ZeroDayCommission is a weekly, high signal security briefing by OrbitCurve, focused on niche offensive and research heavy domains: fault injection, MCU exploitation, µarch, hypervisors, compilers, and hardware reverse engineering. We curate for material you can use new primitives, reproducible PoCs, and techniques that transfer across targets. No fluff, just the week’s best links, what changed, and why it matters.

Byte Brief

• Hardwear.io -> Early Bird Discounts for #hw_ioUSA2026 are live. hardwear.io is security conference focused on hardware hacking and embedded device security.
• PagedOut Issue #8 -> Keep an eye out for PagedOut’s upcoming Issue #8, planned for release in early February. Paged Out! is a free experimental technical magazine where each article fits on a single page, covering programming (especially clever tricks), hacking and security, retro and modern computing, electronics, the demoscene, and related topics.
• 39C3 -> 39C3 talks are out and publishedthe 39th Chaos Communication Congress, Europe’s largest hacker conference, bringing together researchers and enthusiasts to share talks and workshops on security, privacy, hardware, and digital culture.

Reads and Resources

• Laser Beams & Light Streams: Building Affordable Light-Based Hardware Security Tooling - Security researchers show how laser fault injection (LFI) and laser logic state imaging (LLSI), once considered nation state level hardware hacking techniques, can now be done at home using open source tools for under $500 (down from ~$150,000). The slides of the talk can be found here.
• Hardwear.io NL'25: Exploitation Of Transient Execution Vulns To Leak Private Data From Public Clouds - Microarchitectural security researchers show transient execution attacks like Spectre are still real-world threats, not just lab tricks. They ran the attack on AWS and Google Cloud, combining L1TF and Half-Spectre to get arbitrary reads in the host address space, enabling them to find co-located VMs, enumerate victim processes, and even leak an nginx TLS private key reliably within hours.
• Reverse Engineering the Miele Diagnostic Interface - After a 20-year run, the author’s Miele washer failed due to heavy detergent buildup clogging internal hoses. Cleaning fixed most issues, but it still wouldn’t spin because a likely faulty analog pressure sensor misread the water level, causing the machine to abort the cycle.
• A Post-Silicon Microcode-Guided x86 CPU Fuzzer - Fuzzilicon is the first post silicon fuzzing framework for real-world x86 CPUs that adds microcodelevel instrumentation to extract microarchitectural feedback, enabling automated discovery of CPU vulnerabilities without RTL or vendor support.
• Breaking the Flash Encryption Feature of Espressif’s Parts - This blog post breaks down a practical, low-cost reproduction of the “Unlimited Results” research, showing how side-channel attacks can be used to undermine flash/firmware encryption on Espressif chips. It walks through the attack from the ground up, explains the core concepts clearly, and demonstrates real-world results not only on the ESP32, but also on the ESP32-C3 and ESP32-C6. It’s a great read for anyone interested in embedded security, hardware hacking, and how secure boot and encryption features can fail in practice.
• 39C3 - Of Boot Vectors and Double Glitches: Bypassing RP2350's Secure Boot - The talk breaks down RP2350’s security design and how researchers still bypassed secure boot using fault injection and extracted OTP secrets with double glitches. It also covers other successful challenge attacks (laser/reset glitches) and the fixes Raspberry Pi shipped in a new revision, showing why transparent security works.

Tooling and More

• gentilkiwi/kiflashrom - Little tool to manipulate flash over SPI via FT232H
• FPGA Horizon Issue #2 - Features a strong lineup of hardware-focused reads, including Hog, an open source system for managing HDL projects with Git, a look at post quantum cryptography in the testbench, and practical insights on designing resilient FPGAs/SoCs for radiation-heavy environments.
• PicoGlitcher PCB A dirt chip fault-injection device - This project makes voltage glitching and fault injection accessible to hobbyists, providing an easy to use toolkit for attacking microcontrollers, SoCs, and CPUs with low cost hardware like a Raspberry Pi Pico. It also introduces a purpose built PCB designed to combine affordability, simplicity, and strong attack performance without relying on expensive platforms like ChipWhisperer Pro or Husky.
• VulHunt: A High-Level Look at Binary Vulnerability Detection - Software supply chains are becoming more complex as developers rely heavily on third party libraries, which can introduce vulnerabilities into otherwise secure code. This risk is increasing with AI driven development, since LLM generated code often depends on outdated packages and can create software that works but is harder to maintain and easier to exploit. At the same time, modern AI models are becoming capable of reasoning through exploit development, making fast and up to date security work more important than ever.

Job Postings

• Offensive Security Engineer, Hardware @ OpenAI - San Francisco
• Senior Software Engineer, Hardware Security @ Google - Remote and On-Site

Until Next Time

Thanks for checking out our first newsletter issue. ZeroDayCommission is run by OrbitCurve, and if you have any feedback or anything you’d like to share, feel free to email hussein@orbitcurve.com. I’ll get back to you within 3 hours.