🤔

The boom, the bust and the adjust The offensive cybersecurity industry — trends and updates I'm super excited to publish this article which embeds my experience in the offensive cybersecurity industry over the years. I hope you will enjoy it. medium.com/@maor_s/the-bo…

🎮PS5 enthusiasts! Specter's talk is here! ⚡Specter Specter presented the evolving attack surface, modern mitigations like Supervisor Mode Access Prevention (SMAP) etc + internal workings of the PS5's hypervisor ▶️youtu.be/HBFDjfmIUis #hw_ioUSA2023 #gamingconsole

For too long has it been a mild inconvenience to not have the features of GEF in LLDB. We at Foundry Zero feel you deserve better! So we ported GEF features to LLDB. You're welcome. Read about it here: foundryzero.co.uk/2023/07/13/lle… Find it here: github.com/foundryzero/ll…

Fixed~ git.kernel.org/pub/scm/linux/…

A simple fuzzer I wrote 2 years ago: "Bug Swatter: A lightweight convenient blackbox fuzzer to make life easier". yanglingxi1993.github.io/bug_swatter/bu… Simple but worked!

Hello.. is this thing still on? It's 2023, so here's a fun new blogpost on how we used Intel's x86 CPU JTAG to dump the infamous "secret bootrom" in Microsoft's original Xbox: blog.ret2.io/2023/08/09/jta…

Some NPU bugs are fixed~, we will talk about our research journey on BHEU, see you there! #BHEU Black Hat

Finally finish the talk "Game of Cross Cache: Let's Win It in a More Effective Way!", trying to solve challenges in cross-cache attack. Here are slides: github.com/yanglingxi1993…

Better late than never! The slides of our talk "Attacking Samsung Galaxy A* Boot Chain" at offensivecon can be found here: github.com/quarkslab/conf… The video is also available: youtube.com/watch?v=WJ7wkJ…

It's a great week for a vuln research newsletter 📰 🏴‍☠️ "Inside The 0-day Market" slides from mdowd NCC Group Research & Technology with some musl heap magic .NET RE fun from SinSinology and Horizon3 Attack Team MIPs ROP from + jobs and more 👇 blog.exploits.club/exploits-club-…

One more Apple announcement this week: you can now run your personal AI cluster using Apple devices exo intern h/t Awni Hannun

New Project Zero blog post by Sergei Glazunov and Mark Brand: Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models googleprojectzero.blogspot.com/2024/06/projec…

These 94 lines of code are everything that is needed to train a neural network. Everything else is just efficiency. This is my earlier project Micrograd. It implements a scalar-valued auto-grad engine. You start with some numbers at the leafs (usually the input data and the

Neat research from E.V.A Information Security Consulting, highlighting (yet again), the increased risk of supply chain attacks introduced by dependency managers 😱 evasec.io/blog/eva-disco…

SSD Advisory — Linux kernel TAPRIO OOB An article about exploiting an RCU-involved race condition in the TAPRIO network queuing discipline implementation. The exploit is by kylebot. ssd-disclosure.com/ssd-advisory-l…

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code googleprojectzero.blogspot.com/2024/10/from-n…

i hope im not too late to the cloutchasing cycle Deepseek's Low Level Hardware Magic, with art by rice 🍙 comms📌 research.meekolab.com/deepseeks-low-…

Our latest blog post: Tracing Back to the Source | #SPTM Round 3 #TXM #iOS #macOS #DFF df-f.com/blog/sptm3

#deepsec 12/16/ 2025 "Attacking Apple Display Co-processor" by Ye Zhang maps Apple’s DCP attack surface, shows firmware analysis and fuzzing that led to 14 CVEs and code execution on the display coprocessor, and reviews Apple’s fixes and new mitigations. deepsec.cc