Phrack 72 article and WHY2025 conference talk
Archive
2025
-
-
A logical vulnerability in OpenPGP.js, allowing for spoofed signatures using a crafted PGP packet sequence
-
Exploiting LibreOffice (write-up) 2025-02-12
Two vulnerabilities in LibreOffice allowing semi-arbitrary file read/write and env var leakage
-
Tetris in a PDF 2025-01-12
A fully playable Tetris game embedded in a PDF file, using JavaScript and PDF form fields.
2024
-
A bunch of bugs in Ghostscript, including a classic format string vulnerability leading to RCE
-
A bug in PDF.js (and Firefox) with widespread XSS consequences
-
kb1: a fully DIY mechanical keyboard 2024-04-18
Designing and hand-assembling a homemade mechanical keyboard with custom PCBs
2023
-
Replacing a Gameboy Color's crystal oscillator with a Pi Pico to overclock it to dynamic frequencies.
-
Write-up on several bugs in Feathers.js, Sequelize, and Socket.IO relating to type confusion and incorrect interop assumptions
2022
-
Porting Doom to a payment terminal 2022-07-18
Hacking the Verifone VX820 payment terminal to run Doom and more.
2021
-
Eternal side-project: an emulator for the original GameBoy
2020
-
Exploiting a remotely-triggerable stack-based buffer overflow vulnerability on a Zyxel VMG8825-T50 router.
-
Getting root on a Zyxel VMG8825-T50 router 2020-03-26
Finding and chaining multiple vulnerabilities to get root access on a Zyxel VMG8825-T50 router.
2013
-
Rendering recursive portals with OpenGL 2013-05-19
Implementing recursive portal rendering in an OpenGL engine with clever stencil buffer usage.
2012
-
Tetris Friends AI 2012-12-24
An AI (in the gamedev sense) that plays Tetris Friends by reading screen pixels and sending simulated keystrokes via X11.