Stealing the Bitlocker key from the TPM by snooping the public SPI bus. Read details about the VMK, boot flow, logic analysers, soldering to SPI streams astralvx.com/stealing-the-b…

The Secret Life of C++: What Your #Compiler Doesn't Want You To Know web.mit.edu/tibbetts/Publi… “#CPP is filled with strange and wonderful features. We will explore in detail how these features are implemented under the covers, in terms of the #assembly #code generated.”

I wrote an article on bypassing BitLocker on a Lenovo laptop: errno.fr/BypassingBitlo…

What is a "good" Linux Kernel bug? "In the world of vulnerability research, we like to call bugs 'good' if they're bad, and 'bad' if they're either boring or completely catastrophic." blog.isosceles.com/what-is-a-good…

Advanced binary fuzzing using AFL++-QEMU and libprotobuf: a practical case of grammar-aware in-memory persistent fuzzing airbus-seclab.github.io/AFLplusplus-bl…

CVE-2023-4911: Local Privilege Escalation in the glibc's ld[.]so seclists.org/oss-sec/2023/q…

This's a breakthrough: found JTAG TAP of Intel PMC ARC600 MCU for Atoms. It isn't supported by public OpenIPC, so raw IRs must be used. ARC's IR codes is actually shifted 4 bits left. Scary to imagine what can be done using this...

A, I see ... this was the @toolswatch IoT training under a fresh and new outfit. Cool move and good luck with it. Make IoT more secure :)

Excited to share the first post in my new blog series with LeviathanSecurity: UEFI is the new BIOS This blog series dives deep into UEFI RE/xdev. This first post is your UEFI intro. Check it out, hmu with feedback/q’s ✨ leviathansecurity.com/blog/uefi-is-t…

The new NIST IR 8547 "Transition to Post-Quantum Cryptography Standards" (draft out today) makes RSA, Elliptic Curve crypto disallowed by 2035. Hybrid (trad./pqc) solutions are accommodated by NIST. nvlpubs.nist.gov/nistpubs/ir/20…

The slides for the keynote our Cristofaro Mune(Cristofaro Mune) has given at H2HC "False Injections: Tales of Physics, Misconceptions and Weird Machines" are now available here: raelize.com/upload/researc… Enjoy!

security.humanativaspa.it/fault-injectio… A very interesting article on a smart approach to understand what have been altered during a crowbar glitching fault injection ⚡

From fault injection to RCE Analyzing a Bluetooth tracker by Nicolas Oberli fahrplan.events.ccc.de/congress/2024/… media.ccc.de/v/38c3-from-fa…

Video for the RP2350 lecture at CCC. media.ccc.de/v/38c3-hacking…

ShmooCon ShmooCon All livestream recordings of #shmoocon 2025 are uploaded! Check out all 3 days here - youtube.com/playlist?list=…

Security through transparency: all chips have vulnerabilities, and most vendors' strategy is not to talk about them. In contrast, we aim to find and fix them. Read the results of our RP2350 Hacking Challenge: rpltd.co/rp2350-challen…

"Two ways of Rooting All Qualcomm based Android phones" (slides) powerofcommunity.net/poc2024/Pan%20… #infosec #android

I've published a write-up on reversing and analyzing Samsung's H-Arx hypervisor architecture for Exynos devices, which has had a lot of changes in recent years and pretty interesting design. Hope you all enjoy :) dayzerosec.com/blog/2025/03/0…

Linux >=4.12: USB CDC-ACM: missing size check in acm_ctrl_irq() leads to OOB write project-zero.issues.chromium.org/issues/3951072…

#BHUSA Briefings "Bypassing PQC Signature Verification with Fault Injection: Dilithium, XMSS, SPHINCS+" presents practical voltage fault injection attacks on three major PQC signature schemes.💻Demonstrating how to forge valid signatures without breaking the underlying