Boris Larin
@oct0xor
Former console hacker (PS3/PS4). Hunting in the wild 0-days at Kaspersky GReAT. All tweets are my own.
Kept you waiting, huh? Its the 20th anniversary of Metal Gear Solid 2: Substance, and as promised, here's a mod that lets you play it with the 3rd person camera from Metal Gear Solid 3: Subsistence! github.com/oct0xor/mgs2sos
Check out our analysis of the SharePoint ToolShell vulnerabilities: how the ITW exploit works, how it was patched, and why the initial patches could be easily bypassed securelist.com/toolshell-expl…
Really enjoyed @typhooncon keynote of Andy @theflow0 about his journey of hacking gaming consoles. One of the best and most inspiring talks on bug hunting I have ever seen!
🚨 Less than 10 days until the SAS CTF 2025 Quals kick off! 🚨 Register your team now and claim the spot in the top 8 to compete for a share of the $18,000 prize pot at the on-site finals at the SAS conference in Thailand. Register: ctf.thesascon.com
My talk about the recent SMM architecture and security at @TheSAScon : youtube.com/watch?v=AIGj6Q… The conference was well organized and had plenty of networking opportunities. Though, the best thing was the venue :) It is at a beautiful resort again this year, so you will love it.
🌪️ TyphoonCon 2025: Full Speaker Lineup Revealed! We're thrilled to announce our complete speaker assembly for TyphoonCon 2025 This year's lineup represents our most diverse and technically impressive collection of offensive security talent yet. From cutting-edge hardware…
I'm really happy to announce that we've just opened registration for the SAS CTF 2025 qualifying round!⛳️ This year's top 8 teams will qualify for the onsite finals to compete for a share of the $18.000 prize pool at the Security Analyst Summit conference in Khao Lak, Thailand…
🎉 It’s official – #SAS2025 is coming! The world’s GReATest cybersecurity event returns with cutting-edge research, mind-blowing hacks, and the ultimate CTF finale. You won't want to miss this, book your place now: kas.pr/97zh
Someone pointed out that MITRE is letting go of 400+ employees, which is definitely a big number. But with ~9,000 employees total, that’s still less than 5%. To me, that doesn’t explain why the CVE team had to be part of the cut. It’s probably a small group, maybe 5–10 people.…
Nintendo website in 2001 #WebDesignHistory
We (me + @2igosha) have discovered a new Google Chrome 0-day that is being used in targeted attacks to deliver sophisticated spyware 🔥🔥🔥. It was just fixed as CVE-2025-2783 and we are revealing the first details about it and “Operation ForumTroll” securelist.com/operation-foru…
We're delighted to welcome @oct0xor to the #TyphoonCon2025 lineup! 🎤 Join us in Seoul on May 29-30! 🔗typhooncon.com/agenda
You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials. bughunters.google.com/blog/542484235…
Here's part 2 of my Hacking the Xbox 360 Hypervisor blog series, where I find and exploit bugs in hypervisor code to create the "Bad Update" exploit: icode4.coffee/?p=1081
Here's part 1 of my blog series on hacking the Xbox 360 hypervisor. This covers the design of the hypervisor and hardware security features that back it. Consider it prerequisite material for part 2 which will be released next week (along with the exploit) icode4.coffee/?p=1047
Wow, what a cool move from EA! I wish every game remaster came with source code or at least debugging symbols
I never thought I'd be positively sharing an EA thing, but they just published source code to the Command & Conquer games: github.com/electronicarts/
GReAT team's plugin for IDA Pro decompiler won first place 🥇 in the 2024 Hex-Rays IDA Plugin Contest! Grab our secret ingredient for malware reverse engineering and check out the GIFs demonstrating its use if you haven't already – github.com/KasperskyLab/h…
Starting today you will no longer be able to buy these military grade Lego minifigures through Bricklink if you live in Russia
