Thanks to Winsider Seminars & Solutions (Yarden Shafir & Alex Ionescu) for Sponsoring #OST2 at the Gold🥇 level! Learn more about them here: windows-internals.com

Ben Sadeghipour Pick a niche, become an expert, find bugs maybe even 0days or reverse n-days, and write blogs. Even if you don’t hit those $100k bounties, it’ll be a stepping stone toward a $100k job. What niche? How to pick? Examples? infosec being so vast from web3 sec to web2, mobile,

Embrace the now! Life's not just about the destination, it's the journey that shapes us. Enjoy every moment, every twist and turn.

A small but important note: so far I’ve received exactly $0 in compensation from OST2 over the past 3 years. I will accept honorariums, the same as other instructors, only when OST2 can afford to pay them out. So donations and/or company Sponsorships help us reward instructors!

✍️ Debugging the Windows Hypervisor: Inspecting SK Calls by Dor dor00tkit.github.io/Dor00tkit/post…

Hello everyone! Our team loves everything related to LPE exploits. However, there is no publicly available list on the web with fresh LPE exploits (2023-2024) for Windows. However, we do have such a list. And we are sharing it with you! github.com/MzHmO/Exploit-…

Seems like there's some focus on static binary instrumentation for kernel again recently. Therefore I decide to public my toy for fuzzing Windows kernel drivers with coverage. Wrote this last year and it works for MS released drivers on Windows 11. github.com/Y3A/winkafl

My videos for Flare-On 2024 are live! Watch me reverse engineer all the challenges from start to end. + Commentary video featuring SuperFashi, where we review the chals together. * 45 hours of content * 400+ GB of raw footage Merry Christmas! youtube.com/watch?v=vwW9xv…

Excited to release LDAPNightmare! The first PoC tool exploiting CVE-2024-49112 that I created with Shak Mo ! Check out the repo and blog post detailing about the vulnerability: github.com/SafeBreach-Lab… Honored to be a part of the SafeBreach labs team once again🫠

[Research] Fuzzy Fuzzing with WinAFL Part 1 hackyboiz.github.io/2021/05/23/fab… Diving into WinAFL for bug hunting, we've crafted a Harness to execute target functions repeatedly without process termination. Tested with DynamoRIO, our setup's ready for action. Now, let's fuzz like crazy to

We're looking for more classes on enterprise security. If you have an idea for a class, let us know at [email protected]!

Today I’m sharing a blog post on the implementation of kernel mode shadow stacks on Windows! This post covers actively debugging the Secure Kernel and also outlines why VTL 1 is relied on to help maintain the integrity of the supervisor shadow stacks! connormcgarr.github.io/km-shadow-stac…

Here's my new post on finding a handful of bugs in Windows by simple tricks and custom fuzz. We then completed exploitation for LPE. Microsoft patched the bugs by restricting access, which means the bugs are not diffable and still Admin->Kernel 0days. Hope you enjoy the read!

Well, it happened. The company I worked at for 6 years will be closing and thus I got laid off. This doesn't affect Octopwn operations in any negative ways, but I'm actively looking for a new day job. If someone has something please DM me. Retweets are appreciated.

📣"Fuzzing 1001: Introductory white-box fuzzing with AFL++" by Francesco Pollicino is now released!📣 ost2.fyi/Fuzz1001 This class covers progressively more features and functionality of AFL++ to teach students how to find real past vulnerabilities.

Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when attackers disable standard process notify callbacks github.com/Dor00tkit/BamE…

First drop from my upcoming release: 130+ Linux-based IoT CVEs (2024 & earlier) with real vulnerable firmware. All hand-curated. 👉 github.com/attilaszia/lin… Includes vulnerable binary paths — soon, finding the exact vulnerable effective addresses will be very simple, stay tuned:)