My @dayzerosec co-host zi and I are giving our 1st training @ https://t.co/Na25TGbLQE with a focus on attacking security hypervisors! Trainings are something we've wanted to do for a while. Take a look and share to those who would be interested :) https://t.co/zM6QJjPcrk

RIP, my PlayStation exploit died. https://t.co/gRmjKcqKFJ Works upto PS4 13.00 and PS5 12.00. Patched on PS4 13.02 and PS5 12.02.

Some people already know this, but thought I'd mention here too... unfortunately basically all of my low fw PS5s got stolen recently, so I'm not sure what my future in console research will look like. Replacing this stuff might be too be difficult & expensive to be worth it :(

We have a special episode this week, where we interview @JohnCarse of @getsquarex. We talk about John's industry experience, history of browser security, and the work SquareX is doing on detecting and mitigating browser-based attacks. Check it out:

My @dayzerosec co-host zi and I are giving our 1st training @ https://t.co/Na25TGbLQE with a focus on attacking security hypervisors! Trainings are something we've wanted to do for a while. Take a look and share to those who would be interested :) https://t.co/zM6QJjPcrk

We have a training by @SpecterDev & Zi on Attacking Hypervisors From KVM to Mobile Security Platforms

I've published a write-up on reversing and analyzing Samsung's H-Arx hypervisor architecture for Exynos devices, which has had a lot of changes in recent years and pretty interesting design. Hope you all enjoy :) https://t.co/KTJ5IKfSfP

Recon Training 23-26 June 2025: KVM to Mobile Security Platforms - Attacking Hypervisors with @SpecterDev and zi from @dayzerosec (4 days) For more details https://t.co/3MM2tIkcyS

https://t.co/JE68XbHamM Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!

RE: byepervisor do people care enough about not wanting to use rest mode and resume to switch the primary exploit for byepervisor to the jump table one? its higher maintenance and possibly slightly less stable but would be slightly more convenient to run I guess

Inside console security: How innovations shape future hardware protection - https://t.co/lVzoBvzMEG - @PlayStation @hardwear_io #HardwareSecurity #hw_ioNL2024 #PlayStation #gaming #CyberSecurity #netsec #security #InfoSecurity #ITsecurity #CyberSecurityNews #SecurityNews

Slides

I've published the repo for Byepervisor (we love named vulns out here). Contains exploit implementation for two PS5 hypervisor bugs for 2.xx and lower. Slides from the talk + vod should hopefully be published soon. https://t.co/YBrHXOpzQA

The PS5's hypervisor has kept the system secure for years—now, vulnerabilities are being revealed. What does this mean for gamers? 🕵️‍♂️🚨 Join @SpecterDev at #hw_ioNL2024 Know More: https://t.co/DeEfBFw7gi #ps5 #exploit #hardware

There are a few ways on PS5 to defeat HV. One of methods that I've found was related to APIC: struct apic_ops is located in RW segment of kernel data. With KRW you can overwrite a function pointer inside it like xapic_mode and get into ROP, for example (just need to bypass CFI).

Feels great when an idea can finally be tested and works out after like a year :) Shouts to ChendoChap for working out the ROP chain. Protip: staying < 3.00 is a good idea.

Pushed v1.2, exploit's been updated with an implementation that works on 3.xx-5.xx (heap spray go brrr), also some support for other misc low fw. ELF loader and payloads will not work on 5.00+ for a while due to dlsym changes. Payload SDK needs changes. https://t.co/UBqga8fA5U

Added 1.xx firmware support to UMTX exploit chain.

I've published a webkit implementation of UMTX exploit for PS5 on 2.xx firmwares. Hoping to add support for 1.xx firmwares soon, higher firmwares will take some changes to make it work. See README for details as always. https://t.co/g1kk14IVby

https://t.co/mUAc03cmMh