New post: deep dive into BEDaisy.sys, BattlEye’s kernel anti-cheat driver used in PUBG, R6 Siege, Escape from Tarkov, and more. WinDbg output + annotated IDA pseudocode included. s4dbrd.github.io/posts/reversin… #ReverseEngineering #WindowsInternals #AntiCheat

I’ve just published a new technical analysis exploring CVE-2026-20820, a buffer overflow in the CLFS driver. cravaterouge.com/articles/cve-2…

I found a remote code execution on the latest TP-Link Tapo webcam models! The path to code execution wasn't direct and involved an interesting chain (3 CVEs). Check out my blogpost for more details! spaceraccoon.dev/getting-shell-…

Spread the word! Phrack Zine CFP with demoscene cracktro is live. Turn up the volume and enjoy the awesome stylings of Piotr Bania with some hopefully inspiring text from phrack staff :) phrack.org

#IDA Pro tip 🤙 ApplyCalleeTypeEx — ApplyCalleeType is Reborn 🔥 — — — IMO one of the most practically useful IDA plugins ever written. It died on IDA 9.x. Not anymore. Rebuilt from scratch — compatible IDA 8.x → 9.3+. github.com/Dump-GUY/Apply… — — — What's new: ✅ IDA 9.3 ready +

Just published the writeup on qwik's deserialization RCE: sebsrt.xyz/blog/a-qwik-rc…

New blog! We found an open directory attributed to #MuddyWater Iranian APT and found vulnerabilities/victims they've been targeting, red-team tools, and a loader that deploys a persistent variant of #Tsundere botnet - a MaaS sold by a Russian threat actor that is known for using

Method we used (>5 years ago, now) on ps5 to fiddle with mp4 and hv memory: github.com/fail0verflow/p… hope it helps for linux!

just messing around now: > OOB read from msg_msg corruption to leak a struct file (easier on configs w/o dedicated filp cache) > leak struct cred pointer from the file object > OOB write > corrupt freelist with struct cred addr + spray to reclaim (no FREELIST_HARDEN)

For those of you playing around at home with the LiteLLM supply chain stuff. Here are the decoded payloads and other info. github.com/HackingLZ/lite…

The Nintendo Talking Flower firmware does not check the size of the language index table when loading it from SPI flash into RAM, allowing me to corrupt the stack, execute arbitrary code, and dump the protected STM32 firmware🤣 (SHA1 51ec2ee3bbc12772cd4abed1bf2d26b02e541e14)

The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at github.com/mandiant/flare…. Launched with: - Malware Analysis Crash Course - Go Reversing Reference - Intro to TTD

New post is up! This one uses CVE-2025-20741 (a heap overflow in the MediaTek MT76xx driver) to show how a bit of kernel alchemy can turn a heap OOB write into a number of stronger exploit primitives, up to page-level r/w via pipe_buffer corruption :) blog.coffinsec.com/0day/2026/04/0…

Updated my #bindiff fork to support building against IDA Pro 9.3 / IDA SDK 9.x, including Qt6-era plugin fixes Google github.com/seifreed/bindi…

📢 The FLARE team has launched the FLARE Learning Hub - a free resource to hone your malware analysis and reverse engineering skills! 🛠️ github.com/mandiant/flare… The initial launch brings with it: - An in-depth introduction to time-travel debugging (TTD) - A comprehensive Go

We went to Revision 2026 and released a eponymous demo celebrating 40 years of Razor 1911 activity in the scene. It does get a little bit emotional. pouet.net/prod.php?which…

I recently posted the filterforge project, yesterday we released the blogpost detailing how it works under the hood!

🚨 do you understand what just happened to your passwords cpuid one of the most trusted sites in PC hardware. hacked. April 10th, 2026. CPU-Z and HWMonitor. both compromised. > fake CRYPTBASE.dll ships inside the installer > connects to C2, downloads a C# file > compiles it

Breaking Rohde & Schwarz AMIQ License Keys - the Hard and the Easy Way tomverbeure.github.io/2026/04/12/AMI…

youtube.com/watch?v=wKiHwa… Timelapse of exocets logo for our 40 year demo. He managed to nail both his own style and the classic French razor 1911 line of 90s logos by guys like zebig and x-rage. The groups history was the theme of the demo and he completed that mission 11/10.