Fikret Garipay

Dilithium, XMSS, SPHINCS+ —strong names, stronger math...but still human-made systems😬 At #hw_ioNL2025 @erd0spy showed a few carefully crafted voltage faults that can bypass checks and forge signatures without touching the core crypto 👉youtu.be/Qdk4KT8nWu0?si… #FaultInjection

A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here? projectzero.google/2026/01/pixel-…

A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave projectzero.google/2026/01/pixel-…

A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby projectzero.google/2026/01/pixel-…

💡 At #hw_ioNL2025, you can almost feel the tension as the microcontroller on stage takes a hit from a well-timed voltage fault. @erd0spy explains how Dilithium, XMSS, and SPHINCS+ can be bent just enough to accept forged signatures. 👉hardwear.io/netherlands-20… #dilithium #XMSS

Quantum-safe ≠ bulletproof🔒Even #Dilithium #XMSS & #SPHINCS+ can fall to #faultinjection At #hw_ioNL2025, @erd0spy shows how voltage glitch on microcontrollers can bypass signature checks, proving implementation security matters as much as the math. 👉 hardwear.io/netherlands-20…

#BHUSA Briefings "Bypassing PQC Signature Verification with Fault Injection: Dilithium, XMSS, SPHINCS+" presents practical voltage fault injection attacks on three major PQC signature schemes.💻Demonstrating how to forge valid signatures without breaking the underlying cryptographic primitives >> bit.ly/4kwDGdr

Linux >=4.12: USB CDC-ACM: missing size check in acm_ctrl_irq() leads to OOB write project-zero.issues.chromium.org/issues/3951072…

I've published a write-up on reversing and analyzing Samsung's H-Arx hypervisor architecture for Exynos devices, which has had a lot of changes in recent years and pretty interesting design. Hope you all enjoy :) dayzerosec.com/blog/2025/03/0…

Security through transparency: all chips have vulnerabilities, and most vendors' strategy is not to talk about them. In contrast, we aim to find and fix them. Read the results of our RP2350 Hacking Challenge: rpltd.co/rp2350-challen…

@shmoocon @shmoocon All livestream recordings of #shmoocon 2025 are uploaded! Check out all 3 days here - youtube.com/playlist?list=…

Video for the RP2350 lecture at CCC. media.ccc.de/v/38c3-hacking…

From fault injection to RCE Analyzing a Bluetooth tracker by Nicolas Oberli fahrplan.events.ccc.de/congress/2024/… media.ccc.de/v/38c3-from-fa…

security.humanativaspa.it/fault-injectio… A very interesting article on a smart approach to understand what have been altered during a crowbar glitching fault injection ⚡

The slides for the keynote our Cristofaro Mune(@pulsoid) has given at @h2hconference "False Injections: Tales of Physics, Misconceptions and Weird Machines" are now available here: raelize.com/upload/researc… Enjoy!

The new NIST IR 8547 "Transition to Post-Quantum Cryptography Standards" (draft out today) makes RSA, Elliptic Curve crypto disallowed by 2035. Hybrid (trad./pqc) solutions are accommodated by NIST. nvlpubs.nist.gov/nistpubs/ir/20…

@POC_Crew @binerdd @kaanezder Congratulations @kaanezder @binerdd

[POC2024] SPEAKER UPDATE 1⃣5⃣ 👥 @binerdd & @kaanezder - "Fake it till you make it: Bypassing V8 Sandbox by constructing a fake Isolate" #POC2024

Excited to share the first post in my new blog series with @LeviathanSec: UEFI is the new BIOS This blog series dives deep into UEFI RE/xdev. This first post is your UEFI intro. Check it out, hmu with feedback/q’s ✨ leviathansecurity.com/blog/uefi-is-t…

@alisaesage because stock libfuzzer sucks

Happy Solstice! Time to celebrate Truth and Justice. I appreciate your support; and I want to let you try one of my value-packed & expensive commercial masterclasses: ☀️ Masterclass: Hacking Fuzzers for Smarter Bughunting (on-demand video) #fuzzing" target="_blank" rel="nofollow noopener">zerodayengineering.com/training/maste… This class will give you a core level grasp of modern evolutionary coverage-guided fuzzing as pro hackers use it. It goes fast from fuzzing essentials to advanced customization & examining how code coverage works on CPU assembly level, 4 hours hands-on video. Free access from 21st to 23rd June (access conditions below)

@raelizecom I wondered something. Which version of PicoScope 2000 series are you using in training? Or which version's buffer is sufficient to store the trace containing the glitches? 🙂

Building effective Fault Injection setups, even when off-the-shelve tooling is used, is not always so trivial. You will experience how to do this to perform advanced Fault Injection attacks where you glitch more than just a check... There are still tickets avialable for our #TAoFI training at @_ringzer0's #BOOTSTRAP24 in Austin TX: ringzer0.training/trainings/the-…