Dimitri Fourny

@[email protected]
154 Followers
68 Following
53 Posts
Vulnerability Researcher
Websitehttps://dimitrifourny.github.io
Twitterhttps://twitter.com/DimitriFourny
Dimitri FournyNov 14, 2024
Analyzing Firefox Animation CVE-2024-9680 https://dimitrifourny.github.io/2024/11/14/firefox-animation-cve-2024-9680.html
Firefox Animation CVE-2024-9680 – Dimitri Fourny

Personal website and computer security blog.

Dimitri FournyOct 4, 2024
Ivan FratricOct 3, 2024
Some months ago, @x43r0 found a pretty nice bug in dav1d, a widely used AV1 software video decoder. You can read about how the bug was found and why it wasn't found by the previous fuzzing efforts in the latest Project Zero blog post https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html
Effective Fuzzing: A Dav1d Case Study

Guest post by Nick Galloway, Senior Security Engineer, 20% time on Project Zero Late in 2023, while working on a 20% project with Projec...

Dimitri FournyOct 1, 2024
Romain THOMASSep 30, 2024

Extracting liblockdown.dylib from visionOS dyld shared cache and running it
with a DBI on macOS?

Challenge accepted!

📖 Blog: https://www.romainthomas.fr/post/24-09-apple-lockdown-dbi-lifting/

🎞️ Demo: https://www.youtube.com/watch?v=5L05OE5mL2o

⌨️ Code: https://github.com/romainthomas/visionOS-liblockdown

Instrumenting an Apple Vision Pro Library with QBDI | Romain Thomas

This blog post demonstrates how to extract liblockdown.dylib from the visionOS dyld shared cache to be instrumented with QBDI on an Apple M1.

Romain Thomas
Dimitri FournyJul 31, 2024
chompieJul 30, 2024
I’m thrilled to share my latest blog post! This one focuses on the bug hunting process: inspiration, approach, and execution. I also provide a retrospective on how the bug was introduced and analyze the insufficient “patch”. Check it out: https://securityintelligence.com/x-force/little-bug-that-could
Racing round and round: The little bug that could

Get the straightforward approach to bug hunting — from an IBM X-Force Red expert.

Security Intelligence
Dimitri FournyJun 20, 2024
Binary NinjaJun 19, 2024

Interested in decompiler design? You'll love our latest blog post! https://binary.ninja/2024/06/19/restructuring-the-decompiler.html

Not interested? You'll still love the massive improvements the latest update brings to control flow recovery! Simpler conditionals, flatter code depth, more accurate transformations, easier to read and understand. Everything is better.

Binary Ninja - Restructuring the Binary Ninja Decompiler

Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.

Binary Ninja
Dimitri FournyJun 20, 2024
Jann HornJun 20, 2024
"Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models"
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models

Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and e...

Dimitri FournyMay 23, 2024
Samuel GroßMay 22, 2024

Finally got around to publishing the slides of my OffensiveCon talk from ~two weeks ago. Sorry for the delay!

The V8 Heap Sandbox: https://saelo.github.io/presentations/offensivecon_24_the_v8_heap_sandbox.pdf

Fantastic conference, as usual! :)

Dimitri FournyMay 23, 2024
DougallMay 23, 2024

I've found compiler bugs before, but this is the first compiler-compiler bug I've ever seen – incredible stuff:

https://issues.chromium.org/issues/336399264

Chromium

Dimitri FournyApr 5, 2024
Samuel GroßApr 4, 2024

Big day for the V8 Sandbox:
* Now included in the Chrome VRP: http://g.co/chrome/vrp/#v8-sandbox-bypass-rewards
* Motivation & goals discussed in a new technical blog post: http://v8.dev/blog/sandbox

If there is ever a Sandbox "beta" release, this is it!

Dimitri FournyMar 21, 2024
Axel SouchetMar 21, 2024

I ported my kernel dump parser library to Rust; go give it a try! 🦀

https://github.com/0vercl0k/kdmp-parser-rs

GitHub - 0vercl0k/kdmp-parser-rs: A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger.

A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger. - 0vercl0k/kdmp-parser-rs

GitHub