ZeroDayCommission is a weekly, high signal security briefing by OrbitCurve, focused on niche offensive and research heavy domains: fault injection, MCU exploitation, µarch, hypervisors, compilers, and hardware reverse engineering. We curate for material you can use new primitives, reproducible PoCs, and techniques that transfer across targets. No fluff, just the week’s best links, what changed, and why it matters.

Byte Brief

Paged Out! Issue 8 is now available.-> https://pagedout.institute

Reads and Resources

• SCPI and Hardware Instrumentation for Reverse Engineers - Part 1 - Oscilloscopes, power supplies, and multimeters are essential tools in the hardware hacker’s toolbox. While many practitioners know how to configure and use them manually, remote instrumentation is often overlooked, particularly by security researchers. This post outlines practical examples of using SCPI and VISA to automate and remotely control lab equipment. The following post will demonstrate how these techniques can be applied to identify SPI signals on a target device and extract its contents using only test equipment.
• ROP the ROM: Exploiting a Stack Buffer Overflow on STM32H5 in Multiple Ways - An exploitable stack-based buffer overflow in the update mechanism of an embedded system powered by an STM32H5 microcontroller from STMicroelectronics.
• Intel ME: Anatomy of a Ring -3 Backdoor, Part 1 - Every Intel processor since 2006 includes a hidden subsystem called Management Engine, a coprocessor running its own OS at Ring -3, with access to memory, keystrokes, and storage, even when the machine is off. It cannot be inspected or disabled.This article examines how ME works, its history of critical vulnerabilities, and why it remains an active attack surface today.
• Reverse Engineering Garmin Watch Applications with Ghidra - Garmin smartwatches have quietly evolved into powerful embedded platforms. Beneath the fitness tracking and navigation lies a proprietary virtual machine that executes third-party apps compiled from Garmin's Monkey C language and distributed as .prg binaries through the Connect IQ Store. This article explores what's running under the hood and what that means for security.
• How to Hack Any Micro-controller with a Raspberry Pi Pico: Easy Fault Injection by Traffic Mocking - This article asks a simple question: why bother with complex FPGA setups or ChipWhisperer rigs to exploit a glitch and dump data when the same result can be achieved with a Raspberry Pi Pico 2W for under $10?
• Binary modding a water dispenser to save me from pressing a button - Want to mod your water dispense? This is the right blog to help you achieve just that.

Tooling and More

• PwnPad - PwnPad is an affordable, hands on hardware hacking platform that features a range of challenges that walk users through key hardware security concepts, from PCB design to side channel attacks.
• Electronics Curriculum by lcamtuf - Explore foundational concepts in analog and digital electronics, developed from first principles and written to be accessible without advanced physics or math knowledge. The articles cover essential topics for anyone looking to design analog circuits, organized in recommended reading order.
• Hacker Fab - This project aims to make integrated circuit prototyping as fast as 3D printing using collaborative, open source hardware.