Some exciting research to share from Binarly REsearchers Takahiro Haruyama and Fabio Pagani -- a novel approach to UEFI bootkit detection. 🔥Read the technical paper: "UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior" 👉 binarly.io/blog/uefi-boot…

Don't miss this exclusive interview with Mark Russinovich! Watch this insightful discussion about Microsoft’s transition from C++ to Rust, the security challenges driving this shift, Azure’s beginnings, and the future of cloud computing. Watch here: youtu.be/SmUprpjCWjM

My first official rust-lang contribution 😜 github.com/rust-lang/crat… On crates.io, you can now categorize your crates under “security” (“Crates related to cybersecurity, penetration testing, code review, vulnerability research, and reverse engineering.”).

wts.dev/posts/bookmark… Oh look, it's my second write-up. Update your Macs.

Intel VT-rp community.intel.com/t5/Blogs/Tech-…

The new blog post on supervisor shadow stack restrictions / supervisor shadow-stack control tandasat.github.io/blog/2025/04/0…

Rust 1.86.0 has been released!✨🎊🦀 This release adds trait upcasting, get_disjoint_mut on slices and hashmaps, #[target_feature] for safe functions, debug assertions for null pointers, Vec::pop_if, and more! Check out the blog post for all the details: blog.rust-lang.org/2025/04/03/Rus…

This is an IMPRESSIVELY good pdf password dictionary brute forcer, got a password in literally milliseconds, if you're doing recon this is 👌 github.com/mufeedvh/pdfrip

I am thrilled to be back and offer the in-person training once again at Hexacon, the fabulous conf. in Paris hexacon.fr/trainer/tanda/ Get hands-on experience with virtualization and learn real-world applications and bugs of them! The tickets will be available for purchase soon.

Recently, I created a Rust library for call stack spoofing (uwd), you can check it out through the link Big thanks to klez and Kurosh Dabbagh for the help they gave me! github.com/joaoviictorti/…

My talk about the recent SMM architecture and security at TheSAS2025 : youtube.com/watch?v=AIGj6Q… The conference was well organized and had plenty of networking opportunities. Though, the best thing was the venue :) It is at a beautiful resort again this year, so you will love it.

Very proud to announce that the Windows Subsystem for Linux is now open source! blogs.windows.com/windowsdevelop…

Hypervisors for Memory Introspection and Reverse Engineering by memN0ps secret.club/2025/06/02/hyp…

Finally had some time to publish these blogs. Enjoy! Spying On Screen Activity Using Chromium Browsers mrd0x.com/spying-with-ch… Camera and Microphone Spying Using Chromium Browsers mrd0x.com/spying-with-ch…

The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup: coderush.me/hydroph0bia-pa…

🚨 Interested in Windows kernel exploitation? Our SSTIC 2025 talk on the Shadow Stack implementation in the Windows kernel is now online! 📄 Paper: sstic.org/media/SSTIC202… 📑 Slides: sstic.org/media/SSTIC202…

Exploitation of Asus Armory Crate AsIO3.sys driver | authorization bypass + ObfDereferenceObject primitive to LPE - blog.talosintelligence.com/decrement-by-o…

Absolutely sick contribution João Victor github.com/joaoviictorti/…