CVE-2021-40474 - Microsoft Office Excel 2019/365 ConditionalFormatting code execution vulnerability talosintelligence.com/vulnerability_…

My Deep Dive about vuln discover & exploitation of ZTE MF971R. Paper : talosintelligence.com/resources/407 Video : youtube.com/watch?v=CfioUx… Enjoy ;)

CVE-2022-31680 - VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerability More details : talosintelligence.com/vulnerability_…

CVE-2022-41106 Microsoft Office class attribute double-free vulnerability talosintelligence.com/vulnerability_…

CVE-2022-31698 Pre-auth VMware vCenter Server Content Library denial of service vulnerability : talosintelligence.com/vulnerability_…

Remember these? Original Lytro! Lightfield cameras of the future! I grabbed a few off eBay some time ago and took a peek at the firmware. Found secret unlock that enables full remote control of all camera features. Full writeup here: github.com/ea/lytro_unlock

Ok, I am looking out for security researcher role. If you can help, please DM. RT, like and recommendations are much appreciated. Here is My Linkedin profile, which will give you more details: linkedin.com/in/hardik05/

2 more to the collection : CVE-2023-33133 - Microsoft Office Excel WebCharts out-of-bounds write vulnerability : talosintelligence.com/vulnerability_… CVE-2023-32029 - Microsoft Office Excel FreePhisxdb arbitrary free vulnerability : talosintelligence.com/vulnerability_…

Our vulnerability research team discovered 12 memory corruption vulnerabilities in MSRPC on #Apple macOS and #VMWare vCenter. We have a deep dive into how an attacker could exploit these vulnerabilities and what it says about the use of forked codebases cs.co/6012P3wLq

On Friday I'll be doing my "PCI Express To Hell" talk: youtube.com/watch?v=fE0fnG… If you're building your own PCs you should check it out! Last year I reworked my whole computer setup and learned a lot about PCIE. Don't make the same mistakes I did ;) Plz RT for range :)

Teammates have published an overview of five years worth of router security research which has resulted in hundreds of vulnerabilities discovered in routers from more than a dozen different companies.

CVE-2023-39928 - Webkit MediaRecorder API stopRecording use-after-free vulnerability more info : talosintelligence.com/vulnerability_…

The biggest takeaway from this talk is that macOS font renderer ALMOST never invokes the interpreter. If you were fuzzing TTF bytecode without paying attention, it was probably not hitting the interpreter at all. I'll post slides shortly with other interesting details. #OBTS

CVE-2025-1533 - Asus Armoury Crate AsIO3.sys stack-based buffer overflow vulnerability talosintelligence.com/vulnerability_… Remember that Windows paths can be longer than MAX_PATH(260)!!! I wrote a few words about this 15 years (sick!) ago : github.com/icewall/Public…

Exploitation of Asus Armory Crate AsIO3.sys driver | authorization bypass + ObfDereferenceObject primitive to LPE - blog.talosintelligence.com/decrement-by-o…

Thanks, GamersNexus, for presenting the bugs I found in ASUS Armoury Crate to a wider audience in such an accessible way! youtube.com/watch?v=Vy_KWP…

Exploiting Asus driver to escalate privileges. With few clever tactics Marcin Noga managed to bypass several constraints implemented by the driver devs. With hardlinks and ObfDereferenceObject() one can decrement PreviousMode of a process to enter god mode (this was patched in