Pinned
You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials.
Tavis Ormandy
9,255 posts
Tavis Ormandy
@taviso
I'm also @[email protected]
- I have a (dumb) theory about Intel. They used to ship beautiful printed manuals anywhere in the world for free if you called them. That program made a lot of engineering students customers for life. Then some middle manager killed it, and probably got a promotion.These are forever gone btw. Intel stickers had cool semiconductor holographics on the backside that no one will ever see, it wasn't there by accident. It was too beautiful for the modern marketing bug people, so they wiped it out.
- This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n
- Replying to @tavisoIt's amusing to me that Patrick (who actually knows what he's doing) realizes this is complicated, so hedged his analysis with "(initial) details"... but this guy just rocks up with "I'm a professional!!" and gets 25k retweets 😆 9/9
- Replying to @tavisoI've met so many nerds who have a story about this box arriving from America in their small town, and having enough manuals to nerd over for weeks 🤓 (I have a story like this too).
- Hey... quick question, why are anime catgirls blocking my access to the Linux kernel? 😸 lock.cmpxchg8b.com/anubis.html
- I'm publishing some 🔥 research today, a major design flaw in Windows that's existed for almost *two decades*. I wrote a blog post on the story of the discovery all the way through to exploitation.
- Am I the first person to pop a shell in notepad? 🤣 ....believe it or not, It's a real bug! 🐞
- I have something fun for you, I pulled the javascript interpreter out of Avast and ported it to Linux 😆 This runs unsandboxed as SYSTEM, any vulns are wormable pre-auth RCE on 400M endpoints ¯\_(ツ)_/¯ github.com/taviso/avscript 🐧
- Surprise, I ported Windows Defender to Linux. 😎
- Cloudflare have been leaking customer HTTPS sessions for months. Uber, 1Password, FitBit, OKCupid, etc. bugs.chromium.org/p/project-zero…
- Replying to @tavisoHe didn't, but we still can! His version of the faulting module has the bytes 45 8b 08 at csagent+0xe35a1, I found that version in VT, and had a look. In fact, there *is* a NULL check (test r8, r8; jz) immediately before the dereference, so his theory is provably *wrong* 🛑 6/n
- Replying to @_shalolMaybe, but I've never met anyone who's prized possession is a PDF. I have met dozens of engineers who place their own dog-eared SDM set on their desk at their first day at work. Is that goodwill just nothing? I don't know 🤷♂️
- I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. 🔥🔥🔥
