few training spots are still available if you want to join the party! 🎉
Unfortunately, trainings + conference packs are sold out
www.hexacon.fr/conference/s...
Reposted by Julien Lancia
« il semble difficile de demander des efforts à quelque catégorie sociale que ce soit avant de s’être assuré que les plus fortunés ne se soustraient pas à l’impôt »
Eh oui c’est la base… 🤷♂️
www.lemonde.fr/idees/articl...
Eh oui c’est la base… 🤷♂️
www.lemonde.fr/idees/articl...
« Avec l’impôt sur les ultrariches, la France peut montrer la voie au reste du monde » : le plaidoyer de sept Prix Nobel d’économie pour la taxe Zucman
TRIBUNE. A l’heure de la dérive des comptes publics et de l’explosion de l’extrême richesse, créer un impôt plancher sur les patrimoines des milliardaires devrait être une priorité, estiment des lauré...
www.lemonde.fr
July 7, 2025 at 10:59 PM
« il semble difficile de demander des efforts à quelque catégorie sociale que ce soit avant de s’être assuré que les plus fortunés ne se soustraient pas à l’impôt »
Eh oui c’est la base… 🤷♂️
www.lemonde.fr/idees/articl...
Eh oui c’est la base… 🤷♂️
www.lemonde.fr/idees/articl...
Reposted by Julien Lancia
Holy shit, I hadn't even thought of this!
asia.nikkei.com/Business/Tec...
You hide AI prompts in your paper that tell AI reviewers to say positive stuff (presumably both for public reviews and private analysis)
I wonder if Amazon sellers are already doing this?
asia.nikkei.com/Business/Tec...
You hide AI prompts in your paper that tell AI reviewers to say positive stuff (presumably both for public reviews and private analysis)
I wonder if Amazon sellers are already doing this?
'Positive review only': Researchers hide AI prompts in papers
Instructions in preprints from 14 universities highlight controversy on AI in peer review
asia.nikkei.com
July 6, 2025 at 11:35 AM
Holy shit, I hadn't even thought of this!
asia.nikkei.com/Business/Tec...
You hide AI prompts in your paper that tell AI reviewers to say positive stuff (presumably both for public reviews and private analysis)
I wonder if Amazon sellers are already doing this?
asia.nikkei.com/Business/Tec...
You hide AI prompts in your paper that tell AI reviewers to say positive stuff (presumably both for public reviews and private analysis)
I wonder if Amazon sellers are already doing this?
Reposted by Julien Lancia
July 6, 2025 at 11:20 AM
Reposted by Julien Lancia
Intro to Linux kernel fuzzing and vulnerability research
Part 1: slavamoskvin.com/hunting-bugs...
Part 2: slavamoskvin.com/finding-bugs...
Part 3: slavamoskvin.com/finding-bugs...
#Linux #infosec
Part 1: slavamoskvin.com/hunting-bugs...
Part 2: slavamoskvin.com/finding-bugs...
Part 3: slavamoskvin.com/finding-bugs...
#Linux #infosec
February 23, 2025 at 10:27 PM
Intro to Linux kernel fuzzing and vulnerability research
Part 1: slavamoskvin.com/hunting-bugs...
Part 2: slavamoskvin.com/finding-bugs...
Part 3: slavamoskvin.com/finding-bugs...
#Linux #infosec
Part 1: slavamoskvin.com/hunting-bugs...
Part 2: slavamoskvin.com/finding-bugs...
Part 3: slavamoskvin.com/finding-bugs...
#Linux #infosec
Reposted by Julien Lancia
Everyday Ghidra: Symbols — Prescription Lenses for Reverse Engineers — Part 1 : medium.com/@clearblueja...
Ghidra Data Types— When to Create Custom GDTs — Part 1 : medium.com/@clearblueja...
Creating Custom GDTs From Windows Headers — Part 2 : medium.com/@clearblueja...
Ghidra Data Types— When to Create Custom GDTs — Part 1 : medium.com/@clearblueja...
Creating Custom GDTs From Windows Headers — Part 2 : medium.com/@clearblueja...
Everyday Ghidra: Symbols — Prescription Lenses for Reverse Engineers — Part 1
In reverse engineering a closed-source binary using Ghidra or other software reverse engineering frameworks, a key objective is to…
medium.com
February 21, 2025 at 10:38 AM
Everyday Ghidra: Symbols — Prescription Lenses for Reverse Engineers — Part 1 : medium.com/@clearblueja...
Ghidra Data Types— When to Create Custom GDTs — Part 1 : medium.com/@clearblueja...
Creating Custom GDTs From Windows Headers — Part 2 : medium.com/@clearblueja...
Ghidra Data Types— When to Create Custom GDTs — Part 1 : medium.com/@clearblueja...
Creating Custom GDTs From Windows Headers — Part 2 : medium.com/@clearblueja...
Reposted by Julien Lancia
TP-Link (Tapo) C210 V2 cloud camera: bootloader vulnerability and firmware decryption
watchfulip.github.io/28-12-24/tp-...
#embedded #infosec
watchfulip.github.io/28-12-24/tp-...
#embedded #infosec
February 15, 2025 at 12:49 PM
TP-Link (Tapo) C210 V2 cloud camera: bootloader vulnerability and firmware decryption
watchfulip.github.io/28-12-24/tp-...
#embedded #infosec
watchfulip.github.io/28-12-24/tp-...
#embedded #infosec
Reposted by Julien Lancia
Fault Injection – Looking for a Unicorn security.humanativaspa.it/fault-inject...
Fault Injection – Looking for a Unicorn - hn security
Intro In our previous article Fault […]
security.humanativaspa.it
February 11, 2025 at 8:10 AM
Fault Injection – Looking for a Unicorn security.humanativaspa.it/fault-inject...
Reposted by Julien Lancia
Reposted by Julien Lancia
Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack www.securityweek.com/apple-confir...
Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack
Cupertino’s security response team said the flaw was used in “an extremely sophisticated attack against specific targeted individuals.”
www.securityweek.com
February 11, 2025 at 8:14 AM
Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack www.securityweek.com/apple-confir...
Reposted by Julien Lancia
Good tools are made of bugs: How to monitor your Steam Deck with one byte.
Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming.
A Christmas gift in February, brought to you by the amazing Gwaby 🫶
blog.quarkslab.com/being-overlo...
Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming.
A Christmas gift in February, brought to you by the amazing Gwaby 🫶
blog.quarkslab.com/being-overlo...
February 11, 2025 at 5:40 PM
Good tools are made of bugs: How to monitor your Steam Deck with one byte.
Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming.
A Christmas gift in February, brought to you by the amazing Gwaby 🫶
blog.quarkslab.com/being-overlo...
Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming.
A Christmas gift in February, brought to you by the amazing Gwaby 🫶
blog.quarkslab.com/being-overlo...