core-jmp

Three-stage TREVEX workflow: Test Case Generation, Execution and Leakage Detection, Result Classification

TREVEX: Black-Box CPU Fuzzing Finds FP-DSS, New FPVI Variants, and Zero-at-ret

TREVEX is a post-silicon black-box CPU fuzzer from CISPA designed to discover data-flow transient execution vulnerabilities without needing RTL access, an ISA emulator, or a leakage contract. The framework runs across 20 microarchitectures from Intel, AMD, and Zhaoxin and uncovers a new TEA — Floating Point Divider State Sampling (FP-DSS, CVE-2025-54505) — on AMD Zen and Zen+, a new FPVI variant on AMD that does not need denormal inputs, three instances of Zero-at-ret on Intel, and FPVI on Zhaoxin. The authors weaponise FP-DSS from native code, the Linux kernel, and a Chrome JavaScript exploit.
{“_yoast_wpseo_title”: “TREVEX: Black-Box CPU Fuzzer Finds FP-DSS (CVE-2025-54505)”, “_yoast_wpseo_metadesc”: “TREVEX black-box CPU fuzzer (CISPA, S&P 2026) finds FP-DSS (CVE-2025-54505), new FPVI variants, and Zero-at-ret across 20 Intel, AMD, Zhaoxin microarchitectures.”, “rank_math_title”: “TREVEX: Black-Box CPU Fuzzer Finds FP-DSS (CVE-2025-54505)”, “rank_math_description”: “TREVEX black-box CPU fuzzer (CISPA, S&P 2026) finds FP-DSS (CVE-2025-54505), new FPVI variants, and Zero-at-ret across 20 Intel, AMD, Zhaoxin microarchitectures.”}

Cover image for CVE-2025-54539 Apache.NMS.AMQP deserialization policy bypass to RCE

CVE-2025-54539: Apache.NMS.AMQP Deserialization Policy Bypass to Unauthenticated RCE in .NET

CVE-2025-54539 is a deserialization policy bypass in Apache.NMS.AMQP (≤ 2.3.0) that lets a single 290-byte AMQP message reach BinaryFormatter inside an unsuspecting .NET client and execute arbitrary commands.

mov ax, bx drama story – for fun and fasm

A tiny funny FASM program for Windows where BX generously shares its value with AX using mov ax, bx, turning a simple register copy into a dramatic love story with a MessageBox punchline.

Primitive Process Injection: APC Tandem cover illustration

APC Tandem: A Primitive-Chaining Process Injection That Slips Past Common EDR Triggers

A walkthrough of “APC Tandem”, a stealth Windows process-injection technique that replaces WriteProcessMemory, CreateRemoteThread and VirtualAllocEx with a chain of less-watched primitives — thread description smuggling, paired GetThreadDescription/RtlMoveMemory APCs, and a Special User APC for execution.

Computer RAM modules — the physical backing of virtual memory

Fundamentals of Virtual Memory: A Deep Dive into Paging, Page Tables, and Process Address Spaces

A structured walkthrough of how virtual memory really works on modern operating systems — from contiguous allocation and external fragmentation to paging, page tables, demand paging, stack and heap layout, mmap and copy-on-write. Based on and credited to “Fundamental of Virtual Memory” on the Melatoni blog (nghiant3223.github.io).

iOS application hardening and mobile security protection concept

Essential iOS Hardening: A Practical Guide to Defending iPhones Against Modern Spyware

A practical, security-engineering view of the essential iOS hardening steps every iPhone user — and especially high-risk targets — should apply: Lockdown Mode, Advanced Data Protection, attack-surface reduction, deep reboots, and detection with tooling like iVerify. Based on and credited to “Essential iOS Hardening Steps” by Officer’s Notes, published on Medium (Technology Hits).

core-jmp

Monthly Archives: May 2026

TREVEX: Black-Box CPU Fuzzing Finds FP-DSS, New FPVI Variants, and Zero-at-ret

CVE-2025-54539: Apache.NMS.AMQP Deserialization Policy Bypass to Unauthenticated RCE in .NET

mov ax, bx drama story – for fun and fasm

APC Tandem: A Primitive-Chaining Process Injection That Slips Past Common EDR Triggers

Fundamentals of Virtual Memory: A Deep Dive into Paging, Page Tables, and Process Address Spaces

Essential iOS Hardening: A Practical Guide to Defending iPhones Against Modern Spyware

Akita Inu: The Ancient Breed with a Samurai’s Heart

About PCIe DMA Cheats: Protocol, IOMMU, Hardware, and Detection

Weaponized abuse of SYLK file format

Exploiting CVE-2024-32002: RCE via git clone

Recent Posts

Archives

Categories