Publications

LLM Poisoning [1/3] - Reading the Transformer's Thoughts

08/10/2025
Development
Exploit
Reverse-engineering
Your local LLM can hack you. This three-part series reveals how tiny weights edits can implant stealthy backdoors that stay dormant in everyday use, then fire on specific inputs, turning a "safe" offline model into an attacker. This article shows how transformers encode concepts and how to detect them in its internal activations.

Exploring GrapheneOS secure allocator: Hardened Malloc

22/09/2025
Exploit
Systems
Reverse-engineering
GrapheneOS is a mobile operating system based on Android and focusing on privacy and security. To enhance further the security of their product, GrapheneOS developers introduced a new libc allocator : hardened malloc. This allocator has a security-focused design in mind to protect processes against common memory corruption vulnerabilities. This article will explain in details its internal architecture and how security mitigation are implemented from a security researcher point of view.

Let Me Cook You a Vulnerability: Exploiting the Thermomix TM5

10/07/2025
Hardware
Exploit
Reverse-engineering
This article delves into vulnerability research on the Thermomix TM5, leading to the discovery of multiple vulnerabilities, which allow firmware downgrade and arbitrary code execution on some firmware versions. We provide an in-depth analysis of the system and its attack surface, detailing the vulnerabilities found and steps for exploitation.

Exploiting the Tesla Wall connector from its charge port connector

17/06/2025
Hardware
Exploit
Reverse-engineering
In January 2025, we participated in Pwn2Own Automotive with multiple targets. One of them was the Tesla Wall Connector — the home charger for electric vehicles (including non-Tesla ones). We presented an attack that used the charging connector as the entry point, communicating with the charger using a non-standard protocol (for this type of application). We exploited a logic flaw to install a vulnerable firmware on the device. This article explains how we studied the device, how we built a Tesla car simulator to communicate with the c...

iOS 18.4 - dlsym considered harmful

10/04/2025
Reverse-engineering
Last week, Apple released iOS 18.4 on all supported iPhones. On devices supporting PAC (pointer authentication), we came across a strange bug during some symbols resolution using dlsym(). This blogpost details our observations and the root cause of the problem.

Hack the channel: A Deep Dive into DVB Receiver Security

08/04/2025
Hardware
Reverse-engineering
Many people have a DVB receiver in their homes, which offers a large attack surface that many don’t suspect. As these devices can require an internet connection, they provide a cool entry point to a local network. In this article, we’ll dive into the internals of the protocol and the flaws in its implementation.

Exploiting a Blind Format String Vulnerability in Modern Binaries: A Case Study from Pwn2Own Ireland 2024

30/10/2024
Exploit
Reverse-engineering
In October 2024, during the Pwn2Own event in Cork, Ireland, hackers attempted to exploit various hardware devices such as printers, routers, smartphones, home automation systems, NAS devices, security cameras, and more. This blog post highlights a challenging vulnerability that was patched just before the competition. Although it was fixed in time, it deserved more attention than simply being discarded.

Inside the iOS bug that made deleted photos reappear

23/05/2024
Reverse-engineering
Last week, Apple released iOS 17.5. Since then multiple people reported seeing photos on their phone they had previously deleted. The bug was fixed in 17.5.1. In this blogpost we will dive into how the bug appeared and how it was fixed by Apple.

Exploiting American Conquest

16/04/2024
Exploit
Reverse-engineering
Back in 2023, we looked for vulnerabilities in American Conquest as a side research project. We found and reported multiple stack buffer overflow. Despite the publisher will not fix the bugs because the game is too old, we share today the details of our research. This is an interesting article for those who want to get started in researching and exploiting vulnerabilities.