APPLIED AI FOR CYBERSECURITY​ – AI Agents for application security testing
| | |

APPLIED AI FOR CYBERSECURITY​ – AI Agents for application security testing

applied AI for Cybersecurity AI Agents for application security testing What if AI could autonomously find, trace, and exploit vulnerabilities in code? The rise of AI agents has opened many new possibilities, but one remains underexplored in security: combining static and dynamic testing in a unified, autonomous pipeline. Today’s app-sec solutions typically focus on either…

Android and the mysteries of dial codes ​ – Extracting dial codes by apk reversing
| | | | |

Android and the mysteries of dial codes ​ – Extracting dial codes by apk reversing

Android and the mysteries of dial Codes Extracting dial codes by apk reversing Dial Codes, also called USSD or HMI (Human Machine Interface) codes, are typically used by OEM and carrier to implement some menu. While making baseband researches, those hidden menus was very useful. Today, in this small blogpost, I will described the way…

POC 2025 Reversing Modern Binaries: Practical Rust & Go Analysis Training by FuzzingLabs
| | | | |

PoC 2025 – Reversing Modern Binaries: Practical Rust & Go Analysis On-site Training

POC 2025 – Training Announcement Reversing Modern Binaries: Practical Rust & Go Analysis Training Dive into the world of Rust and Golang reverse engineering at ReCon 2025! Join Daniel Frederic and Nabih Benazzouz for this exclusive 3-day training. You will learn how to analyze binaries, tackle obfuscation, and reverse-engineer malware written in two of the most…

Pairing-Based Cryptography Demystified: A Deep Dive into Elliptic Curves
| |

Pairing-Based Cryptography Demystified: A Deep Dive into Elliptic Curves

Unlocking Pairing-Based Cryptography with Elliptic Curves Pairing-Based Cryptography Demystified: A Deep Dive into Elliptic Curves Elliptic curves are central to modern cryptography, offering efficient, secure systems with smaller key sizes compared to traditional methods like RSA. But before diving into what they do, it’s helpful to understand what they are. Elliptic curves are mathematical objects…

android reversing lm deobfuscation
| | | | |

Benchmarking Android APK Deobfuscation using Small Local LLMs

Ai-assisted Android application reversing Benchmarking Android APK Deobfuscation using Small Local LLMs Tool Overview – Deobfuscate-android-app Android applications are commonly obfuscated before release, especially when they handle sensitive logic such as authentication, license verification, or cryptographic routines. Obfuscation tools like ProGuard and R8 rename classes and methods, remove debug information, and flatten control flows to…

AI-Driven Threat Modeling – LLMs for Automated STRIDE Analysis
| | | |

AI-Driven Threat Modeling – LLMs for Automated STRIDE Analysis

AI-Driven Threat Modeling LLMs for Automated STRIDE Analysis Threat modeling has always been about understanding how the components of an application interact, where the boundaries lie, and what could go wrong at each connection. Traditionally, this process has been manual, relying on diagrams and the expertise of security professionals to map out relationships and identify…

EVM Security – Insights from Zer0Con 2025
| | | |

EVM Security – Insights from Zer0Con 2025

EVM Security Insights from Zer0Con 2025 At Zer0Con 2025, the FuzzingLabs team, Mathieu Hoste and Bryton Bernard, delivered an engaging and insightful presentation on one of the most critical aspects of Ethereum’s security: the vulnerabilities within the Ethereum Virtual Machine (EVM). In our session, titled “Ethereum’s Achilles’ Heel: Attacking and Fuzzing EVMs for Fun (and…

Linux Hardening – State of Linux Snapshot Fuzzing
| |

Linux Hardening – State of Linux Snapshot Fuzzing

Linux Hardening State of Linux Snapshot Fuzzing What is snapshot fuzzing ? Fuzzing is a well-established technique for finding software vulnerabilities, and snapshot fuzzing represents a significant advancement, enhancing efficiency and expanding the scope of testable software. Snapshot fuzzing is particularly valuable in application security where it enables thorough black-box testing of applications, regardless of…

Differential Cryptanalysis 101​ – Exploring Differential Methods in Block Ciphers​
| |

Differential Cryptanalysis 101​ – Exploring Differential Methods in Block Ciphers​

Differential Cryptanalysis 101 Exploring Differential Methods in Block Ciphers Cryptanalysis has been playing an essential role in the security of both software and hardware systems for decades and now more than ever. Many knows the essentials of cryptography through school, trainings or self learning, but very few know the ways of cryptanalysis, which is equally…

Attacking & Fuzzing Polkadot Node – Triggering Denial-of-Service via Gossamer RPC Flaws​
| | | | |

Attacking & Fuzzing Polkadot Node – Triggering Denial-of-Service via Gossamer RPC Flaws​

Attacking & Fuzzing of Polkadot Node Triggering Denial-of-Service via Gossamer RPC Flaws Gossamer is a Go-based implementation of a Polkadot node, developed by ChainSafe Systems. It allows interaction with the Polkadot network, enabling users to participate as full nodes, validators, or other roles. In this post, we will show you what we did to find…