poc

• 2019.02.16Ryzenfallen - Exploitation of Ryzenfall for arbitrary read primitive via AMD PSP
• 2019.01.21VirtualAllocSecure - AMD Secure Memory Encryption on Windows by hacking PTEs
• 2019.01.07wsIPC - Covert channel for Windows abusing Working Set side-channel
• 2013.05.02andhook - Android Hooking Framework

tools

• 2026.02.10Praxis - Semantic command & control framework for AI agents
• 2019.11.08AMD firmware flash dumping tool
• 2019.07.17divination - platform, iospace and physmem inspection framework

talks/articles/publications

• 2026.03.11Semantically Packaged Tradecraft: Credential Dumping
• 2026.01.25Semantic Protocol Confusion: When My LLM Thinks It's a Web Browser
• 2023.12.17BSOD colour change trick (Paged Out! #3)
• 2021.01.11Linux code injection paint-by-numbers
• 2019.12.27An Arbitrary Read Exploit for Ryzenfall (PoC||GTFO 20:05)
• 2019.08.14Understanding modern UEFI-based platform boot
• 2018.09.21Admiring the Zircon: Understanding Minimal Process Creation
• 2018.04.19Introducing Windows Defender System Guard runtime attestation
• 2017.06.07PLATINUM continues to evolve, find ways to maintain invisibility
• 2016.07.07Remote Code Execution in Xiaomi MIUI Analytics (meh)
• 2016.05.23Side-channel Attacks (Ben Gurion University)
• 2015.12.08What's in an Address: Understanding DDR Memory Mapping
• 2014.08.19Attacking the Linux PRNG on Android: Weaknesses in Seeding of Entropic Pools (WOOT '14)
• 2014.08.05Remote Exploitation of the Cordova Framework (OWASP IL '14)
• 2013.04.01Intro to Timing Attacks Workshop (OWASP Jerusalem APR'13)
• 2011.06.03Abusing the Linux Dynamic Loader with LD_PRELOAD (DC9723 JUN'11)

patents

• 2020.06.30US20210406365A1 - Malicious enterprise behavior detection tool
• 2016.02.09US10366213B2 - Protecting an application via an intra-application firewall
• 2014.09.24US10419419B2 - Technologies for sensor action verification
• 2014.02.24US9296338B2 - Vehicle mirror adjustment
• 2014.01.17US20150203039A1 - Automatic rear-view mirror adjustments
• 2013.12.23US9965040B2 - Method for using magnetometer together w/ gesture to send content to wireless display
• 2013.12.20US20160292009A1 - Execution offloading through syscall trap interface
• 2013.12.16US9466296B2 - Initiation of action upon recognition of a partial voice command
• 2012.12.27US20140187148A1 - Near field communication method and apparatus using sensor context