You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials. bughunters.google.com/blog/5…

We’re excited to see the security and OSS communities engage on vulnerability disclosure in light of new AI technologies that we believe will enable both defenders and attackers alike. Existing and emerging norms around disclosure are important debates, and we’ve noted the feedback. Thanks! Also want to share some additional thoughts. 1/10

Hah, I've been talked into working on research projects with @xorninja at @calif_io! Less drama, safer software! 😆

Thanks everyone for all the kind words, it means so much 🥲

On the pod this week, I saved a closing shoutout for @taviso and his work at P0 piped.video/qPj9_8azAvk?t=8398

I have many good stories from my time here, maybe I'll share some later! And yes, the leaving tradition is real, and yes they got me 😆

A personal update... after nearly 20 years at Google, today is my last day! I'm going to be working on independent research for the foreseeable future, then who knows! I've worked with so many talented people, made so many friends and seen incredible research over the years 🫡

I've met so many nerds who have a story about this box arriving from America in their small town, and having enough manuals to nerd over for weeks 🤓 (I have a story like this too).

I have a (dumb) theory about Intel. They used to ship beautiful printed manuals anywhere in the world for free if you called them. That program made a lot of engineering students customers for life. Then some middle manager killed it, and probably got a promotion.

Hey... quick question, why are anime catgirls blocking my access to the Linux kernel? 😸 lock.cmpxchg8b.com/anubis.ht…

EntrySign won 2 pwnies 🤯🤯

EntrySign was nominated for two Pwnies (best crypto bug and best desktop bug)! 🥳 piped.video/live/TuKPA-CeDFA… @__spq__ @sirdarckcat @taviso

This is neat, using EntrySign to backport microcode patches to EOL systems without BIOS updates. github.com/divestedcg/real-u…

I just learned that OSC8 (hyperlinks) in Windows Terminal uses ShellExecute(). Excellent trolling potential for README files 😆

Back in 2023, the assessment of the pre-authentication vulnerability in SSH was that it wasn't exploitable on Linux. For my OffensiveCon 2025 keynote, I wrote enough of an exploit to show, with the right heap groom and stabilization, it's likely exploitable. Then I tried to have AI do it. Up to @taviso whether that merits switching to Windows 98 :) piped.video/watch?v=Y1naY3gu…

The recording of our OffensiveCon presentation about EntrySign is live! piped.video/sUFDKTaCQEk Slides at entrysign.top @sirdarckcat @__spq__

Fuzzing Windows Defender in the Honggfuzz+IntelPT (hardware) mode scrapco.de/blog/fuzzing-wind… by @buherator

The code and tutorials are here if the link doesn't work! 😒 github.com/google/security-r…

welp, it looks like an OEM leaked the patch for "AMD Microcode Signature Verification Vulnerability" 🔥 The patch is not in linux-firmware, so this is the only patch available😡

Hey! I made a game in Bash with raylib! It's a "bullet hell" game featuring beloved penguin Tux vs an evil mutant Window! Bash is a simple scripting language, so simple it doesn't have floating point variables/arithmetic! So how was this game possible? 👇