Video had bad resolutions, here the better one :)

The talk just got uploaded on YT ;)

And here two common misconceptions

Here the block shuffling count for each class

Here are the slides for my Scudo talk yesterday for the MobileHackingLab Con: https://t.co/XPLagjuGs9 it has two extra slides I haven't addressed in my talk. One describing two common misconceptions and one showing the shuffle count for each class.

Started a blog series on writing a minimal ARM hypervisor from scratch — boots as a UEFI app, claims EL2, identity-maps everything through Stage 2. Chapter 0 just dropped: ARM vs x86 virtualization, UEFI internals, EDK2 setup, first app at EL2. https://t.co/NJ7hQu3VZz

Bypass PAC in JIT - CVE-2024-27834 And I'm ready for my Spring Festival holiday 🥳 https://t.co/mWc1Ioa5UY

You like technical deep dives into binary exploitation and crazy heap wizardry? Then you'll like our blog post by @0xor_solo about unauth'ed RCE in NetSupport Manager aka CVE-2025-34164 & CVE-2025-34165

‼️ Feb edition of "Advanced .NET Exploitation" training is now open for 5 students, this will be in Manchester UK 🇬🇧 signup here: https://t.co/biDIcQiFsr

Available now at:

Here is a detailed bug analysis for MALI GPU CVE-2025-XXXX(6349|8045). We implements a stable privilege escalation on the latest version of the Pixel 9, and leverage a double-free primitive to arbitrary physical memory RW without any info leak. 👍 https://t.co/hJqRwUhwfM

Our 2024 applicants challenge is officially #roasted: the full BeanBeat × Maultaschenfabrikle walkthrough is now online. Unwrap the write-up at https://t.co/FOspfgRmRc and revisit the hacks that escalated from cold brew to full breach.

My HEXACON talk video is out! It covers a small race condition in the Linux kernel’s io_uring. I recommend watching it at 1.25× speed since I’m still not great at speaking 😅 https://t.co/lMuweA7PyU Here is the slide! https://t.co/9jPoKMzxwL

I wrote a quick post with some thoughts on Android runtime instrumentation with Frida, looking at SQLite as a case-study. The main focus is on making instrumentation data more useful for scalable analysis. https://t.co/5bKio7qi8W

We really should be talking about this more....KASLR is just not working properly on Android right now, and it hasn't for a long time. https://t.co/AE0vBXEcob

Latest ≠ Greatest? A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS from our very own @mwulftange who loves converting n-days to 0-days

Cracking the Pixel 8: Exploiting the Undocumented DSP to Bypass MTE - @Peterpan980927 @st424204 from @starlabs_sg https://t.co/BBogFGPjWc

If you're excited to see the WhatsApp bug thrown @thezdi - free to watch my talk from @reconmtl 2025 on 4 remote bugs I discovered last year! While they're not 0-click RCE - there are some remote corruption and funny logic bugs in there. https://t.co/N78H5QeNNZ

You're missing the obligatory pizza carton under the notebook

I now have an Android userspace snapshotter and emulation of the snapshot with unicorn (incl hook for mrs X, TPIDR_EL0) 😎