Cleanly Escaping the Chrome Sandbox: how they discovered/exploited an UAF in the browser process leading to a sandbox escape in Google Chrome as well as Chromium-based Edge 👍👏 theori.io/research/escap…

Want to learn how to break browsers and JavaScript engines? Watch these conference talks or read these articles to get up to speed with browser vulnerability research and exploitation. The JavaScript Engine Fuzzing and Exploitation Reading List. zon8.re/posts/javascri…

[Blog] Let's learn about device #pentesting tools! In this blog, our bandit,Arun Magesh, talks about "6 Tools You Need To Be Aware Of If You Are Into Device Pentesting". 📝 Read Now. 👉 bit.ly/32bcpXS #tools #informationsecurity #cybersecurity

Here is a much more detailed article for those interested. github.com/alex/what-happ…

The best 10 mins video about #health and #fitness ! #glutenfree #diet #nofat I appreciate the content WION , a much needed message during the pandemic when people are getting crazy over health. P.S: Home food is healthy food. Beware of paid promotion. youtu.be/p2LATm1ckk4

Stealing local files using Safari Web Share API blog.redteam.pl/2020/08/steali…

The "uncrackable" mobile payment application that it will allow radare users to make contactless payments everywhere and transfer money between r2 users. Take a crack at it during the CTF: ctf.radare.org. Made by Gautam Arvind and myself 📱💣

r2-pay: anti-debug, anti-root & anti-frida (part 1) #MobileSecurity #AndroidSecurity by Romain THOMAS r2-pay challenge created by Edu Novella and Gautam Arvind romainthomas.fr/post/20-09-r2c…

Hey folks, one of my sister teams at Apple is looking for interns as well as full-time staff. If you are interested in reverse engineering and malware analysis or know somebody who is, my DM’s are open. Get in touch!

In September, dozens of Joker #malware variants hit #Google Play and third-party app stores. (via Tara Seals) threatpost.com/joker-trojans-…

Cross-domain content can be fetched from resources loaded by the content scheme (reward: $20000) crbug.com/1092449

The Android Security team is spinning up a new team and we're looking for a manager. The team is doing security reviews/pentests of high-sensitivity apps on Google Play, starting with COVID-19 contact tracing apps and later branching out into election-related apps and others.

Alright folks, here is the mega blog post. "The Good, The Bad, and The Bye Bye: Why I Left My Tenured Academic Job" reyammer.io/blog/2020/10/0… Enjoy :-)

In this week's episode, Adam Doupé and [email protected] talk about ropshipai w/ creator Antonio Bianchi! Also joining is Corwin de Boor Matthew Savage Jay Bosamiya from PPP to talk from the players' perspective. You don't wanna miss this one. ctfradi.ooo/2020/10/06/005… 📺 youtube.com/watch?v=JiNgVA…

Here's one of the rounds of the challenge under play. Each ship is controlled via a custom built AI that each team made after exploiting a binary via a ROP based attack. Listen to the episode to find out more details!

Health is Wealth. Don't wait for an incident to realize this!

Intro To Grammar Fuzzing Materials: -Fuzzing With Grammars fuzzingbook.org/html/Grammars.… -Controlling Recurse Depth narly.me/posts/controll… -Nautilus Fuzzing Paper syssec.ruhr-uni-bochum.de/media/emma/ver… -Paper Review: Building Fast Fuzzers youtube.com/watch?v=ZfuRDw…

Great research by Aazim Bill SE Yaswant and @fsoc_sh blog.zimperium.com/grifthorse-and…

We placed 1st in India, 4th overall and 1st globally in the undergrad bracket at CSAW finals. Shoutout to SDSLabs and teambi0s for placing 2nd and 3rd in India and gg to CSAW Cybersecurity Games and Conference for organising such a fun event