Jordy Zomer
@pwningsystems
Security Engineer @ Google, likes fuzzing, static analysis and VR. The opinions stated here are my own, not those of my company.
You might like
Yay! My writeup on finding (half) Spectre-v1 gadgets in the Linux kernel using #CodeQL is finally live 😁😁 github.com/google/securit…
TAINT TRACKING BAYBEEE 🔥 one query away from bugs, one missing .decl away from madness
I’m starting to think these “routine” police controls at the German borders are not so random. Like literally every time they do a control it’s always me 😂
I've been asked countless times how to learn VR & xdev. The answer is always: "do something you think is cool". It's hard to figure out what to do. Try the PhrackCTF which I've now open-sourced. It's not a contrived CTF - modeled after real vulnerabilities github.com/xforcered/Phra…
At long last - Phrack 72 has been released online for your reading pleasure! Check it out: phrack.org
I really like that hacking zines are now in this trend of having printed copies! It is about time. I got a few to give to folks that can't buy. Lets spread it.
We've reached a huge milestone in terms of Paged Out! prints - they are now available in the first online bookstore with global shipping: lulu.com/search?contrib… There are 4 versions there - a normal one and 3 "sponsorship" ones if you want to donate a bit more to the project.
I’m writing a CodeQL like language for fun that works on Binary Ninja IR, by lowering OOP primitives to datalog for “fun” can’t wait to finds some bugs with it! 😁😁
Slides from my talk are here: dillonfrankesecurity.com/OffensiveCon-2… And the recording is here! youtu.be/USQtPedx9Xg?fe…
youtube.com
YouTube
OffensiveCon25 - Dillon Franke
Had an absolute blast In Berlin at @offensive_con! So many awesome people, conversations, and events. Thanks so much to the organizers for having me and putting on a fantastic event!!
My team (AI Systems Security) at Google Zürich🇨🇭is hiring a Security Engineer for AI Vulnerability Research! We're looking for experts to tackle asset exfiltration, tampering and computational resources abuse. Apply: google.com/about/careers/…
Awesome work by Adam! 😁
My latest Spectre research is now public! See intra-mode BHI CPU vulnerability disclosure and PoC at github.com/google/securit…. This user-to-kernel attack bypasses eIBRS, BHB clearing and other mitigations.
Branch Race Conditions Predictor causes recent predictions to be added after more recent privilege switches (→ wrong privilege, eIBRS💥) prediction flushes (→ retained valid, IBPB💥) finish. @sparchatus eventually figured it out 🙌
Disclosing Branch Predictor Race Conditions (BPRC), a new class of vulnerabilities where asynchronous branch predictor operations violate hardware-enforced privilege and context separation in virtually all recent Intel CPUs. @wiknerj @kavehrazavi : comsec.ethz.ch/bprc
Implementing a custom #CodeQL extractor + libs for an unsupported language is pure torture but hey I found some bugs already so I guess it’s worth it
That moment when you found a bug but it's a PITA to reach so you just point afl++ at it :')
I would like to praise @gabrielnb outstanding contributions to the security community and hacking, not only as editor of the magazine for the past 6+ years, but also for his sharing of perspectives, guidance and technical contributions. In this edition we wrote another small…
#H2HC2024 (Revista #19) versao Online finalmente lancada! github.com/h2hconference/… - Mais de 100 paginas de conteudo gratuito, exclusivo e de alto nivel. Agradecemos o trabalho do editor @gabrielnb em todos esses anos, sendo esta sua ultima participacao como editor!
Wrote a MCP server for #CodeQL, tried it out with Cursor and it's quite fun so far! I think the next step would be adding support for query-models. Allowing an LLM to easily add sources/sinks to existing queries could be very promising😁 github.com/JordyZomer/cod…
 or AI agents to interact with CodeQL through structure...](https://pbs.twimg.com/card_img/1988466521312571392/QCdkhNLV?format=jpg&name=orig)
United States Trends
- 1. Cal Raleigh 2,861 posts
- 2. Aaron Judge 12.5K posts
- 3. #911onABC 3,124 posts
- 4. AL MVP 7,876 posts
- 5. Shohei Ohtani 30.4K posts
- 6. ALL RISE 9,836 posts
- 7. RIP Beef N/A
- 8. Under Armour 9,217 posts
- 9. #internetinvitational N/A
- 10. Purdue 5,379 posts
- 11. #RepBX N/A
- 12. Megyn Kelly 45.5K posts
- 13. Big Dumper N/A
- 14. Nike 28.2K posts
- 15. Blue Origin 12.8K posts
- 16. #TNFonPrime 1,540 posts
- 17. #LatinGRAMMY 39.8K posts
- 18. Senator Fetterman 24.9K posts
- 19. Aden Holloway N/A
- 20. Curry Brand 7,667 posts
You might like
-
Linux Kernel Security
@linkersec -
Interrupt Labs
@InterruptLabs -
seal
@seal9055 -
[email protected]
@0xdea -
kylebot
@ky1ebot -
starlabs
@starlabs_sg -
Pietro Borrello
@borrello_pietro -
sakura
@eternalsakura13 -
sam4k
@sam4k1 -
Alex Plaskett
@alexjplaskett -
Dohyun Lee
@l33d0hyun -
Seth Jenkins
@__sethJenkins -
Andrey Konovalov
@andreyknvl -
Connor McGarr
@33y0re -
Dataflow Security
@dfsec_com
Something went wrong.
Something went wrong.