V8 Sandbox escape/bypass/violation and VR collection github.com/xv0nfers/V8-sb…

r00tkitsmm.github.io/fuzzing/2024/1… TL;DR I Implemented a super reliable macOS kernel binary rewriting to instrument any KEXT or XNU at BB or edge level.

Dropped my slide for POC2024 on Linux kernel exploitation, including a journal from Pwn2Own Vancouver earlier this year. Enjoy 🙂. u1f383.github.io/slides/talks/2…

hop skip jump over to our latest blog post - analysing Fortinet's FortiJump CVE-2024-47575, FortiJump-Higher (we love this name😄) and beyond (PoC included) labs.watchtowr.com/hop-skip-forti…

2/ We learn that NSO Group had at least three @whatsapp exploits: Heaven, Eden & Erised. The first, called Heaven, was active some time prior to Sept-Dec 2018. It worked by using manipulated messages to direct targeted devices to a malicious WhatsApp relay controlled by NSO

This is the report of the Windows LPE bug that I used in TyphoonPwn this year.

The report of the #FreeBSD audit conducted by Mastho and JB Cayrou is finally out! freebsdfoundation.org/blog/strengthe…

Unleashing a 0day: Pivoting Capabilities and Conquering the Linux Kernel A talk by 0xTen about exploiting a slab use-after-free bug in the traffic control subsystem. Slides: figma.com/deck/GyXCgKKy6… Video: youtube.com/watch?v=bxJhlw…

Slides for my talk at H2HC 2024: Diving into Linux kernel security 🤿 I described how to learn this complex area and knowingly configure the security parameters of your Linux-based system. And I showed my open-source tools for that purpose! a13xp0p0v.github.io/img/Alexander_…

Ever wanted to learn fuzzing?!?! 🐛 Me and some other folks at Psi Beta Rho recently ran a project where we taught folks about the basics of fuzzing with Honggfuzz. 👀 Some fun activities inspired by the Fuzzing101 repo from the folks at GitHub Security Lab! 🤗 github.com/pbrucla/fuzzin…

I taught a killer training of glibc malloc heap exploitation for several years. After some effort, the content is now open source and mostly ready to consume! Half of the videos are posted for the course. 🔥 github.com/SecurityInnova…

A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering github.com/3dnow/NtCreate…

A brief JavascriptCore RCE story by Lan Vu and An Nguyễn qriousec.github.io/post/jsc-unini…

Hackers rejoice! We are releasing the Phrack 71 PDF for you today! Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue! The CFP is still open, you can find it and the PDF link at phrack.org

The Linux Memory Manager preorder and early access book nostarch.com/linux-memory-m…

Accidentally uncovering a seven years old vulnerability in the Linux kernel Article by Anderson Nascimento about finding and analyzing a slab use-after-free vulnerability in the TCP sockets implementation. allelesecurity.com/accidentally-u…

If you love INTERNALS this youtube channel is GOLD youtube.com/watch?v=H4SDPL…

Chrome Browser Exploitation: from zero to heap sandbox escape by matteo malvica ⭕ youtube.com/watch?v=RL2po1…

Trigon: developing a deterministic kernel exploit for iOS #TrigonExploit #iOSKernel #Vulnerability #PhysicalMapping #KernelReadAndWrite alfiecg.uk/2025/03/01/Tri…

Chrome V8 patch analysis and exploitation darknavy.org/blog/cve_2024_… #chrome #infosec