Tijme Gommers

Built something super satisfying — truly and tiny position independent code, cross-compiled from any OS to any OS. 😎

They shouldn’t even connect them in the first place… 🤌

“The primary goal of this campaign is to facilitate unauthorized ATM withdrawals from the victims’ bank accounts. This was achieved by relaying the near field communication (NFC) data from the victims’ physical payment cards, via their compromised Android smartphones.” 🔥

New blog post on the abuse of the IDispatch COM interface to get unexpected objects loaded into a process. Demoed by using this to get arbitrary code execution in a PPL process. googleprojectzero.blogspot.com/2025/01/wind...

This is going to be amazing!

Acceptance email from the CFP board.

I will be presenting at NULLCON Goa 2025! 🇮🇳

The hidden ART of rolling shellcode decryption. A dive into a new shellcode loading technique!

Today, AmberWolf released two blog posts and our tool "NachoVPN" to target vulnerabilities in major VPNs, including CVE-2024-29014 (SonicWall NetExtender SYSTEM RCE) and CVE-2024-5921 (Palo Alto GlobalProtect RCE and Priv Esc), after our SANS HackFest presentation.🧵

I used to mute a lot of words and hashtags that I wasn’t interested in on X. I see that this is also possible on Bluesky, so might be worth a try!

Elevate & Conquer: A Journey Into Kernel Exploitation - Tijme Gommers

Our @BSidesLondon Ivanti & Pulse Secure VPN kernel exploitation talk is live! The presentation is about shared research of my colleague Alex and me.

CVE-2023-38043, CVE-2023-35080 & CVE-2023-38543
www.youtube.com/watch?v=hmYK...

I dived into exploiting leaked code signing certificates to sign malware ✍. A technique that has been actively abused in the wild by threat actors for a long time.

Blog post: tij.me/blog/finding...

Hello world!