Thanks to these articles from Samuel Groß(Samuel Groß), I started studying browsers vr/xd and this was basically the starting point: phrack.org/issues/70/3#ar… phrack.org/issues/70/9#ar…

After 2 years from the last release, APKiD v3.0.0 is out !🔥 - "Black Hawk edition" 📃 Changelog: github.com/rednaga/APKiD/… 🐍 Pypi package: `$ pip install --upgrade apkid` Thanks to Abhi for the stunning work 🙌

I've released a blog series about modern Linux kernel exploitation, where you can learn some advanced techniques used in real-world kernel exploits. Enjoy! r1ru.github.io/categories/lin…

Reverse engineering Google's undocumented DSP pays off! Our co-workers Billy & [email protected] found the first public vuln in Pixel 8's DSP → kernel takeover MTE? What MTE? 😎 Their talk got accepted at HITCON hitcon.org/2025/en-US/age…

hey Humanitix I received three emails from the defcon workshop waitlist and couldn't register to any of them. Can help me?

✅ Just wrapped up my deep-dive on exploiting an unfused Qualcomm QCM2150 POS device (BootROM → root). hhj4ck.github.io/qualcomm/2025/… Flying to Vegas in the morning stress-free for #BHUSA & #DEFCON33. Catch me in the hallways!

If you're interested in compilers check this out: github.com/DoctorWkt/acwj

Cybersecurity awesome list: blog posts, write-ups, papers and tools related to cybersecurity, reverse engineering and exploitation github.com/0xor0ne/awesom… #cybersecurity

Exploiting All Google kernelCTF Instances And Debian 12 With A 0-Day For $82k Article by Crusaders of Rust about exploiting a UAF in the network packet scheduler. Researchers manipulated red-black trees to achieve a page-level UAF and escalate privileges. syst3mfailure.io/rbtree-family-…

Good Morning! Just published a blog post analyzing Hyper-V functionality, design, and key binaries, hvix64.exe (hypervisor), securekernel.exe (secure kernel), and winload.dll (boot-time loader and CPU check). r0keb.github.io/posts/Hyper-V-…

Fun fact 50% of the (Latest)Firmware in the BLE Enabled Power Bank Anker Prime 27650mAh is just to for OTA checking and encryption... Fw version prior to 1.6.2 do not verify OTA at all so better update😅 Did take a look inside and reverse engineered it github.com/atc1441/Anker_…

Dropped a new blogpost. CVE-2025-52970: how I turned a limited, blind OOB read primitive into a full authentication bypass in one of Fortinet’s products :) pwner.gg/blog/2025-08-1…

Few (personal) thoughts regarding DARPA's AIxCC competition. It is impossible to deny that I am bummed about Shellphish 's results. I’d be lying if I just said, “Well, the important thing is we made it to the finals. GG everybody!” Of course, everyone wants to be the winner.

Here is the PoC of the exploit for cve-2025-30712 as well as some of the code for the fuzzer i created to find the bug! github.com/google/securit…

I am out from the exploitation world since 8 years ago now, but exploits.forsale/pwn2own-2024/ is a very nice reading. Well done emma ! Kudos!

Brief info and POC for this week's Apple 0click iOS 18.6.1 RCE bug CVE-2025-43300 github.com/b1n4r1b01/n-da…

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6

Quantum ROP. This is really cool technique and needs more attention. By Yoav Shifman and Yahav Rahom. phrack.org/issues/72/12_md

In 3 weeks, Dylan Tran and I will be giving our talk, "COM to the Darkside" at Munich Cyber Tactics, Techniques and Procedures in the Offensive Track. The talk will focus on 90's MCP technology and will deep dive into some fun (D)COM topics. See you there!

🔥 So, at DEF CON there was a talk about deobfuscation: VMDragonSlayer by Agostino Panico @localhost. The author released the code and there's clearly huge amounts of AI slop.🤖 Now, WE WENT TO THE TALK and spoke with the speaker after the talk. 🧵