Rémi J.

🚨 Interested in Windows kernel exploitation? Our @sstic 2025 talk on the Shadow Stack implementation in the Windows kernel is now online! 📄 Paper: sstic.org/media/SSTIC202… 📑 Slides: sstic.org/media/SSTIC202…

I’ll be running a live session: “Live Windows Research Using WinDbg.” We’ll explore how to investigate Windows internals in real time using WinDbg, inspecting kernel structures, processes, and system behavior live. If you're into Windows internals, debugging, or security research, this session is for you. Details: trainsec.net/library/window… #windbg #windowsinternals #cybersecurity

ETA before GTA 6. This only works with a full chain exploit like github.com/PS5Dev/Byeperv…, thus only available on older FWs.

I ported Linux to the PS5 and turned it into a Steam Machine. Running GTA 5 Enhanced with Ray Tracing. 🤯

@33y0re @CrowdStrike @jxy__s @aionescu Congratulations ! I hope you’ll have great new ideas for your blog !

Home sweet home! I am excited to say I am rejoining @CrowdStrike’s sensor engineering team! Being able to work with @jxy__s, @aionescu, and so many other folks who are beyond talented is such a dream and a treat! I cannot wait to get started!!!!!!!!

I am excited to release the extended version of the sixth article in the Exploiting Reversing Series (ERS). Titled "A Deep Dive Into Exploiting a Minifilter Driver (N-day)" this 293-page deep dive offers a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/02/11/exp… Key updates in this extended edition: [+] Dual Exploit Strategies: Two distinct exploit versions. [+] Exploit ALPC Write Primitive Edition: elevation of privilege of a regular user to SYSTEM. [+] Exploit Parent Process ID Spoofing Edition: elevation of privilege of an administrator to SYSTEM. [+] Solid Reliability: A completely stable and working ALPC write primitive. [+] Optimized Exploit Logic: Significant refinements to the codebase and technical execution for better stability and predictability. For those who have read the original release, whose exploit was working, my strong recommendation is that you adopt this extended edition as definitive. The article guides you through the entire lifecycle of an exploit: from initial reverse engineering and vulnerability analysis to multiple PoC developments and full exploitation. I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback! Enjoy your reading and have an excellent day day.

Happening right now (open till Sat, 2/21/26)! A week-long CTF dedicated exclusively to reverse engineering. Hosted by crackmes.one, inspired by the legendary Flare-On Challenge. crackmesone.ctfd.io

We’re releasing our analysis of ring-1.io, a major game cheat targeted by multiple studios in recent legal actions. We partially deobfuscated several Themida-protected components and document how it hijacks Hyper-V to inject and manipulate game code. back.engineering/blog/04/02/202… github.com/backengineerin…

At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller. Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit. 🔍 Full technical write-up 👇 synacktiv.com/en/publication…

Verified! @synacktiv chained two vulnerabilities - an information leak and an out‑of‑bounds write - to achieve a full win in the Tesla Infotainment USB‑based Attack category, earning $35,000 USD and 3.5 Master of Pwn points. #Pwn2Own #P2OAuto

The one last dance of my phd career is finally published. ropbot (or angrop) can generate ROP chains for x86/x64/arm/aarch64/mips/riscv. The old version of it is already adopted by Google's kernelctf program (and some other orgs ;) ). kylebot.net/papers/ropbot.…

We launched a redesigned Project Zero website today at projectzero.google ! To mark the occasion, we released some older posts that never quite made it out of drafts. Enjoy!

Just published a new blog post where I explore advanced features of the @HexRaysSA decompiler and give a gentle introduction to its #CTREE API. blu3eye.gitbook.io/malware-insigh…

@__sethJenkins broke kASLR by doing … nothing 😩 googleprojectzero.blogspot.com/2025/11/defeat…

Nice! Mehdi & Matthieu from @Synacktiv pulled out the RF enclosure to run their exploit of the Phillips Hue Bridge. They were able to exploit it without laying a finger on the device. They're off to the disclosure room to explain themselves. #Pwn2Own

Unveiling the details of Windows VTL2, despite its absence in the MSDN documentation. 🤔 #hyperv #windows #virtualization howknows.github.io/roooot.github.…

It's already #SSTIC2025 day 2! @netsecurity1 and us3r present the Windows kernel shadow stack mitigation 🪟

We are at @sstic! If you want to have a chat, our ninjas are easy to spot 🥷

Confirmed! Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv (@Synacktiv) used a heap-based buffer overflow to exploit #VMware Workstation. They earn $80,000 and 8 Master of Pwn points - sending the contest to over $1,000,000 total! #Pwn2Own

Synacktiv is looking for an additional team leader in Paris for its Reverse-Engineering Team! Find out if you are a good candidate by reading our offer (🇫🇷). synacktiv.com/responsable-eq…