EDK2

• May 26, 2020 Introduction to UEFI: Part 1
  shatter, Mattiwatti in UEFI, EFI, EDK2

EFI

• May 26, 2020 Introduction to UEFI: Part 1
  shatter, Mattiwatti in UEFI, EFI, EDK2

PE

• Jun 5, 2023 Abusing undocumented features to spoof PE section headers
  x86matthew in windows, PE

UEFI

• Aug 29, 2022 Bootkitting Windows Sandbox
  mrexodia, sdoogm in windows, UEFI, bootkit
• May 26, 2020 Introduction to UEFI: Part 1
  shatter, Mattiwatti in UEFI, EFI, EDK2

anti-cheats

• Jan 12, 2021 Hiding execution of unsigned code in system threads
  drew in kernel, windows, anti-cheats
• Jul 6, 2020 BattlEye client emulation
  vmcall in battleye, reverse-engineering, anti-cheats
• Jun 19, 2020 Cracking BattlEye packet encryption
  yousif, namazso, DefCon42, can1357 in battleye, reverse-engineering, anti-cheats, cryptography, eft
• Apr 17, 2020 Why anti-cheat software utilize kernel drivers
  vmcall in anti-cheats
• Apr 16, 2020 How Escape from Tarkov ensures game integrity
  vmcall in battleye, reverse-engineering, anti-cheats
• Apr 13, 2020 How anti-cheats detect system emulation
  daax, iPower, ajkhoury, drew in anti-cheats, hypervisors, reverse-engineering, easy-anti-cheat, battleye
• Apr 8, 2020 CVEAC-2020: Bypassing EasyAntiCheat integrity checks
  iPower in easy-anti-cheat, anti-cheats
• Mar 31, 2020 BattlEye reverse engineer tracking
  vmcall in battleye, reverse-engineering, anti-cheats
• Feb 26, 2020 Bypassing BattlEye from user-mode
  yousif in battleye, reverse-engineering, anti-cheats
• Jan 23, 2020 BattlEye communication hook
  vmcall in battleye, reverse-engineering, anti-cheats
• Jan 12, 2020 BattlEye hypervisor detection
  vmcall, daax in battleye, reverse-engineering, anti-cheats
• Jan 11, 2020 BattlEye single stepping
  vmcall in battleye, reverse-engineering, anti-cheats
• Jan 5, 2020 BattlEye stack walking
  vmcall in battleye, reverse-engineering, anti-cheats
• Jan 5, 2020 BattlEye shellcode updates
  vmcall in battleye, reverse-engineering, anti-cheats
• Feb 10, 2019 BattlEye anti-cheat: analysis and mitigation
  vmcall in battleye, reverse-engineering, anti-cheats

anti-debug

• May 23, 2021 Preventing memory inspection on Windows
  jm in windows, anti-debug
• Jan 20, 2021 Process on a diet: anti-debug using job objects
  jm in windows, anti-debug

automation

• Apr 3, 2021 How Runescape catches botters, and why they didn't catch me
  vmcall in automation, reverse-engineering, game-hacking

battleye

• Jul 6, 2020 BattlEye client emulation
  vmcall in battleye, reverse-engineering, anti-cheats
• Jun 19, 2020 Cracking BattlEye packet encryption
  yousif, namazso, DefCon42, can1357 in battleye, reverse-engineering, anti-cheats, cryptography, eft
• Apr 16, 2020 How Escape from Tarkov ensures game integrity
  vmcall in battleye, reverse-engineering, anti-cheats
• Apr 13, 2020 How anti-cheats detect system emulation
  daax, iPower, ajkhoury, drew in anti-cheats, hypervisors, reverse-engineering, easy-anti-cheat, battleye
• Mar 31, 2020 BattlEye reverse engineer tracking
  vmcall in battleye, reverse-engineering, anti-cheats
• Feb 26, 2020 Bypassing BattlEye from user-mode
  yousif in battleye, reverse-engineering, anti-cheats
• Jan 23, 2020 BattlEye communication hook
  vmcall in battleye, reverse-engineering, anti-cheats
• Jan 12, 2020 BattlEye hypervisor detection
  vmcall, daax in battleye, reverse-engineering, anti-cheats
• Jan 11, 2020 BattlEye single stepping
  vmcall in battleye, reverse-engineering, anti-cheats
• Jan 5, 2020 BattlEye stack walking
  vmcall in battleye, reverse-engineering, anti-cheats
• Jan 5, 2020 BattlEye shellcode updates
  vmcall in battleye, reverse-engineering, anti-cheats
• Feb 10, 2019 BattlEye anti-cheat: analysis and mitigation
  vmcall in battleye, reverse-engineering, anti-cheats

binary-exploitation

• May 11, 2022 Earn $200K by fuzzing for a weekend: Part 2
  addison in binary-exploitation, fuzzing, bug bounty
• May 13, 2021 Counter-Strike Global Offsets: reliable remote code execution
  brymko, dezk, Simon Scannell in guest, source-engine, binary-exploitation, pwn
• Apr 20, 2021 CVE-2021-30481: Source engine remote code execution via game invites
  floesen in source-engine, binary-exploitation, pwn
• Jan 14, 2021 Escaping VirtualBox 6.1: Part 1
  Sauercl0ud, a2nkf, localo in guest, binary-exploitation, pwn, ctf
• Oct 30, 2020 Wormable remote code execution in Alien Swarm
  mev in binary-exploitation, pwn
• May 5, 2020 Source Engine Memory Corruption via LUMP_PAKFILE
  impost0r in source-engine, game-exploitation, binary-exploitation, memory-corruption, csgo

blue-pill

• Jun 2, 2025 Hypervisors for Memory Introspection and Reverse Engineering
  memN0ps in hypervisors, memory-introspection, reverse-engineering, windows, uefi, kernel, blue-pill, bootkit, rootkit, intel, vt-x, rust, virtualization

bootkit

• Jun 2, 2025 Hypervisors for Memory Introspection and Reverse Engineering
  memN0ps in hypervisors, memory-introspection, reverse-engineering, windows, uefi, kernel, blue-pill, bootkit, rootkit, intel, vt-x, rust, virtualization
• Aug 29, 2022 Bootkitting Windows Sandbox
  mrexodia, sdoogm in windows, UEFI, bootkit

bug bounty

• May 11, 2022 Earn $200K by fuzzing for a weekend: Part 2
  addison in binary-exploitation, fuzzing, bug bounty
• May 11, 2022 Earn $200K by fuzzing for a weekend: Part 1
  addison in fuzzing, bug bounty

burp-suite

• Aug 14, 2020 Abusing MacOS Entitlements for code execution
  impost0r in macos, gatekeeper, security-bypass, dropbox, visual-studio, burp-suite

cryptography

• Jun 19, 2020 Cracking BattlEye packet encryption
  yousif, namazso, DefCon42, can1357 in battleye, reverse-engineering, anti-cheats, cryptography, eft

csgo

• May 5, 2020 Source Engine Memory Corruption via LUMP_PAKFILE
  impost0r in source-engine, game-exploitation, binary-exploitation, memory-corruption, csgo

ctf

• Jan 14, 2021 Escaping VirtualBox 6.1: Part 1
  Sauercl0ud, a2nkf, localo in guest, binary-exploitation, pwn, ctf

debugging

• Jan 4, 2021 New year, new anti-debug: Don't Thread On Me
  jm in windows, debugging
• Apr 10, 2020 Kernel debugging in seconds with Vagrant
  invokestatic in windows, debugging, tooling, reverse-engineering

drm

• Jun 28, 2021 Windows 11: TPMs and Digital Sovereignty
  can1357, daax, everdox in windows, tpm, drm

dropbox

• Aug 14, 2020 Abusing MacOS Entitlements for code execution
  impost0r in macos, gatekeeper, security-bypass, dropbox, visual-studio, burp-suite

easy-anti-cheat

• Apr 13, 2020 How anti-cheats detect system emulation
  daax, iPower, ajkhoury, drew in anti-cheats, hypervisors, reverse-engineering, easy-anti-cheat, battleye
• Apr 8, 2020 CVEAC-2020: Bypassing EasyAntiCheat integrity checks
  iPower in easy-anti-cheat, anti-cheats

eft

• Jun 19, 2020 Cracking BattlEye packet encryption
  yousif, namazso, DefCon42, can1357 in battleye, reverse-engineering, anti-cheats, cryptography, eft

exploit

• Jul 1, 2020 Windows Telemetry service elevation of privilege
  Jonas L in exploit, pwn, windows
• Apr 23, 2020 From directory deletion to SYSTEM shell
  Jonas L in exploit, pwn, windows

fuzzing

• Aug 23, 2024 Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 2)
  addison in fuzzing
• Jun 30, 2024 Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 1)
  addison in fuzzing
• May 11, 2022 Earn $200K by fuzzing for a weekend: Part 2
  addison in binary-exploitation, fuzzing, bug bounty
• May 11, 2022 Earn $200K by fuzzing for a weekend: Part 1
  addison in fuzzing, bug bounty

game-exploitation

• May 5, 2020 Source Engine Memory Corruption via LUMP_PAKFILE
  impost0r in source-engine, game-exploitation, binary-exploitation, memory-corruption, csgo

game-hacking

• Apr 3, 2021 How Runescape catches botters, and why they didn't catch me
  vmcall in automation, reverse-engineering, game-hacking
• Jan 24, 2019 Reverse engineering 'Black Desert Online' (2. Speed -> local entity)
  vmcall in reverse-engineering, game-hacking
• Jan 9, 2019 Reverse engineering 'Black Desert Online' (1. Preface)
  vmcall in reverse-engineering, game-hacking

gatekeeper

• Aug 14, 2020 Abusing MacOS Entitlements for code execution
  impost0r in macos, gatekeeper, security-bypass, dropbox, visual-studio, burp-suite

guest

• May 13, 2021 Counter-Strike Global Offsets: reliable remote code execution
  brymko, dezk, Simon Scannell in guest, source-engine, binary-exploitation, pwn
• Jan 14, 2021 Escaping VirtualBox 6.1: Part 1
  Sauercl0ud, a2nkf, localo in guest, binary-exploitation, pwn, ctf

hypervisors

• Jun 2, 2025 Hypervisors for Memory Introspection and Reverse Engineering
  memN0ps in hypervisors, memory-introspection, reverse-engineering, windows, uefi, kernel, blue-pill, bootkit, rootkit, intel, vt-x, rust, virtualization
• Apr 13, 2020 How anti-cheats detect system emulation
  daax, iPower, ajkhoury, drew in anti-cheats, hypervisors, reverse-engineering, easy-anti-cheat, battleye

intel

• Jun 2, 2025 Hypervisors for Memory Introspection and Reverse Engineering
  memN0ps in hypervisors, memory-introspection, reverse-engineering, windows, uefi, kernel, blue-pill, bootkit, rootkit, intel, vt-x, rust, virtualization

kernel

• Jun 2, 2025 Hypervisors for Memory Introspection and Reverse Engineering
  memN0ps in hypervisors, memory-introspection, reverse-engineering, windows, uefi, kernel, blue-pill, bootkit, rootkit, intel, vt-x, rust, virtualization
• Jan 12, 2021 Hiding execution of unsigned code in system threads
  drew in kernel, windows, anti-cheats

lifting

• Sep 8, 2021 Tickling VMProtect with LLVM: Part 3
  fvrmatteo in lifting, llvm, vmprotect
• Sep 8, 2021 Tickling VMProtect with LLVM: Part 2
  fvrmatteo in lifting, llvm, vmprotect
• Sep 8, 2021 Tickling VMProtect with LLVM: Part 1
  fvrmatteo in lifting, llvm, vmprotect

llvm

• Oct 21, 2024 'Reflections on Trusting Trust', but completely by accident this time
  duk in llvm
• Dec 24, 2023 RISC-Y Business: Raging against the reduced machine
  mrexodia, oopsmishap in obfuscation, windows, llvm
• Sep 8, 2021 Tickling VMProtect with LLVM: Part 3
  fvrmatteo in lifting, llvm, vmprotect
• Sep 8, 2021 Tickling VMProtect with LLVM: Part 2
  fvrmatteo in lifting, llvm, vmprotect
• Sep 8, 2021 Tickling VMProtect with LLVM: Part 1
  fvrmatteo in lifting, llvm, vmprotect
• Apr 9, 2021 A look at LLVM - comparing clamp implementations
  duk in llvm

macos

• Aug 14, 2020 Abusing MacOS Entitlements for code execution
  impost0r in macos, gatekeeper, security-bypass, dropbox, visual-studio, burp-suite

memory-corruption

• May 5, 2020 Source Engine Memory Corruption via LUMP_PAKFILE
  impost0r in source-engine, game-exploitation, binary-exploitation, memory-corruption, csgo

memory-introspection

• Jun 2, 2025 Hypervisors for Memory Introspection and Reverse Engineering
  memN0ps in hypervisors, memory-introspection, reverse-engineering, windows, uefi, kernel, blue-pill, bootkit, rootkit, intel, vt-x, rust, virtualization

obfuscation

• Dec 24, 2023 RISC-Y Business: Raging against the reduced machine
  mrexodia, oopsmishap in obfuscation, windows, llvm
• Aug 8, 2022 Improving MBA Deobfuscation using Equality Saturation
  fvrmatteo, mrphrazer in synthesis, obfuscation

pwn

• May 13, 2021 Counter-Strike Global Offsets: reliable remote code execution
  brymko, dezk, Simon Scannell in guest, source-engine, binary-exploitation, pwn
• Apr 20, 2021 CVE-2021-30481: Source engine remote code execution via game invites
  floesen in source-engine, binary-exploitation, pwn
• Jan 14, 2021 Escaping VirtualBox 6.1: Part 1
  Sauercl0ud, a2nkf, localo in guest, binary-exploitation, pwn, ctf
• Oct 30, 2020 Wormable remote code execution in Alien Swarm
  mev in binary-exploitation, pwn
• Jul 1, 2020 Windows Telemetry service elevation of privilege
  Jonas L in exploit, pwn, windows
• Apr 23, 2020 From directory deletion to SYSTEM shell
  Jonas L in exploit, pwn, windows
• Apr 15, 2020 SQL Injecting FlyFF MMO
  qfrtt in pwn

reverse-engineering

• Jun 2, 2025 Hypervisors for Memory Introspection and Reverse Engineering
  memN0ps in hypervisors, memory-introspection, reverse-engineering, windows, uefi, kernel, blue-pill, bootkit, rootkit, intel, vt-x, rust, virtualization
• Apr 3, 2021 How Runescape catches botters, and why they didn't catch me
  vmcall in automation, reverse-engineering, game-hacking
• Jul 6, 2020 BattlEye client emulation
  vmcall in battleye, reverse-engineering, anti-cheats
• Jun 19, 2020 Cracking BattlEye packet encryption
  yousif, namazso, DefCon42, can1357 in battleye, reverse-engineering, anti-cheats, cryptography, eft
• May 12, 2020 Abusing DComposition to render on external windows
  yousif in windows, reverse-engineering
• Apr 28, 2020 Why anti-cheats block overclocking tools
  daax in windows, reverse-engineering
• Apr 16, 2020 How Escape from Tarkov ensures game integrity
  vmcall in battleye, reverse-engineering, anti-cheats
• Apr 13, 2020 How anti-cheats detect system emulation
  daax, iPower, ajkhoury, drew in anti-cheats, hypervisors, reverse-engineering, easy-anti-cheat, battleye
• Apr 10, 2020 Kernel debugging in seconds with Vagrant
  invokestatic in windows, debugging, tooling, reverse-engineering
• Mar 31, 2020 BattlEye reverse engineer tracking
  vmcall in battleye, reverse-engineering, anti-cheats
• Feb 26, 2020 Bypassing BattlEye from user-mode
  yousif in battleye, reverse-engineering, anti-cheats
• Jan 23, 2020 BattlEye communication hook
  vmcall in battleye, reverse-engineering, anti-cheats
• Jan 12, 2020 BattlEye hypervisor detection
  vmcall, daax in battleye, reverse-engineering, anti-cheats
• Jan 11, 2020 BattlEye single stepping
  vmcall in battleye, reverse-engineering, anti-cheats
• Jan 5, 2020 BattlEye stack walking
  vmcall in battleye, reverse-engineering, anti-cheats
• Jan 5, 2020 BattlEye shellcode updates
  vmcall in battleye, reverse-engineering, anti-cheats
• Nov 6, 2019 Bypassing kernel function pointer integrity checks
  vmcall in windows, reverse-engineering
• Oct 18, 2019 Hooking the graphics kernel subsystem
  vmcall in windows, reverse-engineering
• May 16, 2019 Exam surveillance - the return. (ExamCookie)
  vmcall in reverse-engineering
• Mar 7, 2019 The nadir of surveillance (Den Digitale Prøvevagt)
  vmcall in reverse-engineering
• Feb 10, 2019 BattlEye anti-cheat: analysis and mitigation
  vmcall in battleye, reverse-engineering, anti-cheats
• Jan 24, 2019 Reverse engineering 'Black Desert Online' (2. Speed -> local entity)
  vmcall in reverse-engineering, game-hacking
• Jan 9, 2019 Reverse engineering 'Black Desert Online' (1. Preface)
  vmcall in reverse-engineering, game-hacking

rootkit

• Jun 2, 2025 Hypervisors for Memory Introspection and Reverse Engineering
  memN0ps in hypervisors, memory-introspection, reverse-engineering, windows, uefi, kernel, blue-pill, bootkit, rootkit, intel, vt-x, rust, virtualization

rust

• Jun 2, 2025 Hypervisors for Memory Introspection and Reverse Engineering
  memN0ps in hypervisors, memory-introspection, reverse-engineering, windows, uefi, kernel, blue-pill, bootkit, rootkit, intel, vt-x, rust, virtualization

security-bypass

• Aug 14, 2020 Abusing MacOS Entitlements for code execution
  impost0r in macos, gatekeeper, security-bypass, dropbox, visual-studio, burp-suite

source-engine

• May 13, 2021 Counter-Strike Global Offsets: reliable remote code execution
  brymko, dezk, Simon Scannell in guest, source-engine, binary-exploitation, pwn
• Apr 20, 2021 CVE-2021-30481: Source engine remote code execution via game invites
  floesen in source-engine, binary-exploitation, pwn
• May 5, 2020 Source Engine Memory Corruption via LUMP_PAKFILE
  impost0r in source-engine, game-exploitation, binary-exploitation, memory-corruption, csgo

synthesis

• Aug 8, 2022 Improving MBA Deobfuscation using Equality Saturation
  fvrmatteo, mrphrazer in synthesis, obfuscation

tooling

• Apr 10, 2020 Kernel debugging in seconds with Vagrant
  invokestatic in windows, debugging, tooling, reverse-engineering

tpm

• Jun 28, 2021 Windows 11: TPMs and Digital Sovereignty
  can1357, daax, everdox in windows, tpm, drm

uefi

• Jun 2, 2025 Hypervisors for Memory Introspection and Reverse Engineering
  memN0ps in hypervisors, memory-introspection, reverse-engineering, windows, uefi, kernel, blue-pill, bootkit, rootkit, intel, vt-x, rust, virtualization

virtualization

• Jun 2, 2025 Hypervisors for Memory Introspection and Reverse Engineering
  memN0ps in hypervisors, memory-introspection, reverse-engineering, windows, uefi, kernel, blue-pill, bootkit, rootkit, intel, vt-x, rust, virtualization

visual-studio

• Aug 14, 2020 Abusing MacOS Entitlements for code execution
  impost0r in macos, gatekeeper, security-bypass, dropbox, visual-studio, burp-suite

vmprotect

• Sep 8, 2021 Tickling VMProtect with LLVM: Part 3
  fvrmatteo in lifting, llvm, vmprotect
• Sep 8, 2021 Tickling VMProtect with LLVM: Part 2
  fvrmatteo in lifting, llvm, vmprotect
• Sep 8, 2021 Tickling VMProtect with LLVM: Part 1
  fvrmatteo in lifting, llvm, vmprotect

vt-x

• Jun 2, 2025 Hypervisors for Memory Introspection and Reverse Engineering
  memN0ps in hypervisors, memory-introspection, reverse-engineering, windows, uefi, kernel, blue-pill, bootkit, rootkit, intel, vt-x, rust, virtualization

windows

• Jun 2, 2025 Hypervisors for Memory Introspection and Reverse Engineering
  memN0ps in hypervisors, memory-introspection, reverse-engineering, windows, uefi, kernel, blue-pill, bootkit, rootkit, intel, vt-x, rust, virtualization
• Dec 24, 2023 RISC-Y Business: Raging against the reduced machine
  mrexodia, oopsmishap in obfuscation, windows, llvm
• Jun 5, 2023 Abusing undocumented features to spoof PE section headers
  x86matthew in windows, PE
• Aug 29, 2022 Bootkitting Windows Sandbox
  mrexodia, sdoogm in windows, UEFI, bootkit
• Jun 28, 2021 Windows 11: TPMs and Digital Sovereignty
  can1357, daax, everdox in windows, tpm, drm
• May 23, 2021 Preventing memory inspection on Windows
  jm in windows, anti-debug
• Jan 29, 2021 BitLocker touch-device lockscreen bypass
  Abdelhamid Naceri in windows
• Jan 20, 2021 Process on a diet: anti-debug using job objects
  jm in windows, anti-debug
• Jan 15, 2021 BitLocker Lockscreen bypass
  Jonas L in windows
• Jan 12, 2021 Hiding execution of unsigned code in system threads
  drew in kernel, windows, anti-cheats
• Jan 4, 2021 New year, new anti-debug: Don't Thread On Me
  jm in windows, debugging
• Jul 1, 2020 Windows Telemetry service elevation of privilege
  Jonas L in exploit, pwn, windows
• May 12, 2020 Abusing DComposition to render on external windows
  yousif in windows, reverse-engineering
• Apr 28, 2020 Why anti-cheats block overclocking tools
  daax in windows, reverse-engineering
• Apr 23, 2020 From directory deletion to SYSTEM shell
  Jonas L in exploit, pwn, windows
• Apr 10, 2020 Kernel debugging in seconds with Vagrant
  invokestatic in windows, debugging, tooling, reverse-engineering
• Nov 6, 2019 Bypassing kernel function pointer integrity checks
  vmcall in windows, reverse-engineering
• Oct 18, 2019 Hooking the graphics kernel subsystem
  vmcall in windows, reverse-engineering