Best keynote I've seen this year! Hexacon

From HTTP request to ROP chain in Node.js! 🔥 Our latest blog post explains how to turn a file write vulnerability in a Node.js application into RCE – even though the target's file system is read-only: sonarsource.com/blog/why-code-…

Are you interested in targeting the Autel MaxiCharger in the upcoming Pwn2Own Automotive? We've just published our script for deobfuscating Autel's firmware files: gist.github.com/sector7-nl/3fc… #Autel #Pwn2Own #Pwn2OwnAutomotive

Targeting the CHAR-X SEC-3150 controller for Pwn2Own automotive 2025 ? We released tooling to do full system emulation last year so you can work on your ROP chain while sipping Mate away from the lab :) github.com/onekey-sec/BHE… #Pwn2Own #Pwn2OwnAutomotive

Last week at Hexacon , PCA's Senior Security Researcher Mikhail Evdokimov revealed a zero-click Bluetooth RCE vulnerability (CVE-2024-23923) affecting the Alpine Halo 9 system. Attackers can eavesdrop, control the screen, & more. Full advisory here: pcautomotive.com/cve-2024-23923

Amazing... He is a real hacker. cylab.cmu.edu/news/2025/01/0…

If you're following NEWAG vs Dragon Sector lawsuits: Citizens Network Watchdog Poland ("independent, apolitical and non-profit organization in the form of a watchdog and think-do-tank") filed an amicus brief with the court urging the court to dismiss the case as a SLAPP.

[My Pwn2Own Automotive Wrap-up] Yay! Last week in Tokyo, I successfully compromised two devices at #Pwn2OwnAuto, earning 5.5 Master of Pwn points and 2 Nyan of Cat Points! In my first solo appearance, I focused on delivering both technically reliable exploits while maintaining

The second part of the TVN24 reportage about the train locks will air today 20:30 CET! (Polish only, unfortunately)

🔥💀My Advanced .NET Exploitation training is now open for register! bit.ly/4hwNFyM 32-hours of intense .NET exploitation (PoC||GTFO) We'll be exploiting 15+ remote code execution chains (25 bugs in total) 🪲 I’d truly appreciate your support, your RT would mean a lot!🙏

If you see hypervisors as magic black boxes that are hard to break, join us to this training and learn to apply your reverse, bug hunting and exploit knowledge to build VM escapes !

Mark Griffin Interrupt Labs Vigilant Labs bugcrowd 1️⃣ Beacon Prism 🛡️💥 Alan Cao (alan) & William Tan (Ninja3047 ) demo how to exploit unauthenticated firmware downgrades to compromise a BitDefender Box 1. 2️⃣ Cloudy Wrench ☁️🔧 Alan Cao (alan) & William Tan (Ninja3047 ) at it again - uncovering legacy

Great work!

There should be some kind of special award for a conference that runs for the first time, on such high quality, is so well-organized, brings so many new ideas on the table and does all of that while on a power outage! Amazing work people DistrictCon ❤️

Got my first CVE 🎉 cve.org/CVERecord?id=C…

I find myself repeating this a bit, so fuck it, here's how to get into an unprivileged namespace on Ubuntu 24.04/24.10. PSA: linux is stupid and for nerds, and Canonical/Ubuntu suck at security. $ busybox sh -c "unshare -Urmin" too embarassing to even call it a bypass

Claude reversing a binary using Binary Ninja via MCP while I get a snack blasty Ziyad Edher Vector 35

New blogpost! Want to see how we exploited Synology Inc. network-attached-storage devices at Pwn2Own Ireland? RCE to root via out-of-bounds NULL-byte writes, click the embed for a fun little writeup of CVE-2024-10442 🔎🎉 blog.ret2.io/2025/04/23/pwn…

Theft Alert: #hw_io NL Conference Equipment Stolen – Here’s What Happened 😔 media.hardwear.io/equipment-thef…