ZeroDayCommission is a weekly, high signal security briefing by OrbitCurve, focused on niche offensive and research heavy domains: fault injection, MCU exploitation, µarch, hypervisors, compilers, and hardware reverse engineering. We curate for material you can use new primitives, reproducible PoCs, and techniques that transfer across targets. No fluff, just the week’s best links, what changed, and why it matters.

Byte Brief

• Embedded Capture the Flag by MITRE -> The Embedded Capture the Flag (eCTF) is an embedded security competition organized by MITRE and Riverside Research that challenges participants to design and implement secure embedded systems, then analyze and attack others’ designs.

Reads and Resources

• A guide to hardware hacking and reverse engineering - maintained by VoidStar Security LLC - VoidStar has released a nice UI for navigating the high quality resources they’ve written, covering everything from introductions to embedded RE, fault injection, and glitching, all presented in a well organized, user friendly way. (Shoutout to Matthew!)
• BarkBeetle: Stealing Decision Tree Models with Fault Injection - BarkBeetle is a fault-injection assisted model extraction attack that recovers the internal structure of decision tree models in black box settings. Using a bottom up strategy with targeted fault injections, it efficiently infers feature splits and thresholds while requiring fewer queries than prior methods. Demonstrated on both public datasets and a real microcontroller using voltage glitching, BarkBeetle shows the practical risk fault attacks pose to decision tree based systems and related tree based applications.
• Software-based Thermal Glitching: Toward Undervolting Without Undervolting? - This article by Intel, explores Software Based Thermal Glitching (SBTG) as a potential alternative to undervolting based glitch attacks like Plundervolt, aiming to induce transient computational faults without direct voltage control. Building on how modern CPUs use dynamic voltage and frequency scaling (DVFS), the work examines whether software induced thermal stress can push processors into unstable regimes that cause denial of service, silent data corruption, or transient errors. While the feasibility of SBTG remains an open question, the article shares early insights into the challenges and promise of this emerging attack surface.
• VMSCAPE: Exposing and Exploiting Incomplete Branch Predictor Isolation
  in Cloud Environments - This article shows that current branch predictor isolation mitigations for speculative execution attacks are incomplete in virtualized environments. The authors identify new Spectre-BTI primitives on AMD Zen 1–5 and Intel Coffee Lake CPUs that allow a malicious VM guest to influence host branch prediction during userspace execution. Using these primitives, they demonstrate VMSCAPE, the first Spectre-BTI attack enabling a KVM guest to leak arbitrary memory from an unmodified QEMU process, and show that targeted branch predictor flushing can mitigate the attack with minimal performance impact.
• CuFuzz: Hardening CUDA Programs through Transformation and Fuzzing - CuFuzz is a compiler runtime co design framework that enables effective fuzzing of CUDA GPU programs by transforming them into CPUexecutable code. This approach allows existing CPU fuzzers and memory safety tools, such as AddressSanitizer, to detect GPU memory safety and correctness bugs. With GPU specific optimizations to maintain high throughput, CuFuzz achieves significant speedups and uncovers over a hundred vulnerabilities, addressing a major gap in GPU security testing.
• An LLVM-Based Optimization Pipeline for SPDZ - This work presents an LLVM-based optimization pipeline for the SPDZ secure multiparty computation protocol that improves performance and usability without requiring programmers to manually express parallelism. By compiling a privacy-annotated subset of C to LLVM IR, the system automatically batches independent arithmetic operations and uses protocol-aware scheduling to overlap computation and communication, with optional GPU acceleration. Evaluations show significant speedups over MP-SPDZ, demonstrating that LLVM-driven optimization is an effective approach for scaling practical MPC workloads.

Tooling and More

• Cynthion - A multi-tool for building, analyzing, and hacking USB devices
• Tinytapeout - From idea to chip design in minutes
• Zenode.ai - Electronic Component Search Engine that's powered by transformer models aka LLMs.

Jobs

• Senior Offensive Security Engineer (IOT / Network Pentesting) @ Coinbase - US

Until Next Time

Thanks for checking out our first newsletter issue. ZeroDayCommission is run by OrbitCurve, and if you have any feedback or anything you’d like to share, feel free to email hussein@orbitcurve.com. I’ll get back to you within 3 hours.