Battle Programmer Yuu

Here are the slides for my RECon 2024 talk "Binary Golfing UEFI Applications" !! Had a lot of fun, thanks for having me! github.com/netspooky/golf…

seeing my @vxunderground Black Mass article “EFI Byte Code Virtual Machine - A Monster Emerges” in the print copy of vol III at long last has me verklempt. All the blood,sweat+tears that I poured into writing the first UEFI EBC virus were v worth it. 🖤

Reminder: “not real hacking” is cringey & shows how insecure you are. Not just emotional insecurity with your need to “protect” a word, but also the insecurity with any system you are responsible for due to all your blind spots. Real adversaries will get access no matter what…

SRAM Has No Chill: Exploiting Power Domain Separation to Steal On-Chip Secrets cacm.acm.org/research-highl…

Do I know anyone who has gotten this EUD tooling working in openocd? I keep getting errors linking to the jimtcl submodule in the linux-msm fork, and one of the submodule urls in the Linaro fork is down. 🙃 linaro.org/blog/hidden-jt…

Hiring a junior/mid role on my team for a Red Team operator, feel free to DM me with any questions or anything nvidia.wd5.myworkdayjobs.com/NVIDIAExternal…

You're the cutest hardware that I ever did see. Really love your peripherals, wanna shake your device tree.

Do I know anyone who works in finance and is aware of any entry level jobs for someone with a degree and an CFA level 1? Hmu ty!!

not convinced this is right yet, but close github.com/eigenform/perf…

🤨 wake up babe new complex microarchitectural conditions just dropped amd.com/en/resources/p…

looking for a junkyard submission for @DistrictCon for an RCE in a vape in an EOL product that expels all of the vape juice into vapor

When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (@iangcarroll and I) discovered a vulnerability that could allow an attacker to access the over 64 million chat records using the password "123456". ian.sh/mcdonalds

Had a great time presenting at @reconmtl this weekend - always amazing meeting everyone and sharing research 🙌 For those that missed the conference, or just want to review my WhatsApp work, feel free to read the slides here & hmu if you have questions! docs.google.com/presentation/d…

New blog post about all the fun I had red teaming at @NationalCCDC this year! Covers some of the fun we had this year specifically relating to the web side of things, as well as some tips and resources for competitors & those interested in participating sshell.co/red-teaming-at…

this kind of dense, walkable control flow graph is illegal to build in most american compilers

One of the best feelings is eyeballing the possible structure and message types/bitfields of a custom protocol from a log file with a few packets in it, then later finding source (or decompilation) and the packet struct exactly matches. Pattern Recognizers Rise Up.

REcon was awesome, it was great to meet old friends and make new ones... thanks @sergeybratus for the invite to the Panel with some of the greatest in the field (I emphasize again: I should not have been there, but I am super proud that I was), and thanks Hugo and @reconmtl team.…

Hello friends. Check out this awesome and unique role that just opened up on my team in SEAR. Wanna secure Apple silicon, ROMs, iBoot, and more? jobs.apple.com/en-us/details/…

BGGP6 will happen fall/winter 2025 instead of our usual summer event! Stay tuned for more details.

PHRACK is coming to @defcon! We're printing ~10,000 zines and giving an hour-long talk you won't want to miss! Stay tuned. 🔥 #40yrsOfPhrack #phrack72