2024

Bob and Alice in Kernel-land - Part 3
bug kernel
Bob and Alice in Kernel-land - Part 2
bug kernel
Financial Forensics in a fragmented ecosystem
financial forensics brics
Election Security - Friday Review
democracy
Bob and Alice in Kernel-land
bug kernel

2023

Researching Triangulation: Detecting CVE-2023-41990 with single byte signatures.
bug truetype apple
Researching BLASTPASS: Analysing the Apple & Google WebP POC file - Part 2
bug webp apple google
Researching BLASTPASS: Detecting the exploit inside a WebP file - Part 1
rust

2022

Researching FORCEDENTRY: Detecting the Exploit With No Samples
rust
POC 2022 - Korea - Keynote 🦀
rust
Vegas 2022 - A web3 security review
web3
Magnet Forensics Acquires Cybersecurity Software Firm Comae Technologies
acquisition

2020

SUNBURST & Memory Analysis
solarwinds sunburst
Azure Sphere Internals - Overview
iot bugbounty arm
SMBaloo - Building a RCE exploit for Windows ARM64 (SMBGhost Edition)
exploit arm64
Twitter's Information Operations - An OSINT Analysis
disinformation twitter
Facebook's Coordinated Inauthentic Behavior - An OSINT Analysis

2019

How to Solve the Blindspots of Event-Driven Detection

2018

Rethinking Logging for Critical Assets

2017

Smart Contract Languages to Follow
web3
Porosity: A Decompiler For Blockchain-Based Smart Contracts Bytecode
security ethereum
Petya.2017 is a wiper not a ransomware
Petya— Enhanced WannaCry ?
Lessons from TV5Monde 2015 Hack
security dfir
WannaCry — Decrypting files with WanaKiwi + Demos
WannaCry — Links to Lazarus Group
WannaCry — New Variants Detected!
WannaCry — The largest ransom-ware infection in History
PASSFREELY: Oracle & SWIFT at risk
ShadowBrokers: The NSA compromised the SWIFT Network

2009

Windows 7 and Windows Server 2008 R2 djoin (Offline Domain Join) utility.
dfir ad

2008

Retrieving MmPhysicalMemoryBlock regardless of the NT version
dfir
Check your system virginity in less than 60 seconds.
dfir
X-Ways Forensics Beta 2 and hibernation file. (coincidence?)
dfir