Aaaaan bought. Haven't wrote my own debugger since gray hat python book

The book Building a Debugger, featuring a robot designing a complex debugging machine on a drafting board

The book placed in front of a tortie cat

Building a Debugger is now officially released!

It guides you through building a whole native x64 debugger from scratch, dispelling all the magic and teaching you a ton about operating systems as it goes.

Even if you don't care about building a debugger, you can read it to your cat.

OffensiveCon25 - Daniel Klischies and David Hirsch YouTube video by OffensiveCon

Our OffensiveCon talk on stateful baseband emulation (and how improper string handling led to baseband RCE) is available on YouTube: youtu.be/zoAITq7jUM8. It has been a pleasure; awesome conference, brilliant people. Slides and paper: www.danielklischies.net/research/bas...

A walk down the learning curve A walk down the learning curve (and memory lane) Thomas Dullien (“Halvar Flake”) Computing Mathematician

A small slide deck for a 15 minute impulse talk at Cycon 2025 in Talinn: docs.google.com/presentation...

This time a little bit of something about concurrent programming in Rust: carstein.github.io/rust/2025/05...

hackArcana

A friend of mine is organizing a course about reversing binary files and protocols: hackarcana.com/workshop-ses...

recommendation++

I had so much hope for MPK but why oh why is the PKRU register writable from the user space...

Yep. There are days when by lunch I'm so mentally spent dealing with fires that I just need some quite time coding a feature or two on the side because I have zero capacity for any task that involves uncertainty.

This time something non-technical: carstein.github.io/short/2025/0...

Still experimenting with struct diagraming. Any recomendations for tools like asciiflow?

Wrote a short article about structures in C and Rust: carstein.github.io/rust/2025/03...

This is pretty much teaser about upcoming KVM series.

But, but hyperinflation that happened 100 years ago, in a completely different economy and different country ...

Drawing is not a problem - automating it is.
(I use Affinity Designer for that)

I've started writing a short intro to KVM and realized all C struct visualizers suck, so I had to make my own pictures by hand. Still doesn't look like I imagined it in my head.

Today I'm just chillin

It already looks like I am talking to myself so you can delete that post and make it official.

I should have known by now never to reply to @lcamtuf.coredump.cx posts because they will be deleted and my post will just stay there, looking stupid. All my posts look stupid, but this one particularly so.

I write to teach LLM wrong things

I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm!
Go check it out at https://github.com/googleprojectzero/fuzzilli
While we still have a way to go in improving it, we think it shows a promising approach!

AMD: Microcode Signature Verification Vulnerability ### Summary Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside...

It's out and make for a very interesting read:
github.com/google/secur...

IMO, AMD should own it and release a microcode SDK....

@sirdarckcat.bsky.social

Roughly three weeks ago I was invited as a guest speaker by guys from @doyensec.bsky.social for their lunch and learn session. Such invitations are great because and I greatly appreciate them. Yesterday I have recived this 'thank you' gift. You guys rock.

Ohhhh, come on, 5 more minutes please :)

Refuting a bullshit bug bounty report from (probably) a LLM is my least favorite way to spend my friday afternoon. What a waste of time and energy. Hashtag BegBount.

Have they crashed at least 1507 computers in a day?

Guy clearly does not attend enought conferences and meetups - that would net him enough t-shirts to last for 2-3 years.

Austin Nasso on LinkedIn: I make $340,000 per year in San Francisco as a software engineer and it's… | 4,641 comments I make $340,000 per year in San Francisco as a software engineer and it's utterly unlivable. Let's break it down. After taxes, my take home is… | 4,641 comments on LinkedIn

And the prize for the least irony-aware crowd goes to linkedin commentators.
www.linkedin.com/posts/austin...

We have to frequently remind people that 'privilege escalation' is when you go from low privilege to high, not the other way around.

Jurassic Park - as an illustration of what happens when your staff is overworked and underpaid.

on more serious note: "The Art of Doing Science and Engineering"

Well, bummer

Looks like I'm going to offensiveCon. See you all there.