Dmitry Vyukov @dvyukov

I tweet about fuzzing, bugs, sanitizers, security, hardening, kernels, syzkaller, Go, performance, concurrency, lock-free algorithms.

 Munich, Germany
1024cores.net
Joined April 2009
Hi all, my name is Alisa, I am making the online training "Zero Day Engineering". If you want to get into the *real* offensive cyber security (reverse eng, vulns, exploits, fuzzing, pwn, ... 0days), eager to get your hands dirty, and haven't seen it yet, you probably should:
11
61
3
439
More HW security goodness from Arm: community.arm.com/arm-commun… vMTE (Virtual Memory Tagging) allows to use MTE in a more flexible way, consuming less RAM. POE2 allows to build efficient in-process sandboxes and isolation. More-or-less improvement over x86 Memory Protection Keys.
Dmitry Vyukov @dvyukov
Oct 14
First mention of x86 memory tagging (aka MTE) by both Intel and AMD (codename ChkTag): community.intel.com/t5/Blogs… amd.com/en/blogs/2025/amd-an… 🤘🤘🤘
21
2
80
First mention of x86 memory tagging (aka MTE) by both Intel and AMD (codename ChkTag): community.intel.com/t5/Blogs… amd.com/en/blogs/2025/amd-an… 🤘🤘🤘

AMD and Intel Celebrate First Anniversary of x86 Ecosystem Advisory Group Driving the Future of x86...

AMD and Intel today marked the one-year anniversary of the x86 Ecosystem Advisory Group (EAG), a joint initiative launched in October 2024 to strengthen the future of x86 computing. The advisory...

amd.com
2
28
8
127
The Latency Profiling talk is tomorrow in Zurich. There are still spots left. The talk is 🔥🔥🔥
Dmitry Vyukov @dvyukov
Sep 6
I am speaking about Latency Profiling at C++ Zurich Meetup on Oct 6 along with the legendary Sean Parent: meetup.com/zurich-c-meetup/e… Stop by if you are interested (or just want free snacks and to check out the Google office)
1
8
Dmitry Vyukov retweeted
Brad Spengler @spendergrsec
Sep 30
Remember how there were supposed to be no CVEs for crafted filesystem vulns, and it was such an important thing that the Linux CNA fought Canonical's CVE allocation for a non-crafted fs? Well, while the researcher cat's away, the CNA automation will play: lore.kernel.org/linux-cve-an…
2
2
1
9
Dmitry Vyukov retweeted
Eduardo Vela @sirdarckcat
Sep 29
This is cool. piped.video/EUa-C9mLqoE?si=7iKP…

TS2015 - DejaView: time-travel debugging and tracing

QEMU offers full-system deterministic "record and replay" features. Using "rr" gdb stubs, it makes it possible to "time travel" to an arbitrary instruction i...

youtube.com
1
4
35
Uninitialized memory is the most under-recognized type of security bug (it looks like UAF/OOB got all attention). You don't need ROP, don't need to break ASLR, overlap objects, etc. Just read out crypto keys that the system nicely sends you.
Andrey Konovalov
 @andreyknvl
Sep 11
Wrote a trigger for CVE-2025-38494/5 (an integer underflow in the HID subsystem) that leaks 64 KB of OOB memory over USB. Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels). github.com/xairy/kernel-expl…
3
25
177
Dmitry Vyukov retweeted
Linux Kernel Security @linkersec
Sep 10
ksmbd - Fuzzing Improvements and Vulnerability Discovery Another article by @73696e65 about fuzzing the ksmbd module with syzkaller. blog.doyensec.com/2025/09/02…
1
38
221
Dmitry Vyukov retweeted
Ivan Krstić
 @radian
Sep 9
🔺iPhone models announced today include Memory Integrity Enforcement, the culmination of an unprecedented design and engineering effort that we believe represents the most significant upgrade to memory safety in the history of consumer operating systems. security.apple.com/blog/memo…

Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security...

Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our...

security.apple.com
57
506
71
2,716
Dmitry Vyukov retweeted
Andrey Konovalov
 @andreyknvl
Sep 7
Whoever is coming to @BalCC0n: I will be teaching a workshop Attacking USB with Raw Gadget (covering basics of USB emulation and sniffing). If you wish to attend, you must bring Raspberry Pi 5 along with a few other things, see the workshop description. github.com/xairy/raw-gadget/…
5
38
I am speaking about Latency Profiling at C++ Zurich Meetup on Oct 6 along with the legendary Sean Parent: meetup.com/zurich-c-meetup/e… Stop by if you are interested (or just want free snacks and to check out the Google office)

October C++ meetup, Mon, Oct 6, 2025, 6:00 PM | Meetup

Hoi Zäme We're thrilled to announce that Sean Parent and Dmitry Vyukov will be speaking at the October C++ meetup! **Agenda** 18:00 - 18:30 Welcome snacks and socialising

meetup.com
5
4
1
13
An unpopular security opinion: with enough easy-to-find bugs, no amount of hardening will help. If you have a buffet-style assortment of bugs to choose from, you can bypass any mitigation.
1
2
33
Dmitry Vyukov retweeted
Marco Elver @maelver
Aug 23
Prototype for type-based partitioning of Linux kernel slab caches: discourse.llvm.org/t/rfc-a-f… Compiler seems to be doing a good-enough job of inferring allocated types per /proc/slabinfo.

[RFC] A Framework for Allocator Partitioning Hints

I was curious if I can get it to work for the Linux kernel. Here’s a prototype: Critically, the Linux kernel’s macro-based wrapfest of the kmalloc* functions meant that automatic instrumentation is...

discourse.llvm.org
1
12
39
We are hiring in Sunnyvale, USA: Senior Tech Lead, C++ Ecosystem Safety As the Senior Tech Lead you will have primary responsibility for C++ safety efforts including dynamic analysis, static analysis, fuzzing, and related areas. google.com/about/careers/app…
5
22
Dmitry Vyukov retweeted
xvonfers @xvonfers
Aug 9
Coroutine Frame-Oriented Programming: Breaking Control Flow Integrity by Abusing Modern C++ i.blackhat.com/BH-USA-25/Pre… Marcos Bajo(@h3xduck) & Christian Rossow(@chrossow)
10
32
Dmitry Vyukov retweeted
Evan Sultanik @ESultanik
Aug 10
Replying to @dvyukov @theori_io @trailofbits
FWIW, Trail of Bits spent the last month divorcing our system from the competition framework so you can run it on your laptop against real codebases. github.com/trailofbits/butte…

GitHub - trailofbits/buttercup: Buttercup finds and patches software vulnerabilities

Buttercup finds and patches software vulnerabilities - trailofbits/buttercup

github.com
3
8
Dmitry Vyukov retweeted
pr0cf5 @pr0cf51
Aug 10
Here’s the source code of our #AIxCC winning team @TeamAtlanta24, enjoy! github.com/Team-Atlanta/aixc… More things TBA

GitHub - Team-Atlanta/aixcc-afc-atlantis

Contribute to Team-Atlanta/aixcc-afc-atlantis development by creating an account on GitHub.

github.com
2
37
145
Genuinely interested to hear from teams how much better they feel they would go given 2x team size? cc @theori_io @trailofbits
3
5
With #AIxCC results in, thinking how much it's "this is the best approach to the problem" vs "this is all just hard work, development, engineering, tuning, etc"?... 1st: 392.76 score, 42 ppl team 2nd: 291.35, 10 3rd: 210.68, 8 4th: 153.70, 8 Also: 2nd: 41KLOC Python 3rd: 21KLOC
1
2
20
Dmitry Vyukov retweeted
0xor0ne
 @0xor0ne
Jul 31
Exploiting CVE-2025-37752: array-Out-Of-Bounds vulnerability in the Linux network packet scheduler syst3mfailure.io/two-bytes-o… #infosec #Linux
3
46
245
Load more