nicoski
@nicoski.bsky.social
Security enthusiast: RE, VR, exploits and stuff
Reposted by nicoski
A technical look at @grapheneos.org Hardened Malloc, a memory allocator designed to mitigate heap corruption vulnerabilities (UAF, overflows) and break common exploit primitives.
Deep dive for security researchers & exploit developers by @nicoski.bsky.social
www.synacktiv.com/en/publicati...
Deep dive for security researchers & exploit developers by @nicoski.bsky.social
www.synacktiv.com/en/publicati...
Exploring GrapheneOS secure allocator: Hardened Malloc
Exploring GrapheneOS secure allocator: Hardened Malloc
www.synacktiv.com
September 22, 2025 at 1:41 PM
A technical look at @grapheneos.org Hardened Malloc, a memory allocator designed to mitigate heap corruption vulnerabilities (UAF, overflows) and break common exploit primitives.
Deep dive for security researchers & exploit developers by @nicoski.bsky.social
www.synacktiv.com/en/publicati...
Deep dive for security researchers & exploit developers by @nicoski.bsky.social
www.synacktiv.com/en/publicati...
Reposted by nicoski
Ever thought your kitchen appliance could harbor a persistent threat?
We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass.
Discover our step-by-step breakdown!
www.synacktiv.com/en/publicati...
We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass.
Discover our step-by-step breakdown!
www.synacktiv.com/en/publicati...
Let Me Cook You a Vulnerability: Exploiting the Thermomix TM5
Hardware Analysis The Thermomix TM5 is a multifunctional kitchen appliance composed of two key electronic boards: the power board, which handles the motor and heating functions, and the main board, w
www.synacktiv.com
July 11, 2025 at 8:44 AM
Ever thought your kitchen appliance could harbor a persistent threat?
We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass.
Discover our step-by-step breakdown!
www.synacktiv.com/en/publicati...
We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass.
Discover our step-by-step breakdown!
www.synacktiv.com/en/publicati...
Reposted by nicoski
It's already #SSTIC2025 day 2! @remi-j.bsky.social and us3r present the Windows kernel shadow stack mitigation 🪟
June 5, 2025 at 9:08 AM
It's already #SSTIC2025 day 2! @remi-j.bsky.social and us3r present the Windows kernel shadow stack mitigation 🪟
Reposted by nicoski
For our first talk, Ambre presents her previous research about firmware images identification #SSTIC2025
June 4, 2025 at 3:20 PM
For our first talk, Ambre presents her previous research about firmware images identification #SSTIC2025
Reposted by nicoski
In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. @0xf4b.bsky.social took a long journey down a rabbit hole to understand its root cause.
www.synacktiv.com/en/publicati...
www.synacktiv.com/en/publicati...
iOS 18.4 - dlsym considered harmful
Observations We first observed the bug in a custom iOS application compiled for the arm64e architecture (thus supporting PAC instructions).
www.synacktiv.com
April 10, 2025 at 1:22 PM
In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. @0xf4b.bsky.social took a long journey down a rabbit hole to understand its root cause.
www.synacktiv.com/en/publicati...
www.synacktiv.com/en/publicati...
Reposted by nicoski
Interested in vulnerabilities in video games? 🎮
@tomtombinary.bsky.social presented critical flaws in Neverwinter Nights Enhanced Edition at #Hexacon, which could allow attackers to take control of players' computers. 🛡️
Check out the full details of these bugs!👇
www.synacktiv.com/en/publicati...
@tomtombinary.bsky.social presented critical flaws in Neverwinter Nights Enhanced Edition at #Hexacon, which could allow attackers to take control of players' computers. 🛡️
Check out the full details of these bugs!👇
www.synacktiv.com/en/publicati...
Exploiting Neverwinter Nights
Introduction Neverwinter Nights is an RPG based video game developed by BioWare and Obsidian Entertainment in 2002.
www.synacktiv.com
March 10, 2025 at 12:36 PM
Interested in vulnerabilities in video games? 🎮
@tomtombinary.bsky.social presented critical flaws in Neverwinter Nights Enhanced Edition at #Hexacon, which could allow attackers to take control of players' computers. 🛡️
Check out the full details of these bugs!👇
www.synacktiv.com/en/publicati...
@tomtombinary.bsky.social presented critical flaws in Neverwinter Nights Enhanced Edition at #Hexacon, which could allow attackers to take control of players' computers. 🛡️
Check out the full details of these bugs!👇
www.synacktiv.com/en/publicati...
Reposted by nicoski
Speedrunners are vulnerability researchers, they just don't know it yet Discussion
Speedrunners = vulnerability researchers
Video game enthusiasts are developing experience in the cybersecurity industry by accident. Discover how gaming skills can translate into intriguing careers.
zetier.com
March 2, 2025 at 7:00 PM
Speedrunners are vulnerability researchers, they just don't know it yet Discussion
Reposted by nicoski
Hackers rejoice!
We are releasing the Phrack 71 PDF for you today!
Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!
The CFP is still open, you can find it and the PDF link at phrack.org
We are releasing the Phrack 71 PDF for you today!
Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!
The CFP is still open, you can find it and the PDF link at phrack.org
.:: Phrack Magazine ::.
Phrack staff website.
phrack.org
February 15, 2025 at 3:02 PM
Hackers rejoice!
We are releasing the Phrack 71 PDF for you today!
Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!
The CFP is still open, you can find it and the PDF link at phrack.org
We are releasing the Phrack 71 PDF for you today!
Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!
The CFP is still open, you can find it and the PDF link at phrack.org
Reposted by nicoski
Today I learned that the N64 game "Morita Shogi 64", a Shogi game with a built in modem for online play, has a RCE exploit that was granted a CVE
nvd.nist.gov/vuln/detail/...
nvd.nist.gov/vuln/detail/...
January 8, 2025 at 8:02 PM
Today I learned that the N64 game "Morita Shogi 64", a Shogi game with a built in modem for online play, has a RCE exploit that was granted a CVE
nvd.nist.gov/vuln/detail/...
nvd.nist.gov/vuln/detail/...
Reposted by nicoski
Words cannot describe how amazing that Crazy Taxi run was. Thanks for tuning in! VOD is already up on YouTube for those who missed it or want to see it again! #AGDQ2025 youtu.be/G4AomNJHzHk?...
Crazy Taxi with Live Backing Band by chuckles825 in 18:59 - Awesome Games Done Quick 2025
YouTube video by Games Done Quick
youtu.be
January 12, 2025 at 12:50 AM
Words cannot describe how amazing that Crazy Taxi run was. Thanks for tuning in! VOD is already up on YouTube for those who missed it or want to see it again! #AGDQ2025 youtu.be/G4AomNJHzHk?...
Discover a new tool for reverse engineers: "Frinet", by myr and hexabeast
Frinet: reverse-engineering made easier
www.synacktiv.com
December 18, 2023 at 11:38 PM
Discover a new tool for reverse engineers: "Frinet", by myr and hexabeast