Michal Melewski
@carste1n.bsky.social
Security Engineer @ Cloudflare,
ex-Google ISE,
I use bad software and bad machines for the wrong things.
My writing: https://carstein.github.io
ex-Google ISE,
I use bad software and bad machines for the wrong things.
My writing: https://carstein.github.io
Reposted by Michal Melewski
Building a Debugger is now officially released!
It guides you through building a whole native x64 debugger from scratch, dispelling all the magic and teaching you a ton about operating systems as it goes.
Even if you don't care about building a debugger, you can read it to your cat.
It guides you through building a whole native x64 debugger from scratch, dispelling all the magic and teaching you a ton about operating systems as it goes.
Even if you don't care about building a debugger, you can read it to your cat.
June 10, 2025 at 3:59 PM
Building a Debugger is now officially released!
It guides you through building a whole native x64 debugger from scratch, dispelling all the magic and teaching you a ton about operating systems as it goes.
Even if you don't care about building a debugger, you can read it to your cat.
It guides you through building a whole native x64 debugger from scratch, dispelling all the magic and teaching you a ton about operating systems as it goes.
Even if you don't care about building a debugger, you can read it to your cat.
Reposted by Michal Melewski
Our OffensiveCon talk on stateful baseband emulation (and how improper string handling led to baseband RCE) is available on YouTube: youtu.be/zoAITq7jUM8. It has been a pleasure; awesome conference, brilliant people. Slides and paper: www.danielklischies.net/research/bas...
OffensiveCon25 - Daniel Klischies and David Hirsch
YouTube video by OffensiveCon
youtu.be
May 28, 2025 at 11:21 AM
Our OffensiveCon talk on stateful baseband emulation (and how improper string handling led to baseband RCE) is available on YouTube: youtu.be/zoAITq7jUM8. It has been a pleasure; awesome conference, brilliant people. Slides and paper: www.danielklischies.net/research/bas...
Reposted by Michal Melewski
A small slide deck for a 15 minute impulse talk at Cycon 2025 in Talinn: docs.google.com/presentation...
A walk down the learning curve
A walk down the learning curve (and memory lane) Thomas Dullien (“Halvar Flake”) Computing Mathematician
docs.google.com
May 28, 2025 at 2:43 PM
A small slide deck for a 15 minute impulse talk at Cycon 2025 in Talinn: docs.google.com/presentation...
This time a little bit of something about concurrent programming in Rust: carstein.github.io/rust/2025/05...
Channels and threads in Rust
carstein.github.io
May 25, 2025 at 9:23 PM
This time a little bit of something about concurrent programming in Rust: carstein.github.io/rust/2025/05...
A friend of mine is organizing a course about reversing binary files and protocols: hackarcana.com/workshop-ses...
recommendation++
recommendation++
hackArcana
hackarcana.com
March 21, 2025 at 5:39 PM
A friend of mine is organizing a course about reversing binary files and protocols: hackarcana.com/workshop-ses...
recommendation++
recommendation++
I had so much hope for MPK but why oh why is the PKRU register writable from the user space...
March 16, 2025 at 10:43 PM
I had so much hope for MPK but why oh why is the PKRU register writable from the user space...
This time something non-technical: carstein.github.io/short/2025/0...
Hours you work
carstein.github.io
March 15, 2025 at 9:55 PM
This time something non-technical: carstein.github.io/short/2025/0...
Still experimenting with struct diagraming. Any recomendations for tools like asciiflow?
March 12, 2025 at 10:07 AM
Still experimenting with struct diagraming. Any recomendations for tools like asciiflow?
Wrote a short article about structures in C and Rust: carstein.github.io/rust/2025/03...
This is pretty much teaser about upcoming KVM series.
This is pretty much teaser about upcoming KVM series.
Translating structures between C and Rust
carstein.github.io
March 11, 2025 at 9:02 PM
Wrote a short article about structures in C and Rust: carstein.github.io/rust/2025/03...
This is pretty much teaser about upcoming KVM series.
This is pretty much teaser about upcoming KVM series.
I've started writing a short intro to KVM and realized all C struct visualizers suck, so I had to make my own pictures by hand. Still doesn't look like I imagined it in my head.
February 16, 2025 at 5:07 PM
I've started writing a short intro to KVM and realized all C struct visualizers suck, so I had to make my own pictures by hand. Still doesn't look like I imagined it in my head.
Today I'm just chillin
February 12, 2025 at 1:25 PM
Today I'm just chillin
Reposted by Michal Melewski
I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
February 4, 2025 at 7:34 PM
I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
Reposted by Michal Melewski
It's out and make for a very interesting read:
github.com/google/secur...
IMO, AMD should own it and release a microcode SDK....
@sirdarckcat.bsky.social
github.com/google/secur...
IMO, AMD should own it and release a microcode SDK....
@sirdarckcat.bsky.social
AMD: Microcode Signature Verification Vulnerability
### Summary
Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside...
github.com
February 3, 2025 at 10:12 PM
It's out and make for a very interesting read:
github.com/google/secur...
IMO, AMD should own it and release a microcode SDK....
@sirdarckcat.bsky.social
github.com/google/secur...
IMO, AMD should own it and release a microcode SDK....
@sirdarckcat.bsky.social
Roughly three weeks ago I was invited as a guest speaker by guys from @doyensec.bsky.social for their lunch and learn session. Such invitations are great because and I greatly appreciate them. Yesterday I have recived this 'thank you' gift. You guys rock.
January 31, 2025 at 12:46 PM
Roughly three weeks ago I was invited as a guest speaker by guys from @doyensec.bsky.social for their lunch and learn session. Such invitations are great because and I greatly appreciate them. Yesterday I have recived this 'thank you' gift. You guys rock.
Refuting a bullshit bug bounty report from (probably) a LLM is my least favorite way to spend my friday afternoon. What a waste of time and energy. Hashtag BegBount.
January 27, 2025 at 2:37 PM
Refuting a bullshit bug bounty report from (probably) a LLM is my least favorite way to spend my friday afternoon. What a waste of time and energy. Hashtag BegBount.
And the prize for the least irony-aware crowd goes to linkedin commentators.
www.linkedin.com/posts/austin...
www.linkedin.com/posts/austin...
Austin Nasso on LinkedIn: I make $340,000 per year in San Francisco as a software engineer and it's… | 4,641 comments
I make $340,000 per year in San Francisco as a software engineer and it's utterly unlivable.
Let's break it down.
After taxes, my take home is… | 4,641 comments on LinkedIn
www.linkedin.com
January 21, 2025 at 3:54 PM
And the prize for the least irony-aware crowd goes to linkedin commentators.
www.linkedin.com/posts/austin...
www.linkedin.com/posts/austin...
Looks like I'm going to offensiveCon. See you all there.
January 15, 2025 at 6:47 PM
Looks like I'm going to offensiveCon. See you all there.
Reposted by Michal Melewski
Watch the recording of my #ekoparty talk "Advanced #Fuzzing with #LibAFL" here:
youtu.be/FI7C37lz4Rg?...
Thanks @fede-k.bsky.social for this amazing event!
youtu.be/FI7C37lz4Rg?...
Thanks @fede-k.bsky.social for this amazing event!
January 15, 2025 at 8:51 AM
I've started using ghostty (as an experiment). I like it, it works well and I really like the default theme. Right, I love how it looks but I have zero idea what it is the default theme. It just doesn't seems to be saved anywhere so I can't set the same theme in all other apps. I'm sad.
January 8, 2025 at 8:11 PM
I've started using ghostty (as an experiment). I like it, it works well and I really like the default theme. Right, I love how it looks but I have zero idea what it is the default theme. It just doesn't seems to be saved anywhere so I can't set the same theme in all other apps. I'm sad.
Reposted by Michal Melewski
Project Zero is hiring 👀
No need to tell y'all that the team is awesome
No need to tell y'all that the team is awesome
Senior Security Engineer, Security Research — Google Careers
www.google.com
January 8, 2025 at 10:23 AM
Project Zero is hiring 👀
No need to tell y'all that the team is awesome
No need to tell y'all that the team is awesome
In the end everything was ok. It turned out all components were working correctly but for some reason my monitor wasn't. It was strange - laptop connected via usb-c was ok, but display port was not. Troubleshooting tip: never assume anything, check everything.
Last PC I built from scratch was almost 10 years ago. I was not looking forward to the next one - I hate cabling, I hate how modern PCs are just a nest of wires and there is a little elegance while one crams all those unwieldy cabling around the badly manufactured chasis.
December 29, 2024 at 12:16 PM
In the end everything was ok. It turned out all components were working correctly but for some reason my monitor wasn't. It was strange - laptop connected via usb-c was ok, but display port was not. Troubleshooting tip: never assume anything, check everything.
Bit unorthodox, but ...
Watching videos like www.youtube.com/watch?v=Y891... gives me some thought. If you are a large organization looking for a PM, TPM or a manager you should have your recruiters trawling games like this (or EVE) in search of a capable candidates.
Watching videos like www.youtube.com/watch?v=Y891... gives me some thought. If you are a large organization looking for a PM, TPM or a manager you should have your recruiters trawling games like this (or EVE) in search of a capable candidates.
The Shipyard - Foxhole
YouTube video by Robert LuvsGames
www.youtube.com
December 26, 2024 at 12:19 PM
Bit unorthodox, but ...
Watching videos like www.youtube.com/watch?v=Y891... gives me some thought. If you are a large organization looking for a PM, TPM or a manager you should have your recruiters trawling games like this (or EVE) in search of a capable candidates.
Watching videos like www.youtube.com/watch?v=Y891... gives me some thought. If you are a large organization looking for a PM, TPM or a manager you should have your recruiters trawling games like this (or EVE) in search of a capable candidates.
Last PC I built from scratch was almost 10 years ago. I was not looking forward to the next one - I hate cabling, I hate how modern PCs are just a nest of wires and there is a little elegance while one crams all those unwieldy cabling around the badly manufactured chasis.
December 24, 2024 at 11:48 PM
Last PC I built from scratch was almost 10 years ago. I was not looking forward to the next one - I hate cabling, I hate how modern PCs are just a nest of wires and there is a little elegance while one crams all those unwieldy cabling around the badly manufactured chasis.
I thinks Steve is my spirit animal
December 23, 2024 at 3:50 PM
I thinks Steve is my spirit animal
All the @chompie.rip presentations have great content but the graphics... I would kill for having such great slides.
December 18, 2024 at 7:08 PM
All the @chompie.rip presentations have great content but the graphics... I would kill for having such great slides.