Olivia
Online
Anton
@ant_av7
Security Researcher
Joined February 2020
171 Following
48 Followers
50 Posts
Slides and demos for our @REverseConf talk by @francesco_ev and @xorpse are up! If you missed the conference, now's you're opportunity to take a look at the talk content and demos.
Slides & demos: https://t.co/B97vstMQEZ
VulHunt framework: https://t.co/L6vwhyR9kH
@francesco_ev is presenting VulHunt at @REverseConf today! Alongside the talk, we're also releasing the framework and tooling as open-source.
https://t.co/L6vwhyR9kH
In the last blog of our VulHunt series, we explore what happens when VulHunt meets LLMs. We show how LLM-guided workflows can automate vulnerability triaging and hunting, reducing the manual effort required for binary analysis.
https://t.co/A7EZEn95xG
In today's instalment of our VulHunt series, we walk through VulHunt’s capabilities in detail. We show what VulHunt can detect, explain how it performs analysis, and how it represents findings for maximum actionability.
👉 https://t.co/Qgyb9Nvmq6
Who to follow
We❤️Open Source! As part of the release of our VulHunt tooling at @REverseConf this year, we're giving back to the REsearch community by releasing al Rust bindings for the amazing @uefitool.
Learn more:
https://t.co/KbMWHkLo7L
https://t.co/9gT9lOwf86
Continuing our VulHunt blog series, we adopt the mindset of a vulnerability researcher and attempt to uncover a number of vulnerabilities in a router's firmware: https://t.co/QsKaGUBZFa
Three-part series by @binarly_io on Supermicro BMC firmware authentication bypasses
Part 1: https://t.co/a44M8ce5YN
Part 2: https://t.co/DJsZWEl3tN
Part 3: https://t.co/8P8f598qGo
#infosec
In other news, we @binarly_io gave a talk on UEFI and BMC security, releasing two new CVEs related to the BMC firmware validation process implemented by Supermicro. Kudos to @ant_av7 for leading this research!
Slides: https://t.co/AGpx1T1dNi
Binarly REsearch breaks down how Supermicro BMC firmware validation fixes were bypassed, more than once, and what to do differently: verify firmware sources + hashes, enable RoT, and monitor BMC behavior.
🔥CVE-2025-12006
🔥CVE-2025-12007
Full Details: https://t.co/p74zijPHsB
It was a pleasure to contribute to year one of @DistrictCon with the “Broken Trust: Firmware Bypass Chains, BMC Persistence, and EDR Evasion” talk alongside @pagabuc @ant_av7 @yeggorv @xorpse
Slides: https://t.co/K7lGf3ZOKg
Detailed blog post + advisories go live tomorrow!
On my way to @DistrictCon with new firmware update verification bypass on Supermicro BMCs (previously "fixed").
NEW: CVE-2025-12006 & CVE-2025-12007) @ant_av7 👏
Backstory:
Ghost in the Controller
https://t.co/fNLy7eU03Y
Broken Trust
https://t.co/3AL1gRhT0B
Stay tuned!
✨AI-generated code is accelerating development, but it's also introducing unmaintainable, vulnerable dependencies.
Today, we introduce VulHunt: A new framework for semantic binary vulnerability detection.
https://t.co/mn7lo4Soj1
🔥𝗕𝗿𝗼𝗸𝗲𝗻 𝗧𝗿𝘂𝘀𝘁: 𝗙𝗶𝗿𝗺𝘄𝗮𝗿𝗲 𝗕𝘆𝗽𝗮𝘀𝘀 𝗖𝗵𝗮𝗶𝗻𝘀, 𝗕𝗠𝗖 𝗣𝗲𝗿𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝗲, 𝗮𝗻𝗱 𝗘𝗗𝗥 𝗘𝘃𝗮𝘀𝗶𝗼𝗻
We’ve been digging into how firmware-level attack chains quietly break the assumptions most modern endpoint defenses are built on. In this talk, we’ll walk through three real-world bypass chains we found in shipped firmware, show how they let us:
Compromise a fully patched system
• Blind EDR before their kernel drivers ever start
• Keep persistence in places most defenders never look
On top of that, we’re dropping details on two brand new Supermicro BMC-related vulnerabilities:
🪄 ✨ CVE-2025-6198 & CVE-2025-7937
Previous Supermicro discoveries:
✨ https://t.co/djEFQEhKDw
✨ https://t.co/MeUQCd9iV1
We’ll cover how these bugs allow malicious firmware images to be installed and how they enable persistent, hard-to-remove implants sitting right in the BMC. We’ll also look at a set of Binarly REsearch “forever bugs” that stay unpatched across vendor ecosystems or live on in end-of-life products still deployed everywhere.
If you care about EDR, firmware security, or still believe “we have Secure Boot, we’re fine”, this talk is for you😈
Come say hi at @DistrictCon!
🚀 New Release: Cryptographic Algorithm Identification in Java Bytecode.
Our new analyzer scans JARs (and soon Android packages) to uncover algorithm usage, provide reachability insights, and report NIST 8457 compliance.
Dive into the details: https://t.co/eDebDLFRjH
⚡️UEFI system firmware still has a mitigation gap, and we measured it. We scanned 5,477 firmware images covering 2.3M+ UEFI modules with the Binarly Transparency Platform. The results are… 🔥
🧵👇
https://t.co/pZJbbgE2GV
⛓️Tomorrow, Binarly REsearch is presenting the second talk "Repeatable Supply Chain Security Failures in Firmware Key Management".
🔑 Recurring issues with leaked, expired, or test signing keys used in production firmware.
More details: https://t.co/hTQBsy2bI4
🚨Binarly REsearchers revisit an already-patched Supermicro BMC bug and discover two new high-impact vulnerabilities that expose major gaps in software supply chains.
CVE-2025-7937: bypassed “fix” for CVE-2024-10237.
CVE-2025-6198: Supermicro RoT bypass.
https://t.co/MeUQCd9iV1
Nvidia OSR (@AlexTereshkin, @Adam_pi3) reveals high-impact Supermicro BMC vulnerabilities (CVE-2024-10237/38/39). Binarly REsearch documenting the details:
👻Ghost in the Controller: Abusing Supermicro BMC Firmware Verification.
Read the full story: https://t.co/uzMnkdXflY
🚨Binarly is documenting the discovery of CVE-2025-3052, a memory-corruption flaw in a Microsoft-signed UEFI module that lets attackers bypass Secure Boot and run unsigned code before the OS starts.
🔗 Full details: https://t.co/mFUeMjEhhr
🛡️ Advisory: https://t.co/dMpzoYgyIr
💡Congrats to the Binarly REsearch team! We have been granted USPTO Patent #12,287,885 for a new method for computing context-sensitive reachability analysis metrics across binary executables.
🧬Read the technical details:
🔹https://t.co/rcqxIKbc56
🔹https://t.co/mlEyvMlcAQ
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers