Dimitri Fourny

In collaboration with Lookout and Google (thank you 🙏) we have been working on tearing down and building detections for DarkSword - iOS exploit chain for iOS 18.4 - 18.7. Super excited for this research 🎉. Please update your iPhones. iverify.io/blog/darksword…

From virtio-snd 0-Day to Hypervisor Escape: Exploiting QEMU with an Uncontrolled Heap Overflow - osec.io/blog/2026-03-1…

Want to learn more about Chrome exploitation? In our latest article, we break down two critical Android GPU driver vulnerabilities that enabled Chrome sandbox escape from a compromised renderer and were used in full device exploit chains. Read the full technical analysis here: ssd-disclosure.com/chrome-gpu-san…

🚀 Introducing the Qwen 3.5 Medium Model Series Qwen3.5-Flash · Qwen3.5-35B-A3B · Qwen3.5-122B-A10B · Qwen3.5-27B ✨ More intelligence, less compute. • Qwen3.5-35B-A3B now surpasses Qwen3-235B-A22B-2507 and Qwen3-VL-235B-A22B — a reminder that better architecture, data quality, and RL can move intelligence forward, not just bigger parameter counts. • Qwen3.5-122B-A10B and 27B continue narrowing the gap between medium-sized and frontier models — especially in more complex agent scenarios. • Qwen3.5-Flash is the hosted production version aligned with 35B-A3B, featuring: – 1M context length by default – Official built-in tools 🔗 Hugging Face: huggingface.co/collections/Qw… 🔗 ModelScope: modelscope.cn/collections/Qw… 🔗 Qwen3.5-Flash API: modelstudio.console.alibabacloud.com/ap-southeast-1… Try in Qwen Chat 👇 Flash: chat.qwen.ai/?models=qwen3.… 27B: chat.qwen.ai/?models=qwen3.… 35B-A3B: chat.qwen.ai/?models=qwen3.… 122B-A10B: chat.qwen.ai/?models=qwen3.… Would love to hear what you build with it.

It's been just over a year since CVE-2024-54529 was patched. To celebrate, I'm open-sourcing my full PoC exploit for this CoreAudio type confusion vulnerability 🔊 The code is right here! Enjoy: github.com/googleprojectz…

We’re releasing our analysis of ring-1.io, a major game cheat targeted by multiple studios in recent legal actions. We partially deobfuscated several Themida-protected components and document how it hijacks Hyper-V to inject and manipulate game code. back.engineering/blog/04/02/202… github.com/backengineerin…

We've found a high-severity zero-day vulnerability in Firefox using @WeAreAisle's autonomous AI security system. It's now going by the name of CVE-2025-13016. If you're interested, here's my detailed technical blog post: aisle.com/blog/a-high-se…

My first technical blogpost is out now! Check it out: blog.dfsec.com/ios/2025/10/14… Thanks for the DFF team for their support and to the dfsec people for posting it! Special thanks to @iBSparkes for his assistence :)

Writeup for the 3rd hole exploitation technique :-). github.com/mistymntncop/C…

Super cool potential ASLR leak via dictionary hashing by @tehjh! googleprojectzero.blogspot.com/2025/09/pointe…

This article by Nicolas Stefanski at Synacktiv provides a high quality technical overview of our hardened_malloc project used in GrapheneOS: synacktiv.com/en/publication… It has great coverage of the memory layout, memory tagging integration, slab quarantines and allocation approach.

We released our Fuzzilli-based V8 Sandbox fuzzer: github.com/googleprojectz… It explores the heap to find interesting objects and corrupts them in a deterministic way using V8's memory corruption API. Happy fuzzing!

A Brief Analysis of Chrome's 0day CVE-2025-6554 in the Wild ti.qianxin.com/blog/articles/…

Had a great time presenting at @reconmtl this weekend - always amazing meeting everyone and sharing research 🙌 For those that missed the conference, or just want to review my WhatsApp work, feel free to read the slides here & hmu if you have questions! docs.google.com/presentation/d…

LLDBX - LLDB eXtended for macOS & iOS dimitrifourny.github.io/lldbx/

My ARMv8 documentation has been updated to cover 2200 instructions: 0day.ovh

🚗🔌 We reverse engineered the Tesla Wall Connector and uncovered a previously undocumented attack surface via the charging cable. From protocol analysis to code execution, a Pwn2Own Automotive 2025 exploit write-up. synacktiv.com/en/publication…

Remember that great OffensiveCon talk? Or sad you missed it? Well, here are the slides for it! github.com/TrenchantARC/G…