Most security patch auditing tools look for known vulnerability patterns. They diff a commit, grep for dangerous functions, maybe flag things that look like what last year's CVEs looked like. That works for the obvious stuff. It doesn't work for the commit that says "no behavior change" and silently fixes …

This is the schema spec referenced in How I Audit Security Patches with an AI Pipeline. It defines the SOUNDNESS_CLAIMS format, the empirical proof requirement, and the adjacent-unpatched rule.

SOUNDNESS_CLAIMS Format

Each claim is a falsifiable hypothesis about a specific attack vector. Required fields:

F(x):          The trigger - exact JS …

I have been pretty facinated with type promotion bugs in the recent months. Why? Because I love when there is some crazy mixed data types with arithmetic. Something about math (in)correctly implemented always makes me geek out. For those not familiar with Type promotion, it's when data type values …

Distracted..

This post is more about a side quest, as I was a bit distracted awaiting some responses on some UAF and Format string vulnerabilities submitted to a couple bug bounty programs.

In order to keep momentum going and my thirst for knowledge well fed with regards to vulnerability discovery …

Introduction to My Chronicles

If you've been keeping up with my adventures, you know I've dived back into low-level vulnerability discovery and research. Recently, I took some time to refresh my understanding of low-level code (assembly) and architecture review, particularly of ARM systems. Given that most systems I work on …