nedwill
 @NedWilliamson

Tesla {Autopilot, Dojo}; Previously Google Project Zero; PPP for life; SockPuppet, Soundhax, Speedcubing

Joined January 2012
Last month @ASU I presented my work on formalizing automated bug discovery, developing a framework to characterize the full spectrum of approaches - from fuzzing to human analysis. I'm sharing my evolving perspective on the fundamental nature of the bug finding problem. Full deck: github.com/nedwill/presentat…

presentations/asu-2024.pdf at main · nedwill/presentations

Contribute to nedwill/presentations development by creating an account on GitHub.

github.com
6
39
2
229
Deadlines and transparency stress-test governance and ecosystem health. I stand with Tavis, ffmpeg, and AI researchers. I’ve been all-in since the PaLM days; I sent 60k+ LLM messages since mid-2023 and I’m sorting the rest! It’s not the tool, it’s how we learn to use it.
3
1
127
nedwill retweeted
Blacktop @blacktop__
Nov 3
First attempt at building macOS 26.0 XNU as a LIBRARY?! 👩‍🔬 Check it out! 🎉 github.com/blacktop/darwin-x…
3
7
74
nedwill retweeted
 @syntacrobat
Nov 1
literally how do ML people survive without lifting tensor dimensions into the type system? isn't that like the number one thing youd immediately want
73
37
13
856
I totally get it. I was inundated with requests for support as a *reporter* of a libxml bug years ago. The entitlement from vendors who got assigned the downstream ticket was wild. And I was the villain in this scenario! Billions of dollars flow through volunteer maintained code.
FFmpeg
 @FFmpeg
Oct 31
Security is taken seriously in FFmpeg. We are just trying to highlight some of the challenges with "CVE slop", AI written bug reports that volunteers have to fix.
3
9
164
nedwill retweeted
Kostya Serebryany
 @kayseesee
Oct 30
Turns out Apple's M5 also has memory tagging. Excellent! Well, I guess I need to get one of those, in addition to a new iPhone... news.ycombinator.com/item?id…
3
14
1
215
nedwill retweeted
Samuel Groß @5aelo
Oct 29
We derestricted crbug.com/382005099 today which might just be my favorite bug of the last few years: bad interaction between WebAudio changing the CPU's handling of floats and V8 not expecting that. See crbug.com/382005099#comment1… for a PoC exploit. Also affected other browsers
4
49
4
244
__BUILDING_XNU_LIBRARY__ in new XNU sources!!!
1
1
34
GIF
JS engines/compilers are fascinating targets for security, looking forward to this! I’ll be at POC this year as an attendee.
POC_Crew
 @POC_Crew
Oct 24
[POC2025] SPEAKER UPDATE 👤 Samuel Groß(@5aelo) - "JavaScript Engine Security in 2025: New Bugs, New Defenses" #POC2025
5
4
87
"Ability to apply AI techniques and tools, such as LLM or Machine Learning, for security research" Love to see it!!
0xor0ne
 @0xor0ne
Oct 23
Apple SEAR is hiring offensive security researchers! We’re looking for talented researchers across multiple areas of security. Check out the job description here: jobs.apple.com/en-us/details… If you’re interested in low level systems like RTOS, firmware, coprocessors, embedded components, or microkernels, my team would especially like to hear from you. Feel free to reach out if you have any questions. #infosec
15
😱
Dohyun Lee
 @l33d0hyun
Oct 20
OMG.. whatsapp 0c in pwn2own
1
22
nedwill retweeted
Kostya Serebryany
 @kayseesee
Oct 20
More memory tagging in hardware. This one is on paper so far, but still nice to see. community.intel.com/t5/Blogs…

ChkTag: x86 Memory Safety

ChkTag: x86 Memory Safety   Memory safety violations due to programming errors have long afflicted software. Industry and academia have been searching for solutions to this problem. As first noted in...

community.intel.com
8
22
nedwill retweeted
Doc Dave @forensicdave
Oct 15
Dillon (@dillon_franke) from @google talked at #OBTS on how he made CoreAudio first sing and then scream! Cleverly using fuzzing & finding mem corruption bugs and turning it into a sandbox escape! More at googleprojectzero.blogspot.c…
7
51
Super impressive
amrit
 @amritwt
Oct 15
look at the knowledge cutoff. LOOK AT THE KNOWLEDGE CUTOFF.
2
nedwill retweeted
Dillon Franke @dillon_franke
Oct 15
Far too kind! Was a pleasure presenting!! 🙂 #obts
Mussy
 @Mu55sy
Oct 15
The 40 mins set is over. The fuzz has faded. But what Dillon Franke @dillon_franke left behind in our heads… Absolute madness. 💭💥 From custom harnesses to CoreAudio escapes, from structured fuzzing to sandbox devastation — this wasn’t just a talk, it was a full-spectrum mental remix. 🎶🧠 Our brains? Corrupted. Our notes? Exploitable. Only at #OBTS does a memory corruption bug echo like a bassline. 🌀🎛️
2
4
32
nedwill retweeted
Nolan | Exvul
 @ma1fan
Oct 14
I still remember @taviso fantastic research on the Windows Defender NScript execution engine—it was awesome! I also really appreciate that he helped me get the NScript shell running myself.
Tavis Ormandy
 @taviso
Oct 13
Thanks everyone for all the kind words, it means so much 🥲
1
11
nedwill retweeted
Haifei Li @HaifeiLi
Oct 10
The end of an era. If you don’t know what Tavis (and the P0) has contributed to and changed the vulnerability research community, let me give you just an example: if not because of Tavis and P0, we’d be still waiting 6 or 12 months to get a Windows or Office bug patched.
Tavis Ormandy
 @taviso
Oct 10
A personal update... after nearly 20 years at Google, today is my last day! I'm going to be working on independent research for the foreseeable future, then who knows! I've worked with so many talented people, made so many friends and seen incredible research over the years 🫡
1
14
1
154
A big problem with research has been the gap between maintaining something operational (SOTA fuzzer/audit/whatever) while having leverage to do experiments quickly. I think security is about to have a boom (for better or for worse...).
6
But the overhead of writing per-target embeddings didn't mesh well with grammar-based mutators. Too much maintenance cost. Agents can do everything: review coverage reports, improve the target+mutator, all while running transformer experiments to generate new corpus entries.
1
3
All the interesting bugs are not just spatial but temporal: use after free, async, threaded targets, etc., can be represented as sequences and dependencies between them can be learned with transformers and other seq2seq models.
1
2
Sonnet 4.5 and Codex High are insanely good. It makes it possible for me to do serious experiments in my spare time.
Logan Graham
 @logangraham
Sep 29
Something you may not know about Sonnet 4.5: it’s a special model for cybersecurity. For the past few months, the Frontier Red Team has been researching how to make models more useful for defenders. We now think we’re at an inflection point. New post on Red:
1
3
31
Load more