Exploiting browsers and blogging here. Always in a different country. Working with Azimuth Security 😀
- In "modern attacks on the Chrome browser : optimizations and deoptimizations" I explain a bug that allowed to trick the deoptimizer into materializing a fake object
- In "circumventing Chrome's hardening of typer bugs" I discuss a protection added to bound check elimination and how I bypassed it
- Wrote an introduction to Turbofan, a component of Chrome's JS engine (V8) responsible for optimizations
- I was the first to publish about using the self-referencing PML4 technique in Windows kernel exploits
- I made a write-up on exploiting MS10-058 when I was a student
- I wrote several articles in French for the magazine MISC
- My Infiltrate 2020 talk on chrome is postponed to 2021. Hopefuly it'll be an in-person event!
- I gave my first chrome talk at TyphoonCon Seoul in 2019!
- This is a presentation I gave in France after my second year of university ... in 2012
- Chrome's JS engine : String.indexOf typer bug in Turbofan
- Firefox's sandbox : infoleak in a crosscall
- Windows 8.1 kernel : MS14-40 - double-free in Afd.sys
- Windows 7 kernel : MS10-58 - pool overflow in tcpip.sys