Andy Nguyen
@theflow0
Followers
64K
Following
4K
Media
57
Statuses
3K
The opinions stated here are my own, not those of my company.
Zürich, Schweiz
Joined January 2016
I am the main developer fixing security issues in FFmpeg. I have fixed over 2700 google oss fuzz issues. I have fixed most of the BIGSLEEP issues. And i disagree with the comments @ffmpeg (Kieran) has made about google. From all companies, google has been the most helpfull & nice
94
210
4K
I have high admiration for FFmpeg and very much appreciate that they fix every single fuzzer crash, even benign integer overflows:
13
10
311
Wow, @DonToliver seems to enjoy my hacks and GTA San Andreas port ( https://t.co/H5c6cT4jMZ) on the PS Vita 🤯
28
118
3K
RIP, my PlayStation exploit died. https://t.co/gRmjKcqKFJ Works upto PS4 13.00 and PS5 12.00. Patched on PS4 13.02 and PS5 12.02.
171
315
3K
Prototype for type-based partitioning of Linux kernel slab caches: https://t.co/hXbnwCExCm Compiler seems to be doing a good-enough job of inferring allocated types per /proc/slabinfo.
discourse.llvm.org
I was curious if I can get it to work for the Linux kernel. Here’s a prototype: Critically, the Linux kernel’s macro-based wrapfest of the kmalloc* functions meant that automatic instrumentation is...
1
12
39
All that binary hackers care about are pointers. Do you agree?
6
0
90
Our new blog post is out! Check it out, I think we got some really cool results in this one.
Our latest post details how we exploited Retbleed (a CPU vulnerability) to compromise a machine from a sandboxed process and VM! Curious? 👇 https://t.co/CSD8kdlBjD
1
3
30
Speculative rop chain execution in guest-to-host attack 👀
Our latest post details how we exploited Retbleed (a CPU vulnerability) to compromise a machine from a sandboxed process and VM! Curious? 👇 https://t.co/CSD8kdlBjD
6
13
122
You can now watch my keynote on the Exploit Development Lifecycle ⬇️ Think the work is done after finding 0-day? Think again!
The BSides Canberra 2024 keynote is now available to watch! "The Exploit Development Life Cycle: From Concept to Compromise" – @chompie1337 breaks down the art of exploit dev, from that first spark to full pwnage. Missed it live? Watch it now:
5
59
270
Profiling: you are doing it all WRONG! The SHOCKING truth about CPU vs. real time Now that I get your attention :) My perf latency profiling changes merged: https://t.co/D5713CXKEw First profiler ever that samples realtime (not CPU time) and suitable for latency optimization
3
39
165
🌪️ It is a privilege to welcome @theflow0 as our first keynote speaker at #TyphoonCon2025 🎤🔥 Join us in Seoul on May 29-30 for an insightful and inspiring session! 🔗 https://t.co/BewhLLAhGi
13
24
235
😂
26
12
314
What did I do to deserve this 😅
62
18
558
https://t.co/JE68XbHamM Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!
github.com
### Summary Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside...
13
282
813