Very proud to announce that the Windows Subsystem for Linux is now open source! blogs.windows.com/windowsdevelop…

This is a good resource on how to use github.com/0vercl0k/wtf to find bugs in Microsoft's Defender Malware Protection Engine 🔥: labs.infoguard.ch/posts/attackin… by Manuel Feifel

🚨 Conference tickets will be on sale next Monday (4PM UTC+2)! 🎫 Standard price: 1320€ 🎟 Reduced price: 660€* *Reduced prices are for students and professionals whose company does not cover the ticket. ✨ New this year: a second party has been added on Saturday evening.

🔔 It is time to buy your HEXACON ticket! 💸 Discounted tickets are available (while supplies last) for students and professionals who do not receive support from their company. This approach is based on trust, but we may ask for proof. hexacon.fr/register/

Have something cool & technical you would like to present? 🐛🐜🪲 Consider submitting to Hexacon's CFP & come hangout in Paris (10th & 11th of October) 🔥

📢 New Hex-Rays Plugin Repository! We’ve upgraded our plugin repo to simplify how you submit and manage your plugins. ➥ Check it out: eu1.hubs.ly/H0kLhXV0 ◉ The new submission process now goes through your eu1.hubs.ly/H0kLmyH0 account. ◉ We now support GitHub-based

🛑The conference is already sold out!🛑 However tickets are available for people that register for a training: hexacon.fr/register/ We also have saved up some tickets for companies that want sponsor our con so get in touch with us if you're interested!

This weekend, I gave a talk on web browser security research at a student-organized conference. I tried to make the talk reasonably beginner-friendly, so the slides (linked here) could hopefully be useful to someone as a learning resource. docs.google.com/presentation/d…

What does it take to hack a Sonos Era 300 for Pwn2Own? Take a look at our process of adapting existing research, establishing a foothold, and exploiting media parsers for unauthenticated RCE over the network🔥👇 blog.ret2.io/2025/06/11/pwn…

Check out our first blog post about V8 CVE-2024-12695: bugscale.ch/blog/dissectin…

Off-By-One Conference 2025 Day 1 presentation videos are now available on our official YouTube channel! Subscribe, like 👍 and comment! lnkd.in/gi5jQBi4

Off-By-One Conference 2025 Day 2 presentation videos are now available on our official YouTube channel! Subscribe, like 👍 and comment! lnkd.in/geDcTSsr

🚗🔌 We reverse engineered the Tesla Wall Connector and uncovered a previously undocumented attack surface via the charging cable. From protocol analysis to code execution, a Pwn2Own Automotive 2025 exploit write-up. synacktiv.com/en/publication…

🚨 NEW PAPER on the 0day Supply Chain 🚨: I gathered open source data & interviewed Gov employees, VR and China researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China. Key findings below ⬇️ 0/🧵 atlanticcouncil.org/in-depth-resea…

It's summer. Make sure your PCs are properly cooled. Even the virtual ones. wbenny.github.io/2025/06/29/i-m…

We uncovered a number of vulnerabilities within the macOS SMB client implementation, including a remote kernel heap overflow. Don’t worry, they were fixed in 15.4! Learn more on our website: supernetworks.org/pages/blog/mac…

📢The end of Hexacon's CFP is approaching (July 14th)! If you have technical content you would like to present in Paris, you have another ~11 days to send it in ✍️ Topics of interest are vr / xdev / hardware hax, appsec & offensive security in general 🐛🐜🪲 See you there!👋

Had a great time presenting at REcon this weekend - always amazing meeting everyone and sharing research 🙌 For those that missed the conference, or just want to review my WhatsApp work, feel free to read the slides here & hmu if you have questions! docs.google.com/presentation/d…

If you're a game studio looking for security audits/pen-testing of your game HMU. Experienced with: - RCE on Windows and gaming consoles - Windows security internals - Compiling old/legacy code bases I'll also accept Japan working visa sponsorship or gacha pulls as payment