About

Hello, my name is Tavis Ormandy, I’m a vulnerability researcher with Google Project Zero. I’m originally from England, but I currently live in the San Francisco Bay Area.

You’re probably interested in some of my vulnerability research, or perhaps some code I’ve written.

I sometimes write about technical topics on my blog, but it probably hasn’t been updated recently. I sometimes tweet about what I’m working on.

Articles

August 2022

Putting debugging symbols back into stripped binaries.

July 2022

I solved a mystery in an old UNIX print ad.

May 2022

I rediscovered some lost UNIX software.

June 2021

I wrote down some thoughts about Password Managers.

February 2021

I wrote a display driver for an old DOS program.

December 2020

You can make popup ads in XTerm with Tektronix mode.
Linking a binary with two versions of the same library.

November 2020

I reviewed some spreadsheets that work in the terminal.

October 2020

Read about me trying out some old MS-DOS software, Lotus Agenda.

FAQ

Q. What is the origin of your domain name?

There was a bug in early Pentiums called the f00f bug, it would cause a deadlock if you provided an invalid operand to cmpxchg8b while using the lock prefix. It was an important vulnerability at the time, and I thought it would be fun to own lock.cmpxchg8b.com.

Q. Which vulnerability are you most proud of?

I think I’m most proud of the KiTrap0D bug, MS10-015. I believe the root cause was Intel changing the x86 spec in the 90s but not publishing any errata. The code was actually correct when it was written, but over the years x86 changed and that introduced a vulnerability!

For many years, if you typed getsystem in metasploit, it used this bug.

Welcome.