Interested in Security and Exploit Development. Nano is the one true text editor.
Joined August 2015
- Tweets 1,189
- Following 273
- Followers 38,262
- Likes 1,743
59 Photos and videos
Specter retweeted
Mar 15
Method we used (>5 years ago, now) on ps5 to fiddle with mp4 and hv memory: github.com/fail0verflow/pros…
hope it helps for linux!
17
113
695
137,368
Specter retweeted
Mar 13
Incredible talk on hacking the Xbox One security processor youtube.com/watch?v=FTFn4UZs…
7
50
358
40,930
Specter retweeted
2 Nov 2025
RIP, my PlayStation exploit died.
gist.github.com/TheOfficialF…
Works upto PS4 13.00 and PS5 12.00. Patched on PS4 13.02 and PS5 12.02.
184
297
2,939
376,957
20 Jul 2025
Some people already know this, but thought I'd mention here too... unfortunately basically all of my low fw PS5s got stolen recently, so I'm not sure what my future in console research will look like. Replacing this stuff might be too be difficult & expensive to be worth it :(
44
25
313
46,817
Specter retweeted
22 Apr 2025
We have a special episode this week, where we interview @JohnCarse of @getsquarex. We talk about John's industry experience, history of browser security, and the work SquareX is doing on detecting and mitigating browser-based attacks.
Check it out: youtube.com/watch?v=GtFpxB4H…
1
30
18,542
Specter retweeted
6 Feb 2025
My @dayzerosec co-host zi and I are giving our 1st training @ hardwear.io with a focus on attacking security hypervisors! Trainings are something we've wanted to do for a while.
Take a look and share to those who would be interested :)
hardwear.io/usa-2025/trainin…
11
36
205
52,201
Specter retweeted
8 Mar 2025
We have a training by @SpecterDev & Zi on Attacking Hypervisors From KVM to Mobile Security Platforms hardwear.io/usa-2025/trainin…
8 Mar 2025
I've published a write-up on reversing and analyzing Samsung's H-Arx hypervisor architecture for Exynos devices, which has had a lot of changes in recent years and pretty interesting design. Hope you all enjoy :)
dayzerosec.com/blog/2025/03/…
8
38
17,808
8 Mar 2025
I've published a write-up on reversing and analyzing Samsung's H-Arx hypervisor architecture for Exynos devices, which has had a lot of changes in recent years and pretty interesting design. Hope you all enjoy :)
dayzerosec.com/blog/2025/03/…
3
111
494
52,934
Recon Training 23-26 June 2025: KVM to Mobile Security Platforms - Attacking Hypervisors with @SpecterDev and zi from @dayzerosec (4 days) For more details recon.cx/2025/trainingFromKV…
7
34
10,153
Specter retweeted
3 Feb 2025
github.com/google/security-r…
Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!
12
270
801
123,944
3 Nov 2024
RE: byepervisor
do people care enough about not wanting to use rest mode and resume to switch the primary exploit for byepervisor to the jump table one? its higher maintenance and possibly slightly less stable but would be slightly more convenient to run I guess
65%
yes
35%
no
997 votes • Final results
19
13
104
22,330
Specter retweeted
29 Oct 2024
Inside console security: How innovations shape future hardware protection - helpnetsecurity.com/2024/10/… - @PlayStation @hardwear_io #HardwareSecurity #hw_ioNL2024 #PlayStation #gaming #CyberSecurity #netsec #security #InfoSecurity #ITsecurity #CyberSecurityNews #SecurityNews
8
31
22,099
25 Oct 2024
25 Oct 2024
I've published the repo for Byepervisor (we love named vulns out here). Contains exploit implementation for two PS5 hypervisor bugs for 2.xx and lower. Slides from the talk vod should hopefully be published soon.
github.com/PS5Dev/Byeperviso…
9
46
279
40,874
25 Oct 2024
I've published the repo for Byepervisor (we love named vulns out here). Contains exploit implementation for two PS5 hypervisor bugs for 2.xx and lower. Slides from the talk vod should hopefully be published soon.
github.com/PS5Dev/Byeperviso…
42
119
641
99,739
Specter retweeted
9 Oct 2024
The PS5's hypervisor has kept the system secure for years—now, vulnerabilities are being revealed. What does this mean for gamers? 🕵️♂️🚨
Join @SpecterDev at #hw_ioNL2024
Know More: hardwear.io/netherlands-2024…
#ps5 #exploit #hardware
8
34
224
33,677
Specter retweeted
9 Oct 2024
There are a few ways on PS5 to defeat HV. One of methods that I've found was related to APIC: struct apic_ops is located in RW segment of kernel data. With KRW you can overwrite a function pointer inside it like xapic_mode and get into ROP, for example (just need to bypass CFI).
33
60
580
71,709
29 Sep 2024
Feels great when an idea can finally be tested and works out after like a year :)
Shouts to ChendoChap for working out the ROP chain. Protip: staying < 3.00 is a good idea.
50
86
758
125,030
24 Sep 2024
Pushed v1.2, exploit's been updated with an implementation that works on 3.xx-5.xx (heap spray go brrr), also some support for other misc low fw.
ELF loader and payloads will not work on 5.00 for a while due to dlsym changes. Payload SDK needs changes.
github.com/PS5Dev/PS5-UMTX-J…
64
73
519
68,523