Building an open-source protocol risk intelligence platform.
WIP, but the first public version is now live.
Current focus:
• Governance
• Multisigs
• Audit coverage
• Dependencies
First protocol: Morpho
Link below 🔽
New feature for our #Solana static analyzer: Sol-azy 🚀
We just released Recap, a one-command way to turn any Anchor project into a clean, audit-friendly overview.
It extracts signers, writables, constraints, PDAs, and memory ops into a single Markdown report, perfect for fast triage & attack-surface mapping.
Full details:
https://t.co/tGUqJs2Jgq
🚀 We're excited to announce the release of FuzzForge Open Source (OSS)!
FuzzForge is our open-source platform designed to automate offensive security workflows & AI Agents, from static analysis to fuzzing, debugging, and root cause analysis, all with AI assistance.
🔷 Open-source release is the first step toward our vision of "Offensive-Security-as-Code."
🔷 Workflows you can run, share, and extend.
🔷 Built by the team at @FuzzingLabs.
Github : https://t.co/o15q2vJRrm
Join the Alpha Waitlist : https://t.co/M3YCjmqmLD
We've also launched the FuzzingLabs Community Discord where researchers, engineers, and security enthusiasts can connect and collaborate:
👉 https://t.co/owo5mnNGav
Come join us and Let's forge the future of AppSec & Offensive Security together!
#FuzzForge #Fuzzing #AppSec #OpenSource #CyberSecurity
🔥 We’re in! Our talk “Breaking AI Inference Systems: Lessons From Pwn2Own Berlin” is officially accepted for @BlackHatEvents Europe 2025.
We’ll share real-world bugs in @ollama & @nvidia Triton Server + our journey fuzzing and breaking inference platforms at @offensive_con@Pwn2Own 🧠💥
📍 See you in London → Dec 8–11
👋 Come and meet our CEO @Pat_Ventuzelo
#BlackHatEU #AIsecurity #fuzzing #offsec
Ever wanted a single tool to build, analyze (static analyzer), fetch, and reverse engineer Solana SBPF programs? 💻
We built Sol-azy, a modular CLI toolkit for security researchers: https://t.co/PNF1h384iS
Let’s break it down 🧵
🚀 We just released sol-azy on GitHub!
A modular CLI for static analysis & reverse engineering of #Solana sBPF programs — with disassembly, CFGs, and Starlark rule support.
🧵 https://t.co/1qAqspekOO
👀 Docs: https://t.co/HPXy1vSEpR
#Solana#RE#Security#Rust
@orenyomtov@FuzzingLabs We agree it’s not exploitable by third parties under current restrictions. But as noted in our thread:
"The ICON team itself has privileged access capable of exploitation."
🚨 RECON RECAP 🚨
Last week at @reconmtl, our team delivered two advanced trainings:
🦀 Rust Development for Cybersecurity
🧬 Modern Binaries Reversing: Rust & Go Analysis
Packed rooms, top-tier questions, and amazing energy from all participants — thank you! 🙌
📍 Next public session: @POC_Crew in Seoul 🇰🇷 in November: https://t.co/1K6N2ElKff
🎯 [POC2025] TRAINING
Reversing Modern Binaries: Practical Rust & Go Analysis
by Nabih Benazzouz (@Raefko) & Daniel Frederic from @FuzzingLabs
📅 Nov 10-12 (3 days)
📍 Four Seasons Hotel Seoul, South Korea
🔗 More info https://t.co/hdGfRfgx9k
#POC2025
Day 3 (out of 4) of our "Reversing Modern Binaries" training at REcon Montreal is kicking off!
👨🏫The energy and insights from this group have been amazing.
Couldn't join us in Montreal? Your next chance is coming up at the @POC_Crew conference in Seoul this November! 🇰🇷
🚨 FINAL CALL! There are only 5 days left to get the early-bird discount. Register before June 30th to get the discount.
Discover the Seoul training program👉 https://t.co/JII4jujopf
Register👉https://t.co/7bZaAuOCy1
#ReverseEngineering #InfoSec #Training #REcon #Montreal #POC2025 #Seoul #Rust #Go
Finally!!! The OSINT Village program for leHACK is ready 🎉
After weeks of work (sorry for being late), I’m thrilled to unveil the full program for the #OSINTVillage at @_leHACK_ , happening next Friday and Saturday in #Paris.
We’ve lined up some of the biggest names in the #OSINT world, including:
- @CovertShores, the renowned naval analyst known for his open-source investigations on submarines and radar installations.
- Estelle Ruellan & @Cyber_0leg from @flaresystems exposing how information stealers are used to track cybercriminals.
- @aeowinpact / All Eyes on Wagner, discussing how they investigated Russian spies operating in Switzerland.
- Robert Sell & Alexander Minster from @TraceLabs, hosting an in-person-only search party to find missing persons on Friday from 5:30 PM to 9:00 PM (https://t.co/bkWm0NsU2w).
- Vincent Brussee from Leiden University on scraping Chinese government websites for intelligence.
- @jeremie_baruch and @Abdelhak_E from @lemondefr, using OSINT to identify criminal hideouts and luxury villas.
- @Glacius_ from @teamcymru_S2 uncovering #NorthKorean IT workers operating abroad.
- Côme & Ricci from @Tadaweb, presenting a deep-dive into a Chinese influence campaign.
- Marwan Ouarab from @FindMyScammer, revealing how he tracked down scammers impersonating Brad Pitt.
- Hervé Letoqueux from @Viginum_Gouv, analyzing a fresh foreign influence operation.
And that's not all, our workshops are just as exciting:
- OSINT techniques for Reverse Engineering Windows Malware by Anso (@openfacto ) & Cora.
-Tracing cryptocurrencies with OSINT, led by Tanguy Laucournet from @FuzzingLabs.
- Detecting phishing campaigns through open-source data by @o0tAd0o from @Stalkphish_io
🎫 And Good news: there are still a few tickets left!
Grab yours here → https://t.co/7mWBRXHQRV
Can’t wait to see many of you there. Let’s make OSINT shine!
#OSINTThePlanet #leHACK2025 #OSINT #Infosec
@ShieldifyMartin Appreciate the mention of Octopus! 🐙
At FuzzingLabs, we truly believe open-source security tools are vital to a safer blockchain ecosystem.
We also built a Sui Fuzzer for Move https://t.co/mcgM0L76ft (updates may come), and a Solana security tool should come out soon
🔥 First time at #Pwn2Own, first win — and $15,000 later, we’re just getting started.
Last week at @OffensiveCon, we trained, fuzzed, and pwned hard. Here’s the story 👇
We already reported 7 vulnerabilities to @ollama via @huntr_ai 🔥
The first one is CVE-2024-12886, report is now public even if the bug is not fixed yet...
Please do not exposed your Ollama server, it is not the only bug we found... 🛡️
https://t.co/rbE9YrP7SC
Want to learn how to effectively fuzz a browser?
Sign up for @FuzzingLabs’ “Practical Web Browser Fuzzing” training in this year’s Offensivecon.
*Training tickets also guarantee first slots in the waiting list for conference tickets.
https://t.co/v4hxdq1e9m
🚨 Crypto Bugs Found in ArkWorks' Poseidon Sponge
We uncovered two subtle yet impactful bugs in this cryptographic hash function.
Let’s break it down! 🧵👇
Solana devs: Are you aware of "Revival Attacks"?
This vulnerability lets attackers bypass account closure logic to exploit rewards, drain staking pools, and disrupt protocols.
Here’s a deep dive into the issue and how to fix it.
🧵👇