Great analysis of an iOS format string bug, incl. dynamic analysis with Frida! blog.chichou.me/2021/06/20/qui…

Meet WiFiDemon: iOS WiFi RCE 0-Day Vulnerability & a 'Zero-Click' Vulnerability That was Silently Patched blog.zecops.com/research/meet-…

A human foot has not yet set foot here (the researcher's eyes did not look). Intel pcode (runs on 8051 power control unit in CPU complex)

The advisories for the BSSA bug are out. Thanks #Intel #Nvidia #Supermicro #HP #Lenovo #Dell! intel.com/content/www/us… nvidia.custhelp.com/app/answers/de… supermicro.com/en/support/sec… support.hp.com/us-en/document… support.lenovo.com/eg/en/product_… dell.com/support/kbdoc/… CC: Alex Matrosov Adam 'pi3' Zabrocki #blackhat2021

Wow, this side channel attack against iPhones (dubbed "iTimed" in the paper) is really cool: eprint.iacr.org/2021/464.pdf

Since iOS 15 RC had been released, I will drop the poc I mentioned a few days ago, it's a XNU IPC Race Condition bug reachable from sandbox, tested machine: iPhone 11 14.7.1 MBP 11.5.2/11.0.1 And here's my poc: gist.github.com/Peterpan0927/f… have a good day!

Metal Unlock (it's also Global Unlock or Legacy Unlock) password for one of Bonnell (the very first Atoms) representative...

Found proof of china bacdoor in rsa???

The very important goal has been achieved, for the benefit of the entire information security society: we decrypted Intel XuCode!

vx-underground is proud to unveil its patented EDR (Endpoint Detection and Response) technology. This technology (or lack thereof) has proven to stop 100% of malware, hackers, crooks, and even insider threats!

🛰️ For those (still) interested by the KA-SAT event which occured on the Feb. 27. It seems (*) that the attackers simply launched their payload from the modems' SSH accesses which were open to anyone on the SDWAN. (1/3)

Today we've published Intel Microcode decryptor! It gives you an amazing opportunity for researching x86 platforms. You can understand how Intel mitigated spectre vulnerability, explore the implementation of Intel TXT, SGX,VT-x technologies! Enjoy it! github.com/chip-red-pill/…

Blog post detailing a vulnerability I found in BlueStacks last year that allows a user to interact with the privileged helper and delete arbitrary files as root (and potentially other things) vkas-afk.github.io/22_july_2022

A very bad thing happened: now, the Intel Boot Guard on the vendor's platforms can no longer be trusted... ☹️

another day, another C developer not focusing hard enough

A blog post detailing a race condition I found in Acronis True Image that allows users to run arbitrary binaries as root. vkas-afk.github.io/26_february_20…

New blog post detailing an unpatched vulnerability I found 3 years ago in GoG Galaxy that allows an attacker to chmod 777 arbitrary folder / files. vkas-afk.github.io/28_november_20…