ö

@r0keb

low level enthusiast

Joined May 2023

105Following

569Followers

ö@r0keb · 2 h

Good Morning! Just published a blog post diving into Windows Kernel LFH exploitation in the latest Windows 24h2 build, Focusing on controlled allocations to achieve arbitrary read/write in the kernel. r0keb.github.io/posts/Modern-(…

3.0K

ö@r0keb · Jul 7

Good morning! Just published a blog post diving into Windows Kernel Pool internals: basics, memory allocation functions, internal structures, and how Segment Heap, LFH, and VS work. r0keb.github.io/posts/Windows-…

135

397

230

29.0K

ö@r0keb · Jun 16

Just published a blog post exploring junk code engines used in polymorphic malware. Part one covers ETG by Z0MBiE (32-bit). Part two introduces TrashFormer, my 64-bit implementation. Both fully written in assembly. r0keb.github.io/posts/Junk-Cod…

125

7.0K

ö@r0keb · Jun 2

Good morning! Just published a deep dive into PatchGuard internals: how it works, key internal functions, context init, and possible bypasses. r0keb.github.io/posts/PatchGua…

106

313

187

21.0K

ö@r0keb · May 19

Good morning! I just published a blog post about a KASLR bypass that works on modern Windows 11 versions. It leverages Intel CPU cache timings to exfiltrate the base address of ntoskrnl.exe. I hope you like it! r0keb.github.io/posts/Bypassin…

131

414

202

24.0K

ö Retweeted

Proteas@ProteasWang · May 13

`CVE-2025-24203`: hierarchy of vm_object_t when changing `MAP_SHARED` to `MAP_PRIVATE`. The topmost object has its own physical page.

9.0K

ö Retweeted

Hors@horsicq · May 6

obfus.h is the powerfull compile-time obfuscator for C (win32/64). Supports virtualization, anti-debugging, control flow obfuscation and other code mutation techniques to prevent disassembly or decompilation. github.com/DosX-dev/obfus… #CodeSecurity #Obfuscation #infosec

270

185

13.0K

ö@r0keb · May 5

Just dropped a blog post on NtQuerySystemInformation changes that killed an old kASLR bypass. Added some internals research too, pre & post 24H2. Check it out! r0keb.github.io/posts/kASLR-In…

5.0K

ö Retweeted

Daax@daaximus · May 4

Unlock forbidden Windows knowledge! 🤫💻 Find the PEB through truly undetected means and pop calculator 💥 The non-golf form will be available below 👇 #redteamtips #windowsinternals #rust

302

203

51.0K

ö@r0keb · Apr 21

New blog post out! I cover two SMEP bypass techniques in the Windows Kernel: one using a Write-What-Where to flip the U/S bit in the PTE, and another via type confusion with ROP and stack pivoting. Check it out! r0keb.github.io/posts/Bypassin…

3.0K

ö@r0keb · Apr 12

I've just published a new blog post where I explain various Shellcoding techniques in the Windows Kernel. There's also a GitHub repo with the code used. Hope you enjoy it! r0keb.github.io/posts/Windows-…

391

ö Retweeted

Nathan Blondel@slowerzs · Mar 29

Think HVCI and kCET mean the end of kernel code execution? I wrote a blogpost exploring an alternative way to execute a kernel payload! :) blog.slowerzs.net/posts/keyjumpe…

118

280

157

39.0K

ö Retweeted

2OURC3@2ourc3 · Jan 27

Write-up of my v8 bug: Critical type confusion in V8's Turboshaft compiler allowed stale pointers to bypass GC, leading to exploitable memory corruption. Full details + PoC: bushido-sec.com/index.php/2025…

248

109

16.0K

ö@r0keb · Mar 21

chromium-review.googlesource.com/c/v8/v8/+/6297…

xxvonfers@xvonfers · Feb 24

🤔🤔🤔 [turbolev] Escape analysis(WIP) chromium-review.googlesource.com/c/v8/v8/+/6297…

2.0K

ö Retweeted

xvonfers@xvonfers · Mar 20

Better domatolpm generation: groups.google.com/a/chromium.org… Add a notification_service domatolpm MojoJS fuzzer: chromium-review.googlesource.com/c/chromium/src… Introduce an automated MojoJS IPC fuzzer that uses DomatoLPM to generate JS based testcases: chromium-review.googlesource.com/c/chromium/src…

1.0K

ö Retweeted

Carl Smith@cffsmith · Feb 4

I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm! Go check it out at github.com/googleprojectz…. While we still have a way to go in improving it, we think it shows a promising approach!

107

471

205

33.0K

ö Retweeted

Connor McGarr@33y0re · Feb 3

Today I’m sharing a blog post on the implementation of kernel mode shadow stacks on Windows! This post covers actively debugging the Secure Kernel and also outlines why VTL 1 is relied on to help maintain the integrity of the supervisor shadow stacks! connormcgarr.github.io/km-shadow-stac…

154

491

248

46.0K

ö Retweeted

DebugPrivilege@DebugPrivilege · Jan 28

For the hardcore reverse engineers and malware analysts out there, my ex-colleague just dropped a deep dive into 'Scatterbrain,' the obfuscator behind PoisonPlug malware. If you're into long technical breakdowns, this one's worth a read. cloud.google.com/blog/topics/th…

291

200

33.0K

ö Retweeted

x86matthew@x86matthew · Jan 23

I created a hypervisor-based emulator for Windows x64 binaries. This project uses Windows Hypervisor Platform to build a virtualized user-mode environment, allowing syscalls and memory accesses to be logged or intercepted. elastic.co/security-labs/… Project: github.com/x86matthew/Win…

354

1.0K

682

108.0K

ö Retweeted

logic destroyer@splinedrive · Jan 18

Here's a video series of someone struggling to build an 8-bit superscalar CPU, and they're still not finished after a year. youtube.com/@fabianschuiki…

4.0K