winterknife 🌻

Releasing SILVERPICK, a Windows shellcode development framework using C/C++. github.com/winterknife/SI…

Google Threat Intelligence Group has identified DarkSword, a new iOS exploit chain leveraging six zero-day vulnerabilities. Multiple threat actors are actively using it to deploy malware payloads. Update your devices or enable Lockdown Mode. 👉 bit.ly/4bRveEz

Interested in exploiting browsers? Join me as I go over the free section of @ret2wargames "Fundamentals of Browser Exploitation" course. This is a course delivered by real #Pwn2Own winners! So, you're learning from the best! This first video is very beginner friendly so check it out even if you're just curios🧐. Video link below: youtu.be/5ArMYqwCmD4

In collaboration with Lookout and Google (thank you 🙏) we have been working on tearing down and building detections for DarkSword - iOS exploit chain for iOS 18.4 - 18.7. Super excited for this research 🎉. Please update your iPhones. iverify.io/blog/darksword…

Very impressive independent research into modern software obfuscation used by Anti-Cheats, conducted by @belabs_engineer and @belabs_james youtube.com/watch?v=3LtwqJ…

Windows Insider builds now have a native, OS-level broker for MCP servers. We reverse engineered Odr.exe to understand how it validates clients, manages consent, and controls access - uncovering undocumented COM interfaces and a full ETW audit trail. originhq.com/blog/msft-odr-…

Now You See mi - Now You're Pwned: Exploiting Xiaomi Smart Cameras for fun and credit labs.taszk.io/articles/post/… Our intern's research post is up, full code of an RCE exploit + a "cloud jailbreak" released with it. After embargo expiry, 3 vulnerabilities currently remain unfixed.

In case you missed my RE//verse keynote about compilers and reverse engineering, it's now available online!

A new post (with a new website design) is finally out: idov31.github.io/posts/hypervis…. After two years, I wanted to start posting again and really wanted to share something that contains some technical details about hypervisors, my opinions on utilizing hypervisors for defense and 1/2

@belabs_engineer has released a binary polynomial MBA explorer. You can check out the website here: tools.codedefender.io

Move from basic fuzzing to a high-performance workflow. Fuzzing 1001 ost2.fyi/Fuzz1001 bridges the gap between theory and practical research. Master AFL++, PCGUARD, LTO, and ASAN using real CVEs from Xpdf and tcpdump.

New post on the MDSec blog and another Windows EoP.... RIP RegPwn - mdsec.co.uk/2026/03/rip-re… Saying goodbye to a much loved EoP, by @filip_dragovic

Another C++ trick to prevent long string literals from being placed in the .rdata section when building shellcode, regardless of the optimization level. godbolt.org/z/ssxT8qes8

TIL FILE_READ_ACCESS is not mandatory to map a SEC_IMAGE into memory.

Coruna iOS Exploit kit is one of those stories where the more you dig the weirder it gets. I love it.. Started as surveillance vendor tooling, ended up in mass Chinese crypto scams, and this week someone registered Iran war-themed dropper domains. Full timeline thread. 🧵

5 exploit chains, 23 exploits, nation-state grade malware has leaked with the capability to mass exploit iPhones. IOCs and technical overview on our blog: iverify.io/blog/coruna-in… #iOS #malware #mobilesecurity #cybersecurity #cyberattack

Coruna exploit kit is targeting iOS. Coruna leverages 23 exploits against Apple devices running iOS 13-17.2.1. It is being used for espionage, and by financially motivated actors to steal crypto. Update your iOS devices, and learn more about this threat: bit.ly/4rbeltc

Started a blog series on writing a minimal ARM hypervisor from scratch — boots as a UEFI app, claims EL2, identity-maps everything through Stage 2. Chapter 0 just dropped: ARM vs x86 virtualization, UEFI internals, EDK2 setup, first app at EL2. 0xabe.io/hypervisor/arm…

Ported Polaris-Obfuscator from C++/LLVM 16 to Python on LLVM 21. 9 passes: encrypted flattening, modular-arithmetic predicates, pointer mazes, function merging, and an X86 MIR pass that makes IDA's decompiler hallucinate variables that never existed. shifting.codes/blog/polaris-o…

I'm excited to finally release Marco, a research tool for modeling complex control flows across binaries. originhq.com/blog/introduci…

Wrote a small blog post about Binary Ninja's Shellcode Compiler. lampreylabs.com/posts/building…