Getting some notifications on this old tweet, which aged pretty well. It’s very satisfying to have an answer for something I’ve been wondering about for years. Congrats again to Andy Nguyen for such an epic chain :)

Some unexpected PS2 hacking news: DVD player loading support for PCSX2 emulator has finally been developed thanks to Balázs Triszka and Florin9doi: github.com/Florin9doi/pcs… This would greatly simplify porting/developing ‘FreeDVDBoot’ DVD player exploits for all the different BIOSes

Very cool to see public reimplementations of the first part of my mast1c0re exploit chain, especially when tested on the latest PS5 firmware.

This will be my last month at Google! (my decision was unrelated to layoffs) So thankful to have had the opportunity to work with such incredible colleagues, and contribute to such an impactful mission. Looking forward to starting my next adventure.

Part 2 - Attacking the compiler process: cturt.github.io/mast1c0re-2.ht… Ultimately I didn't finish the exploit, but hopefully it's still interesting, and maybe we will see a full exploit implementation from someone else in the future.

finally... hello, PS5 PSP :)

This is big! New original Xbox exploit has been released, working on stock consoles with just a save. Can be triggered from the Dashboard and used as an entrypoint for unsigned code, no exploit games or swaps needed!! 🥳 github.com/XboxDev/endgam…

i'm excited to share Collateral Damage, a kernel exploit for SystemOS on Xbox One/Series consoles! this initial release is mostly intended for developers, but i hope people will enjoy playing around with it! writeup and more updates in the near future :) github.com/exploits-forsa…

Interesting FreeBSD advisory: freebsd.org/security/advis… It’s the first path traversal I’ve seen where the kernel itself is returning filenames with ../ (normally path traversal bugs are at the application-level). ‘Universal Path Traversal’ (akin to UXSS) could be a new bug class?