2OURC3 @2ourc3

2ourc3.com | @auditor_codes

bushido-sec.com/
Joined February 2021
Read my latest article: Introduction to root-cause analysis on Linux: 2ourc3.com/posts/post_0x04.h…
1
12
38
bushido-sec.com/index.php/20…

RESEARCH - 2025-43254 - Bushido Security

A security vulnerability has been identified in macOS's libmacho.dylib library. The bug allows an attacker to cause an out-of-bounds memory access through a specially crafted Mach-O fat binary file,...

bushido-sec.com
1
Hey fuzzer folks! Want to learn how to use LibAFL ? Check this super exercices made by @addisoncrump_vr github.com/addisoncrump/park…

GitHub - addisoncrump/parking-game-fuzzer: Learn to LibAFL with parking-game puzzles.

Learn to LibAFL with parking-game puzzles. Contribute to addisoncrump/parking-game-fuzzer development by creating an account on GitHub.

github.com
2
26
102
New bug I've reported: CVE-2025-52194 - IRCAM File Processing Buffer Overflow in LibSndfile Write-up: bushido-sec.com/index.php/20…
3
13
I'm quite happy to share that Apple have published a vulnerability I have reported. This vulnerability affects multiple MacOS versions and affects the program `file`. First bug in Apple product 🥳
6
2
48
2OURC3 retweeted
5pider
 @C5pider
Jul 9
Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/intro…

Havoc Professional: A Lethal Presence

An introduction to Havoc Professional and Kaine-kit, exploring the advanced features and capabilities that make them lucrative for modern security professionals.

infinitycurve.org
57
186
8
742
Joining @rektoff_xyz bootcamp about Solana Rust Security! Really thrilled and thankful to start this one :D
7
Releasing this fun tool Golem based on @0xdea, LLVM, LLM and @semgrep Golem automates C/C++ vulnerability discovery by combining Semgrep rule scans, LLVM call-graph & CFG slicing, and AI-driven context analysis. Tool: github.com/20urc3/golem Article: bushido-sec.com/index.php/20…

Beyond the Black Box - Engineering AI for Complex Security Analysis - Bushido Security

Discover how combining SemGrep, LLVM, and local LLMs like Ollama can boost vulnerability research. From funny IKEA frustrations to slicing control-flow graphs, meet Golem—your new automated bug...

bushido-sec.com
6
44
127
turns out running thing on server and locally are not the same, who would have guess???
2
Note: It's a BETA, it's vibe coded A LOT, it doesnt handle any sensitive info, please report bugs if you find some (you will) thanks kiss kiss
2
1
Just launched Code Auditor CTF — auditor.codes A web platform to practice finding real-world C/C++ vulnerabilities • 8000+ challenges • Progress tracking + leaderboard • Beginner-friendly • Fully open source (beta): github.com/20urc3/auditor.co…

GitHub - 20urc3/auditor.codes: The most complete code auditing platform with thousands of real-wo...

The most complete code auditing platform with thousands of real-world challenges - 20urc3/auditor.codes

github.com
12
145
3
584
Write-up of my v8 bug: Critical type confusion in V8's Turboshaft compiler allowed stale pointers to bypass GC, leading to exploitable memory corruption. Full details + PoC: bushido-sec.com/index.php/20…

RESEARCH - CVE-2024-6773 - Type confusion in v8 - Bushido Security

V8 Turboshaft Load Elimination Type Confusion Vulnerability (CVE-2024-6773)Exploitable Memory Corruption via Garbage Collection Race Condition Executive Summary A critical type confusion vulnerabil...

bushido-sec.com
3
63
245
I wrote a comprehensive guide on harnessing libraries for effective fuzzing with AFL++ ! Have a look => github.com/20urc3/Publicatio…

Publications/Articles/LIB_HARNESS_GUIDE/README.md at main · 20urc3/Publications

This repository contains the public work I produced, wheter it is research, post, slides, sometimes videos, and materials of my talks. - 20urc3/Publications

github.com
2
18
112
✨️ Happy new year hackers! ✨️
1
8
Going to #38c3 was on my wishlist for MANY years. I am extremely happy to have been able to attend this super fun con for the first time, I've watch many great talks, met a bunch of really cool nerds and loved the hacking atmosphere! ✨️
1
1
10
🥳CVE-2024-53589: I discovered a heap buffer-overflow vulnerability in objdump affecting version 2.43, during a fuzzing campaign with @aflplusplus More details: bushido-sec.com/index.php/20…

RESEARCH - OBJDUMP -CVE-2024-53589 - Bushido Security

Security vulnerability in GNU Binutils 2.43 objdump allows buffer overflow via malformed tekhex files, potentially leading to information disclosure and ASLR bypass.

bushido-sec.com
7
25
1
119
Following 7zip 24.08 release, @thezdi disclosed yesterday my vulnerability in 7zip 24.07: CopyCoder Infinite Loop Denial-of-Service Vulnerability - CVE-2024-11612 I found this vulnerability last summer during a fuzzing campaign with @aflplusplus bit.ly/4fZUnfz

RESEARCH - 7zip - CVE-2024-11612 - Bushido Security

7zip vulnerability disclosure infinite loop results in DoS attack

bushido-sec.com
11
12
81
My talk at lehack! Hacking satellites from SDR to RCE
leHACK @_leHACK_
12 Oct 2024
🇫🇷 Hacking Satellites: From SDR to RCE - Salim LARGO - 2ourc3 piped.video/AhtTHXyMz9c
2
2
13
It was a fantastic experience giving a talk about automated vulnerability research for SANS today. Grateful for this opportunity, very happy to meet all the other fantastic speakers there.
5
2
27
Really proud! My vulnerability in Chrome v8 has been disclosed today! CVE-2024-6773 Type confusion in the v8 engine. chromereleases.googleblog.co…
13
16
171
Load more