Oh hey! My last R&D project at quarkslab is finally out. :D tl.dr. playing with the Steam Deck is fun <3 (i.e. UEFI exploit w/ super limited primitives) blog.quarkslab.com/being-overlord…

For the first time, our training "Bug Hunting in Hypervisors" is open to the public at REcon ! Designed for security researchers,we will dive into VM escapes, hypervisor attack surfaces, and real-world exploitation. More info: recon.cx/2025/trainingB…

EA has uploaded fully recovered source code for Command & Conquer (aka, Tiberian Dawn). C&C Red Alert, C&C Renegade, and C&C Generals + Zero Hour to github. W move! github.com/electronicarts/

You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials. bughunters.google.com/blog/542484235…

My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp - googleprojectzero.blogspot.com/2025/03/blasti…

New blog post! A bug in GTA San Andreas lay dormant for over 20 years, until unrelated changes in Windows 11 24H2 triggered it. This is a deep dive into how a simple coding mistake erased all seaplanes from the game and made them completely unusable. cookieplmonster.github.io/2025/04/23/gta…

TyphoonCon🌪️ is already over, but we enjoyed every minute ! During our talk "Journey To Freedom", we disclosed for the first time the details on the Windows LPE we used at Pwn2Own Vancouver 2024 after escaping from VirtualBox. Slides are already available: reversetactics.com/publications/2…

🚨 Interested in Windows kernel exploitation? Our SSTIC 2025 talk on the Shadow Stack implementation in the Windows kernel is now online! 📄 Paper: sstic.org/media/SSTIC202… 📑 Slides: sstic.org/media/SSTIC202…

🔺iPhone models announced today include Memory Integrity Enforcement, the culmination of an unprecedented design and engineering effort that we believe represents the most significant upgrade to memory safety in the history of consumer operating systems. security.apple.com/blog/memory-in…

First mention of x86 memory tagging (aka MTE) by both Intel and AMD (codename ChkTag): community.intel.com/t5/Blogs/Tech-… amd.com/en/blogs/2025/… 🤘🤘🤘

Awesome paper about latest iOS security mitigations : SPTM, TXM, and Exclaves arxiv.org/pdf/2510.09272

Following their presentation at Hexacon, Mehdi & Etienne detail how they exploited CVE-2023-40129, a critical vulnerability affecting the Bluetooth stack in Android ⬇️ synacktiv.com/en/publication…

We really should be talking about this more....KASLR is just not working properly on Android right now, and it hasn't for a long time. googleprojectzero.blogspot.com/2025/11/defeat…

🥳📢After 4 years of hard work, we (LNH-team) are proud to announce that DSpico, our open-source flashcart for the DS(i), is officially released! 🌐 Find all the details on our website!: lnh-team.org

An analysis of a recent 0-click exploit targeting Samsung devices: googleprojectzero.blogspot.com/2025/12/a-look…

At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller. Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit. 🔍 Full technical write-up 👇

We’re releasing our analysis of ring-1.io, a major game cheat targeted by multiple studios in recent legal actions. We partially deobfuscated several Themida-protected components and document how it hijacks Hyper-V to inject and manipulate game code.

I have posted a write-up for those who are interested in building virtual iPhone. If have any further questions, please feel free to reach out via DM, Thanks. github.com/wh1te4ever/sup…

Incredible talk on hacking the Xbox One security processor youtube.com/watch?v=FTFn4U…

Very impressive independent research into modern software obfuscation used by Anti-Cheats, conducted by belabs_engineer and James youtube.com/watch?v=3LtwqJ…