What started as a quick note on the Maglev compiler turned into a deeper dive into the V8 pipeline and CVE-2023-4069 analysis. Here's my latest post "An Introduction to Chrome Exploitation - Maglev Edition."🚅👾 #V8 #exploitation #maglev matteomalvica.com/blog/2024/06/0…

Hey, for anyone who wanted to see this slide deck, it was a keynote about the 0day market, but it commented on public research vs saleable products. I have put it here: github.com/mdowd79/presen… // cc chompie Rodrigo Branco

Today, we announced the official release of OSV-SCALIBR, Google's software composition analysis library. If you are working in vuln management / security scanning, SCALIBR is for you! SCALIBR is powering most of Google's vuln scanning. Please RT security.googleblog.com/2025/01/osv-sc…

bit.ly/4i53yMG

The course Performance Ninja Denis Bakhvalov is fantastic; check it out. Also, grab the book (quoted below) if you missed it.

If you are looking for my slides from my Reverse talk, you can find it and useful artifacts here: github.com/mahaloz/talks/…

I've written a blog post on analysing and getting RCE on some of the bugs in the AIxCC Nginx challenge: roundofthree.github.io/posts/nginx-ai…

Won the international Finals #SECCON

I've published a write-up on reversing and analyzing Samsung's H-Arx hypervisor architecture for Exynos devices, which has had a lot of changes in recent years and pretty interesting design. Hope you all enjoy :) dayzerosec.com/blog/2025/03/0…

Just got one!

You can relay a user to LDAP that has GenericWrite on a valuable object but you can't use ShadowCredentials? Fear no more! You can now use "gain_fullcontrol"in ntlmrelayx ldapshell to give your account control over that object.

As for today, EDRmetry Playbook provides 280 Linux offensive techniques ready to chain as full attack paths. Compatible with PurpleLabs for the greatest hands-on experience. It can be easily adapted to your Linux infrastructure. Think about it as #Linux Infra Detection Coverage

Pentration Testing, Beginners To Expert!🚀📈 github.com/xalgord/Massiv…

I've released a blog series about modern Linux kernel exploitation, where you can learn some advanced techniques used in real-world kernel exploits. Enjoy! r1ru.github.io/categories/lin…

Updates for the Linux kernel exploitation collection 😋 github.com/xairy/linux-ke…

Our OffensiveCon talk on stateful baseband emulation (and how improper string handling led to baseband RCE) is available on YouTube: youtu.be/zoAITq7jUM8. It has been a pleasure; awesome conference, brilliant people. Slides and paper: danielklischies.net/research/baseb…

Officially CISSP certified! Passed on my first attempt yesterday. 🔐#CISSP #CyberSecurity #Certification

API Hacking - Cracking JWT Tokens ghostlulz.com/blog/api-hacki… Pre Account Takeover ghostlulz.com/blog/pre-accou… XSS With Polyglots ghostlulz.com/blog/smart-xss… React JS SourceMaps to XSS ghostlulz.com/blog/reactjs-s… Bypass AI Powered Wafs ghostlulz.com/blog/bypass-ai… #bugbounty #bugbountytips

Finally managed to exploit Trigon on arm64e! Certainly more complicated than arm64, but it uses some cool tricks that certainly make it a really nice exploit. Just like the original, it’s a very quick exploit, and of course deterministic too.