face0xff
@face.0xff.re
vulnerability researcher · reverse engineer · Ⓥ🌱
https://0xff.re/
https://0xff.re/
Reposted by face0xff
Another collision: the Thalium team from Thales Group needed 3 bugs to exploit the Phillips Hue Bridge, but only their heap based buffer overflow was unique. The others were seen earlier in the contest. They still earn $13,500 and 2.75 Master of Pwn points. #Pwn2Own
October 23, 2025 at 2:19 PM
Another collision: the Thalium team from Thales Group needed 3 bugs to exploit the Phillips Hue Bridge, but only their heap based buffer overflow was unique. The others were seen earlier in the contest. They still earn $13,500 and 2.75 Master of Pwn points. #Pwn2Own
Reposted by face0xff
💡 Lights on! The Thalium Team demonstrated their mastery of the Phillips Hue Bridge by changing the color of a connected light. They head off to the disclosure room to illuminate us on how they did it. #Pwn2Own
October 23, 2025 at 12:55 PM
💡 Lights on! The Thalium Team demonstrated their mastery of the Phillips Hue Bridge by changing the color of a connected light. They head off to the disclosure room to illuminate us on how they did it. #Pwn2Own
Excited to share that I will be presenting my research on a Kindle vulnerability chain at Black Hat Europe 2025 and CODE BLUE 2025. See you in London/Tokyo :)
September 25, 2025 at 9:48 PM
Excited to share that I will be presenting my research on a Kindle vulnerability chain at Black Hat Europe 2025 and CODE BLUE 2025. See you in London/Tokyo :)
I recently solved the SSTIC 2025 challenge. A detailed writeup is available on my blog: face.0xff.re/posts/sstic-...
SSTIC Challenge 2025: Writeup
A detailed walkthrough of the renowned SSTIC challenge's 2025 edition, featuring reverse engineering, deobfuscation, browser exploit, cryptography and steganography.
face.0xff.re
June 11, 2025 at 11:48 PM
I recently solved the SSTIC 2025 challenge. A detailed writeup is available on my blog: face.0xff.re/posts/sstic-...
Reposted by face0xff
Reposted by face0xff
Recently finished an internship at Thales where I worked on binary deobfuscation using LLVM.
Here's a brief summary:
blog.thalium.re/posts/llvm-p...
Here's a brief summary:
blog.thalium.re/posts/llvm-p...
LLVM-powered devirtualization
Virtualization is a powerful technique for code obfuscation, and reversing it can be challenging. In this post, we cover the work done during an internship on developing an automated devirtualization ...
blog.thalium.re
November 25, 2024 at 7:06 PM
Recently finished an internship at Thales where I worked on binary deobfuscation using LLVM.
Here's a brief summary:
blog.thalium.re/posts/llvm-p...
Here's a brief summary:
blog.thalium.re/posts/llvm-p...