Here it is. Thanks to everyone mentioned earlier. Be warned stability is not great, something to be improved on for sure.

My @dayzerosec co-host zi and I are giving our 1st training @ with a focus on attacking security hypervisors! Trainings are something we've wanted to do for a while. Take a look and share to those who would be interested :)

RT @_MatteoRizzo: Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!

@AndrewOliveau Wild how it went from one of my favorite products that I recommended all the time to what it is now. I'd still say it's one of the better desktop virtualization solutions right now but hard to say if it'll be like that for long with how its going

RE: byepervisor do people care enough about not wanting to use rest mode and resume to switch the primary exploit for byepervisor to the jump table one? its higher maintenance and possibly slightly less stable but would be slightly more convenient to run I guess

@MODDED_WARFARE Ah, issue with stuff being slow might just be because I left too much logging code in hooks😅 I'll probably release a better version soon that should hopefully fix that.

RT @helpnetsecurity: Inside console security: How innovations shape future hardware protection - - @PlayStation @ha…

Slides

I've published the repo for Byepervisor (we love named vulns out here). Contains exploit implementation for two PS5 hypervisor bugs for 2.xx and lower. Slides from the talk + vod should hopefully be published soon.

@joaopaulotvare1 @sleirsgoevy @flat_z Sony doesn't put meme USB bugs in their bootloaders :)

RT @hardwear_io: The PS5's hypervisor has kept the system secure for years—now, vulnerabilities are being revealed. What does this mean for…

RT @flat_z: There are a few ways on PS5 to defeat HV. One of methods that I've found was related to APIC: struct apic_ops is located in RW…

Feels great when an idea can finally be tested and works out after like a year :) Shouts to ChendoChap for working out the ROP chain. Protip: staying < 3.00 is a good idea.

Pushed v1.2, exploit's been updated with an implementation that works on 3.xx-5.xx (heap spray go brrr), also some support for other misc low fw. ELF loader and payloads will not work on 5.00+ for a while due to dlsym changes. Payload SDK needs changes.

Added 1.xx firmware support to UMTX exploit chain.

I've published a webkit implementation of UMTX exploit for PS5 on 2.xx firmwares. Hoping to add support for 1.xx firmwares soon, higher firmwares will take some changes to make it work. See README for details as always.

RT @flat_z: Well, this is PS5's umtx exploit for BD-J (a part related to the exploit actually):

Kind of wild that sony doesn't seem to care about anyone else in the BSD ecosystem to upstream vuln fixes and hoards them so they don't get n-day'd. I'm obviously biased but it's still something I'd be kinda pissed about if I was in the BSD community.

big breakthrough discovered, by allocating a bunch of memory you can trigger out of memory, I cant believe sony wont pay for this novel research