The slides for my Black Hat talk "XMPP Stanza Smuggling or How I Hacked Zoom" are now available at

RT @GoogleVRP: It is time to separate the vibe hackers 🤖 from the hackers with vibe 😎. Google CTF June 27-29. Age….

In my recent conference talks on browser security, I showed a calc-popping exploit demo that targets Firefox 135.0. For educational purpuses, to try to demistify some of that calc popping magic, the demo code is now public

Some fun with a web browser without involving memory corruption.

This weekend, I gave a talk on web browser security research at a student-organized conference. I tried to make the talk reasonably beginner-friendly, so the slides (linked here) could hopefully be useful to someone as a learning resource.

RT @natashenka: The final part of @j00ru’s Windows Registry series is live! Contains all the hive memory corruption exploitation you’ve bee….

RT @ProjectZeroBugs: The Windows Registry Adventure #8: Practical exploitation of hive memory corruption

RT @ProjectZeroBugs: The Windows Registry Adventure #7: Attack surface analysis

RT @__sethJenkins: My OffensiveCon talk, Unexpectedly Excavating an ITW Exploit, is now available to watch!.

RT @_MatteoRizzo: The recording of our OffensiveCon presentation about EntrySign is live! Slides at .

RT @dillon_franke: Slides from my talk are here: And the recording is here!

And now the video is live too,

The slides for my OffensiveCon talk "Finding and Exploiting 20-year-old bugs in Web Browsers"

RT @dillon_franke: A bunch of new Apple patches just dropped, including another one found with my Mach message fuzzer 🎉 Fixed in Sequoia 15….

RT @dillon_franke: @offensive_con I've also open-sourced my fuzzing harness, custom instrumentation, and a PoC for CVE-2024-54529:. https:/….

RT @dillon_franke: Thrilled to announce my new Project Zero blog post is LIVE! 🎉 I detail my knowledge-driven fuzzing process to find sandb….

See you in Berlin!.

RT @mattjay: 🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read. He's sayi….

RT @R00tkitSMM: Pishi v-0.9 source code.

RT @itswillis: . and now, introducing Part 6 of @j00ru's work on the Windows Registry:. . 📖👀.

RT @R00tkitSMM: My new blog post, which I presented at #Zer0Con2025.binary level macOS KEXT kernel address sanitizer. .