I finally wrote a small tool I've wanted for a long time: A parallel testcase minimizer. It's called halfempty, and I'm already finding it useful as part of my fuzzing workflow. /cc @lcamtuf https://t.co/SIC2y0k0p0

Thanks everyone for all the kind words, it means so much 🥲

On the pod this week, I saved a closing shoutout for @taviso and his work at P0 https://t.co/P7iLc26k3T

I have many good stories from my time here, maybe I'll share some later! And yes, the leaving tradition is real, and yes they got me 😆

A personal update... after nearly 20 years at Google, today is my last day! I'm going to be working on independent research for the foreseeable future, then who knows! I've worked with so many talented people, made so many friends and seen incredible research over the years 🫡

I've met so many nerds who have a story about this box arriving from America in their small town, and having enough manuals to nerd over for weeks 🤓 (I have a story like this too).

I have a (dumb) theory about Intel. They used to ship beautiful printed manuals anywhere in the world for free if you called them. That program made a lot of engineering students customers for life. Then some middle manager killed it, and probably got a promotion.

Hey... quick question, why are anime catgirls blocking my access to the Linux kernel? 😸 https://t.co/0Ew0aG4rxu

EntrySign won 2 pwnies 🤯🤯

EntrySign was nominated for two Pwnies (best crypto bug and best desktop bug)! 🥳 https://t.co/PDl3xARuNK @__spq__ @sirdarckcat @taviso

This is neat, using EntrySign to backport microcode patches to EOL systems without BIOS updates.

I just learned that OSC8 (hyperlinks) in Windows Terminal uses ShellExecute(). Excellent trolling potential for README files 😆

Back in 2023, the assessment of the pre-authentication vulnerability in SSH was that it wasn't exploitable on Linux. For my OffensiveCon 2025 keynote, I wrote enough of an exploit to show, with the right heap groom and stabilization, it's likely exploitable. Then I tried to have

The recording of our OffensiveCon presentation about EntrySign is live! https://t.co/atQGAV39l3 Slides at https://t.co/twMFJ9L8Mv @sirdarckcat @__spq__

Fuzzing Windows Defender in the Honggfuzz+IntelPT (hardware) mode https://t.co/NDmMtergrL by @buherator

The code and tutorials are here if the link doesn't work! 😒

You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials.

welp, it looks like an OEM leaked the patch for "AMD Microcode Signature Verification Vulnerability" 🔥 The patch is not in linux-firmware, so this is the only patch available😡

Hey! I made a game in Bash with raylib! It's a "bullet hell" game featuring beloved penguin Tux vs an evil mutant Window! Bash is a simple scripting language, so simple it doesn't have floating point variables/arithmetic! So how was this game possible? 👇

Intel HW is too complex to be absolutely secure! After years of research we finally extracted Intel SGX Fuse Key0, AKA Root Provisioning Key. Together with FK1 or Root Sealing Key (also compromised), it represents Root of Trust for SGX. Here's the key from a genuine Intel CPU😀

@CrowdStrike This 100% matches our/@taviso's conclusions derived from analyzing the crash report/disasm 🧠 RAX: input pointer array R11: index (0x14/20d) Accessing Array[20] retrieved the 21st item (as arrays are 0-based). This returned an invalid memory address that 💥'd when deref'd!