Laurent Clévy
@lorenzo2472.bsky.social
Reverse engineering, files formats and crypto.
https://github.com/lclevy
https://github.com/lclevy
Pinned
Laurent Clévy
@lorenzo2472.bsky.social
· Nov 22
Curious about cryptography of archive formats zip, rar and 7zip ? github.com/lclevy/unarc...
Reposted by Laurent Clévy
less known way to calculate sha256 of files on Windows
disksnapshot -c -k -v c:\test
will print out file info including sha256 for every file in the directory
disksnapshot -c -k -v c:\test
will print out file info including sha256 for every file in the directory
November 14, 2025 at 7:35 PM
less known way to calculate sha256 of files on Windows
disksnapshot -c -k -v c:\test
will print out file info including sha256 for every file in the directory
disksnapshot -c -k -v c:\test
will print out file info including sha256 for every file in the directory
Reposted by Laurent Clévy
Periodic call for volunteers: We're looking for classes on Apple ecosystem security. E.g. OS internals, binary formats, malware analysis, vulnerability hunting, etc. If you're interested in sharing what you know, reach out at teach🌀ost2.fyi
November 14, 2025 at 1:37 PM
Periodic call for volunteers: We're looking for classes on Apple ecosystem security. E.g. OS internals, binary formats, malware analysis, vulnerability hunting, etc. If you're interested in sharing what you know, reach out at teach🌀ost2.fyi
Reposted by Laurent Clévy
Squeeeee 🥳 I'll be teaching my Advanced Linux Malware Reverse Engineering class at RE//verse conference in 2026!! MORE Linux APT insides and peculiarities😍🥰🤩Pls share if you can🙃
shop.binary.ninja/products/re-...
shop.binary.ninja/products/re-...
RE//verse 2026 Training - Advanced Linux Malware Reverse Engineering with Marion Marschalek
This fast-paced 3-day training explores Linux internals and Linux binary analysis techniques, before jumping right in with common Linux malware. Work through advanced samples, Linux software protectio...
shop.binary.ninja
November 12, 2025 at 6:59 PM
Squeeeee 🥳 I'll be teaching my Advanced Linux Malware Reverse Engineering class at RE//verse conference in 2026!! MORE Linux APT insides and peculiarities😍🥰🤩Pls share if you can🙃
shop.binary.ninja/products/re-...
shop.binary.ninja/products/re-...
Reposted by Laurent Clévy
Check out how Billy Ellis dives into 1-click iOS browser exploits, walking through CVE-2020-9802, a JIT bug.
Great step-by-step explanation of how WebKit and JavaScriptCore vulnerabilities are exploited.
Great step-by-step explanation of how WebKit and JavaScriptCore vulnerabilities are exploited.
How 1-Click Can Hack Your iPhone
YouTube video by Billy Ellis
youtu.be
November 12, 2025 at 9:32 PM
Check out how Billy Ellis dives into 1-click iOS browser exploits, walking through CVE-2020-9802, a JIT bug.
Great step-by-step explanation of how WebKit and JavaScriptCore vulnerabilities are exploited.
Great step-by-step explanation of how WebKit and JavaScriptCore vulnerabilities are exploited.
Reposted by Laurent Clévy
Mojo GPU Puzzles:
puzzles.modular.com/introduction...
#crypto #gpu #python #infosec #informationsecurity #programming
puzzles.modular.com/introduction...
#crypto #gpu #python #infosec #informationsecurity #programming
November 11, 2025 at 8:16 PM
Reposted by Laurent Clévy
I wanted to understand what information is available in .pdb files, so I made a tool for it 🔎🐛
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
November 10, 2025 at 9:04 PM
I wanted to understand what information is available in .pdb files, so I made a tool for it 🔎🐛
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
Reposted by Laurent Clévy
Revision is a non-profit event; however, that does not make us non-cost. Do you want to help us in realising one of the biggest participatory programming art events? Then we'd be excited to have you!
[email protected]
#digitalart #programming #culture #sponsoring #demoscene #floss
[email protected]
#digitalart #programming #culture #sponsoring #demoscene #floss
November 10, 2025 at 8:59 PM
Revision is a non-profit event; however, that does not make us non-cost. Do you want to help us in realising one of the biggest participatory programming art events? Then we'd be excited to have you!
[email protected]
#digitalart #programming #culture #sponsoring #demoscene #floss
[email protected]
#digitalart #programming #culture #sponsoring #demoscene #floss
Reposted by Laurent Clévy
Le 16 novembre je serai au @capitoledulibre.org à Toulouse.
Une belle occasion de retrouver la communauté du libre et de parler bidouille & créativité.
Je présenterai LaserMagic (lasermagic.ci-yow.com) un logiciel **libre** de gravure et découpe laser.
Une belle occasion de retrouver la communauté du libre et de parler bidouille & créativité.
Je présenterai LaserMagic (lasermagic.ci-yow.com) un logiciel **libre** de gravure et découpe laser.
Documentation
lasermagic.ci-yow.com
November 10, 2025 at 10:23 PM
Le 16 novembre je serai au @capitoledulibre.org à Toulouse.
Une belle occasion de retrouver la communauté du libre et de parler bidouille & créativité.
Je présenterai LaserMagic (lasermagic.ci-yow.com) un logiciel **libre** de gravure et découpe laser.
Une belle occasion de retrouver la communauté du libre et de parler bidouille & créativité.
Je présenterai LaserMagic (lasermagic.ci-yow.com) un logiciel **libre** de gravure et découpe laser.
Reposted by Laurent Clévy
🧵⬇️Low level security timeline update!⬆️ 2025-11-09 Part 1
After over a year, I've finally updated the Low Level PC/Server Attack & Defense Timeline! darkmentor.com/timeline.html The 2025 talks are in this thread, and pre-2025 will be next time.
👇
After over a year, I've finally updated the Low Level PC/Server Attack & Defense Timeline! darkmentor.com/timeline.html The 2025 talks are in this thread, and pre-2025 will be next time.
👇
Low Level PC/Server Attack & Defense Timeline — By @XenoKovah of @DarkMentorLLC
darkmentor.com
November 10, 2025 at 11:28 AM
🧵⬇️Low level security timeline update!⬆️ 2025-11-09 Part 1
After over a year, I've finally updated the Low Level PC/Server Attack & Defense Timeline! darkmentor.com/timeline.html The 2025 talks are in this thread, and pre-2025 will be next time.
👇
After over a year, I've finally updated the Low Level PC/Server Attack & Defense Timeline! darkmentor.com/timeline.html The 2025 talks are in this thread, and pre-2025 will be next time.
👇
Reposted by Laurent Clévy
We presented “Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform” at the excellent @UYBHYS
#cve #vulnerability #opensource #vulnerabilitymanagement #cybersecurity
🔗 https://www.vulnerability-lookup.org/2025/11/08/unlock-your-brain-2025/
#cve #vulnerability #opensource #vulnerabilitymanagement #cybersecurity
🔗 https://www.vulnerability-lookup.org/2025/11/08/unlock-your-brain-2025/
Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform at Unlock Your Bain conference
Slides: Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform We presented “Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform” at the excellent Unlock Your Brain conference. A well-organised and welcoming event, Unlock Your Brain brings together a great mix of researchers, practitioners, and open-source enthusiasts—making it a perfect place to exchange ideas on vulnerability tracking and disclosure. Download the slides: https://www.vulnerability-lookup.org/files/events/2025/presentation-unlockyourbrain.pdf
www.vulnerability-lookup.org
November 8, 2025 at 2:25 PM
We presented “Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform” at the excellent @UYBHYS
#cve #vulnerability #opensource #vulnerabilitymanagement #cybersecurity
🔗 https://www.vulnerability-lookup.org/2025/11/08/unlock-your-brain-2025/
#cve #vulnerability #opensource #vulnerabilitymanagement #cybersecurity
🔗 https://www.vulnerability-lookup.org/2025/11/08/unlock-your-brain-2025/
Reposted by Laurent Clévy
Développement d'un antivenin à large spectre, utilisant des anticorps de lama et d'alpaga, capable de se lier aux toxines nécrosantes et de neutraliser, chez les souris, le venin de 17 espèces de serpents d'Afrique subsaharienne, dont des cobras et des mambas.
www.nature.com/articles/s41...
www.nature.com/articles/s41...
November 8, 2025 at 9:05 AM
Développement d'un antivenin à large spectre, utilisant des anticorps de lama et d'alpaga, capable de se lier aux toxines nécrosantes et de neutraliser, chez les souris, le venin de 17 espèces de serpents d'Afrique subsaharienne, dont des cobras et des mambas.
www.nature.com/articles/s41...
www.nature.com/articles/s41...
Reposted by Laurent Clévy
S.A.R.C.A.S.M: Slightly Annoying Rubik's Cube Automatic Solving Machine - A 3D-printed, Teensy-powered Robot that scans and solves a Rubik’s Cube #3DPrint #Robot #DIY github.com/vindar/SARCASM
November 7, 2025 at 8:10 PM
S.A.R.C.A.S.M: Slightly Annoying Rubik's Cube Automatic Solving Machine - A 3D-printed, Teensy-powered Robot that scans and solves a Rubik’s Cube #3DPrint #Robot #DIY github.com/vindar/SARCASM
Reposted by Laurent Clévy
September/October updates · xairy/linux-kernel-exploitation@b26cc4a
github.com
November 6, 2025 at 7:58 PM
Reposted by Laurent Clévy
Keccak powers SHA-3, KMAC and many post-quantum algorithms, but how does it behave under side-channel analysis?
🔗 Register here: u.eshard.com/wcUfh
Second session: u.eshard.com/4hGSQ
#webinar #pqc #nistsecurity
🔗 Register here: u.eshard.com/wcUfh
Second session: u.eshard.com/4hGSQ
#webinar #pqc #nistsecurity
November 3, 2025 at 5:20 PM
Keccak powers SHA-3, KMAC and many post-quantum algorithms, but how does it behave under side-channel analysis?
🔗 Register here: u.eshard.com/wcUfh
Second session: u.eshard.com/4hGSQ
#webinar #pqc #nistsecurity
🔗 Register here: u.eshard.com/wcUfh
Second session: u.eshard.com/4hGSQ
#webinar #pqc #nistsecurity
Reposted by Laurent Clévy
SAVE THE DATE!
The organisation of the #pts26 edition is starting 😎
📣 Info we can already share are:
- 🗓️ Tuesday June 30 to Thursday July 2, 2026 ✅
- 📍as asked in your feedback answers, we will be again at Université Catholique de Lille 🎉
Website & more are coming soon! 😘
The organisation of the #pts26 edition is starting 😎
📣 Info we can already share are:
- 🗓️ Tuesday June 30 to Thursday July 2, 2026 ✅
- 📍as asked in your feedback answers, we will be again at Université Catholique de Lille 🎉
Website & more are coming soon! 😘
November 3, 2025 at 6:27 PM
SAVE THE DATE!
The organisation of the #pts26 edition is starting 😎
📣 Info we can already share are:
- 🗓️ Tuesday June 30 to Thursday July 2, 2026 ✅
- 📍as asked in your feedback answers, we will be again at Université Catholique de Lille 🎉
Website & more are coming soon! 😘
The organisation of the #pts26 edition is starting 😎
📣 Info we can already share are:
- 🗓️ Tuesday June 30 to Thursday July 2, 2026 ✅
- 📍as asked in your feedback answers, we will be again at Université Catholique de Lille 🎉
Website & more are coming soon! 😘
Reposted by Laurent Clévy
#UYBHYS [Samedi 8/11 13h45] CONFÉRENCE de David Le Goff (CERT Aviation) :
Construire son CERT mobile pour une CTI adaptée !
unlockyourbrain.bzh/conferences/
#UYBHYS25
Construire son CERT mobile pour une CTI adaptée !
unlockyourbrain.bzh/conferences/
#UYBHYS25
October 9, 2025 at 10:52 AM
#UYBHYS [Samedi 8/11 13h45] CONFÉRENCE de David Le Goff (CERT Aviation) :
Construire son CERT mobile pour une CTI adaptée !
unlockyourbrain.bzh/conferences/
#UYBHYS25
Construire son CERT mobile pour une CTI adaptée !
unlockyourbrain.bzh/conferences/
#UYBHYS25
Reposted by Laurent Clévy
Decompress DEFLATE using only HTML5 Canvas retr0.id/stuff/canvas...
November 2, 2025 at 9:30 PM
Decompress DEFLATE using only HTML5 Canvas retr0.id/stuff/canvas...
Reposted by Laurent Clévy
Articles worth reading discovered last week: Passports, WIFI and AI-SAST!
🛂 blog.trailofbits.com/2025/10/31/t...
🛜 pulsesecurity.co.nz/articles/byp...
🧠 parsiya.net/blog/wtf-is-...
🛂 blog.trailofbits.com/2025/10/31/t...
🛜 pulsesecurity.co.nz/articles/byp...
🧠 parsiya.net/blog/wtf-is-...
The cryptography behind electronic passports
This blog post describes how electronic passports work, the threats within their threat model, and how they protect against those threats using cryptography. It also discusses the implications of usin...
blog.trailofbits.com
November 2, 2025 at 10:51 PM
Articles worth reading discovered last week: Passports, WIFI and AI-SAST!
🛂 blog.trailofbits.com/2025/10/31/t...
🛜 pulsesecurity.co.nz/articles/byp...
🧠 parsiya.net/blog/wtf-is-...
🛂 blog.trailofbits.com/2025/10/31/t...
🛜 pulsesecurity.co.nz/articles/byp...
🧠 parsiya.net/blog/wtf-is-...
Reposted by Laurent Clévy
Un vrai pentest dans les règles, ce n'est as dans la série Mr Robot qu'on a trouvé cet exemple mais dans Better call Saul (s04e01) www.youtube.com/watch?v=bADb...
Mike conducts a physical pentest (annotated)
YouTube video by Ryan Jonker Cybersecurity
www.youtube.com
November 2, 2025 at 9:52 AM
Un vrai pentest dans les règles, ce n'est as dans la série Mr Robot qu'on a trouvé cet exemple mais dans Better call Saul (s04e01) www.youtube.com/watch?v=bADb...
Proofpoint releases innovative detections for threat hunting: PDF Object Hashing
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
Proofpoint releases innovative detections for threat hunting: PDF Object Hashing | Proofpoint US
Key findings Proofpoint created a new open-source tool for creating threat detection rules based on unique characteristics in PDFs called “PDF Object Hashing”. This technique can
www.proofpoint.com
November 1, 2025 at 8:39 PM
Reposted by Laurent Clévy
Seattle, @blackhoodie.bsky.social is coming to town! Thanks to IOActive we're hosting 2 days of trainings for women by women on Nov 14 & 15, brought to you by @barbieauglend.bsky.social Bhavna Supriya and Hanne! blackhoodie.re/Seattle2025/
October 30, 2025 at 11:37 PM
Seattle, @blackhoodie.bsky.social is coming to town! Thanks to IOActive we're hosting 2 days of trainings for women by women on Nov 14 & 15, brought to you by @barbieauglend.bsky.social Bhavna Supriya and Hanne! blackhoodie.re/Seattle2025/
Reposted by Laurent Clévy
Understanding Docker Internals: Building a minimal Container Runtime with Python on Linux using Namespaces, Control Groups and Filesystem Isolation #Docker #Linux muhammadraza.me/2024/buildin...
Understanding Docker Internals: Building a Container Runtime in Python | Muhammad
Breaking down container technology by building a simple container runtime from scratch using Python and Linux primitives like namespaces and cgroups
muhammadraza.me
October 30, 2025 at 8:10 PM
Understanding Docker Internals: Building a minimal Container Runtime with Python on Linux using Namespaces, Control Groups and Filesystem Isolation #Docker #Linux muhammadraza.me/2024/buildin...
Reposted by Laurent Clévy
L'association @assomo5.bsky.social vient d'annoncer l'ouverture de son Musée du Jeu Vidéo début décembre à Arcueil (au sud de Paris).
Celles et ceux qui ont visité l'exposition Game Story à Versailles ont pu voir une avant-première de ce musée !
Celles et ceux qui ont visité l'exposition Game Story à Versailles ont pu voir une avant-première de ce musée !
October 30, 2025 at 7:48 PM
L'association @assomo5.bsky.social vient d'annoncer l'ouverture de son Musée du Jeu Vidéo début décembre à Arcueil (au sud de Paris).
Celles et ceux qui ont visité l'exposition Game Story à Versailles ont pu voir une avant-première de ce musée !
Celles et ceux qui ont visité l'exposition Game Story à Versailles ont pu voir une avant-première de ce musée !
Reposted by Laurent Clévy
You've seen the trends in AIxCC: LLMs can hack source, find vulns, and patch them. But what about on binaries without source? Do decompilers close the gap, or is there more to grow?
Come see my talk at DistrctCon where I merge and dissect these two fields: AI Hacking + Decomp.
Come see my talk at DistrctCon where I merge and dissect these two fields: AI Hacking + Decomp.
October 30, 2025 at 4:02 PM
You've seen the trends in AIxCC: LLMs can hack source, find vulns, and patch them. But what about on binaries without source? Do decompilers close the gap, or is there more to grow?
Come see my talk at DistrctCon where I merge and dissect these two fields: AI Hacking + Decomp.
Come see my talk at DistrctCon where I merge and dissect these two fields: AI Hacking + Decomp.