🚨 Interested in Windows kernel exploitation? Our @sstic 2025 talk on the Shadow Stack implementation in the Windows kernel is now online! 📄 Paper: sstic.org/media/SSTIC2025/SS… 📑 Slides: sstic.org/media/SSTIC2025/SS…

We've been working on something for a while. The talks your blue team doesn't want you to see. 🔴 Red Teaming. Initial Access. AD. Cloud & Web exploitation. 📍 Paris - Le Dernier Étage 📅 March 19–20, 2027 entrypoint.fr CFP and additional details coming soon.

📢 CALL FOR PAPERS IS OPEN! 📢 Ready to share your latest security research with the community at Hexacon? The stage is yours. Submit your talks here: hexacon.fr/conference/call-f… 💻✨

A French engineer who lives quietly in Paris has spent 30 years writing software that the entire internet now runs on without knowing his name. He wrote the code that streams every YouTube video, every Netflix show, every TikTok clip. He wrote the code that runs the virtual servers underneath AWS, Google Cloud, and Microsoft Azure. He calculated more digits of pi than anyone in history. He has no Twitter. He has no marketing. He just keeps shipping. His name is Fabrice Bellard. Here is the story, because almost nobody outside the systems programming world knows what one man has built. Fabrice was born in 1972 in Grenoble, France. He studied at École Polytechnique, the top French engineering school. He never went to Silicon Valley. He never built a startup empire. He just wrote code. In 2000 he started a project called FFmpeg, an open-source multimedia framework for encoding, decoding, and streaming video. He was 28. The project did one thing nobody else had done well. It handled every video and audio format that existed, in one library, on every operating system. He led it himself for years. Today FFmpeg is the invisible engine of the internet. YouTube uses it. Netflix uses it. VLC uses it. Chrome and Firefox use parts of it. Every Android phone, every iPhone, every smart TV, every video editing tool you have ever touched runs FFmpeg somewhere underneath. If you have watched a video on a screen in the last 20 years, Fabrice's code processed it. He was not done. In 2003 he started QEMU, a machine emulator and virtualizer. He wrote it solo until version 0.7.1 in 2005. QEMU lets you run any operating system on any other operating system. It became the foundation of modern virtualization. KVM, the Linux kernel hypervisor, runs on top of QEMU. Every major cloud provider, AWS, Google Cloud, Microsoft Azure, IBM Cloud, runs virtual machines on infrastructure built around it. The Quick Emulator is the most cited piece of cloud infrastructure code on Earth. He kept going. In 2001 he won the International Obfuscated C Code Contest with a small C compiler that grew into TCC, the Tiny C Compiler. TCC can compile and boot a Linux kernel from source in under 15 seconds. In 2004 he calculated the most digits of pi ever computed at the time, using a personal desktop computer and an algorithm he derived himself called Bellard's formula. In 2011 he wrote a complete PC emulator in pure JavaScript that runs Linux in your browser, a project called JSLinux that engineers still cannot believe is real. In 2019 he released QuickJS, a small but complete JavaScript engine that fits where V8 cannot. In 2021 he released NNCP, a neural network based lossless data compressor that immediately took the lead on the Large Text Compression Benchmark. Then he turned his attention to large language models. He built TextSynth Server, a web server with a REST API for running LLMs locally. He released ts_zip and ts_sms, compression utilities that use language models to compress text and short messages at ratios traditional algorithms cannot reach. He released TSAC, a very low bitrate audio compression system. In December 2025 he released Micro QuickJS, a new JavaScript engine for microcontrollers, separate from QuickJS, designed for environments with almost no memory. Fabrice co-founded a telecom company called Amarisoft in 2012, where he serves as CTO. Amarisoft builds 4G and 5G base station software used by carriers and labs around the world. He has been running it for over a decade while continuing to ship personal projects from his own home page at bellard dot org He has no Twitter. He has no Instagram. He gives almost no interviews. His personal website is a flat list of projects with no styling, no fonts, no marketing copy. Just titles and links. A quiet French engineer who never moved to Silicon Valley wrote the code that quietly runs the internet. He is still shipping.

🔥 Excited to announce our keynote! We are thrilled to welcome Bruce Dang (@brucedang) and Thai Duong (@XorNinja) from @calif_io! With all their recent AI buzz, we had to check they aren't just LLMs in a trench coat. 🤖🧥 🎟️ Ticketing opens this Thursday at 2:00 PM CEST ⏰

I’ll be running a live session: “Live Windows Research Using WinDbg.” We’ll explore how to investigate Windows internals in real time using WinDbg, inspecting kernel structures, processes, and system behavior live. If you're into Windows internals, debugging, or security research, this session is for you. Details: trainsec.net/library/windows… #windbg #windowsinternals #cybersecurity

ETA before GTA 6. This only works with a full chain exploit like github.com/PS5Dev/Byeperviso…, thus only available on older FWs.

I ported Linux to the PS5 and turned it into a Steam Machine. Running GTA 5 Enhanced with Ray Tracing. 🤯

I am excited to release the extended version of the sixth article in the Exploiting Reversing Series (ERS). Titled "A Deep Dive Into Exploiting a Minifilter Driver (N-day)" this 293-page deep dive offers a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/02… Key updates in this extended edition: [ ] Dual Exploit Strategies: Two distinct exploit versions. [ ] Exploit ALPC Write Primitive Edition: elevation of privilege of a regular user to SYSTEM. [ ] Exploit Parent Process ID Spoofing Edition: elevation of privilege of an administrator to SYSTEM. [ ] Solid Reliability: A completely stable and working ALPC write primitive. [ ] Optimized Exploit Logic: Significant refinements to the codebase and technical execution for better stability and predictability. For those who have read the original release, whose exploit was working, my strong recommendation is that you adopt this extended edition as definitive. The article guides you through the entire lifecycle of an exploit: from initial reverse engineering and vulnerability analysis to multiple PoC developments and full exploitation. I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback! Enjoy your reading and have an excellent day day.

Happening right now (open till Sat, 2/21/26)! A week-long CTF dedicated exclusively to reverse engineering. Hosted by crackmes.one, inspired by the legendary Flare-On Challenge. crackmesone.ctfd.io/

We’re releasing our analysis of ring-1.io, a major game cheat targeted by multiple studios in recent legal actions. We partially deobfuscated several Themida-protected components and document how it hijacks Hyper-V to inject and manipulate game code. back.engineering/blog/04/02/… github.com/backengineering/r…

At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller. Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit. 🔍 Full technical write-up 👇 synacktiv.com/en/publication…

Verified! @synacktiv chained two vulnerabilities - an information leak and an out‑of‑bounds write - to achieve a full win in the Tesla Infotainment USB‑based Attack category, earning $35,000 USD and 3.5 Master of Pwn points. #Pwn2Own #P2OAuto

The one last dance of my phd career is finally published. ropbot (or angrop) can generate ROP chains for x86/x64/arm/aarch64/mips/riscv. The old version of it is already adopted by Google's kernelctf program (and some other orgs ;) ). kylebot.net/papers/ropbot.pd…

We launched a redesigned Project Zero website today at projectzero.google ! To mark the occasion, we released some older posts that never quite made it out of drafts. Enjoy!

Just published a new blog post where I explore advanced features of the @HexRaysSA decompiler and give a gentle introduction to its #CTREE API. blu3eye.gitbook.io/malware-i…

@__sethJenkins broke kASLR by doing … nothing 😩 googleprojectzero.blogspot.c…

Nice! Mehdi & Matthieu from @Synacktiv pulled out the RF enclosure to run their exploit of the Phillips Hue Bridge. They were able to exploit it without laying a finger on the device. They're off to the disclosure room to explain themselves. #Pwn2Own

Unveiling the details of Windows VTL2, despite its absence in the MSDN documentation. 🤔 #hyperv #windows #virtualization howknows.github.io/roooot.gi…

It's already #SSTIC2025 day 2! @netsecurity1 and us3r present the Windows kernel shadow stack mitigation 🪟