🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

My team Praetorian just published our work in reverse engineering the Proxylogon patches for CVE-2021-26857, CVE-2021-26855, and CVE-2021-27065. I learned a lot more about Exchange than I thought I'd ever need, but had a blast. praetorian.com/blog/reproduci…

Thanks for the seamless contribution process! Cheers to Michael Weber and Dallas 😄

Just finished Portswigger's new Burp Suite Certification. I've always been a huge fan of the Web Security Academy and this is an excellent capstone on the labs. Thanks PortSwigger for all the educational content! #burpsuitecertified

I'm really excited for this video! I got a chance to collab with LiveOverflow 🔴 and share the process for discovering the localhost bypass for CVE-2021-45046 with code review and differential fuzzing. :)

containerd: Insecure handling of image volumes bugs.chromium.org/p/project-zero…

spring.io/blog/2022/03/3…

It’s finally time. H4CK1NG.GOOGLE

github.com/google/securit… Our research on the deep mines of the JPX standard is now public. I had the pleasure and the privilege to work with Simon Scannell , Anthony Weems and Ezequiel Pereira on this one. Pretty interesting client side info leak vector :)

I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-) github.com/amlweems/xzbot

Very excited to present this with Anthony Weems! See you in Berlin! (Ezequiel Pereira and 那个火饺🦆(JJ)) were also working on that project and will also be there :)

The Mines of Kakadûm: Blindly Exploiting Load-Balanced Services by Simon Scannell and Anthony Weems is now live!

Excited to share this blog post about server-side memory corruption that my team exploited in production. Shout-out to Simon Scannell, Ezequiel Pereira, and 那个饺子🦆(JJ) - this was a very fun project. :-) bughunters.google.com/blog/622075742…

Cloud CISO Perspectives Blog for mid-October ‘24 is up covering: - Sharing AI vulnerability research - Virtual red teams - Advances in DDoS mitigation - Securing inherited cloud deployments - Can AI keep a secret? - and more….. cloud.google.com/blog/products/…

Before joining Google, I submitted some Cloud bugs to the Google Vulnerability Rewards Program (VRP). Today, we announced a dedicated Cloud VRP and I'm so excited to be a part of the program that got me into Google in the first place. Send us vulnz 🙂 cloud.google.com/blog/products/…

Exciting update on Project Zero’s LLM research: googleprojectzero.blogspot.com/2024/10/from-n…

Details: github.com/google/securit…

Effective today, Google will issue CVEs for critical vulnerabilities in Google Cloud that are fixed internally and do not require customer action or patching. cloud.google.com/blog/products/…

🕺"Leaving tradition" is one of the best parts of Google's security culture and has led to some of the most interesting attack chains I've gotten to work on. There's nothing quite like starting with a blank slate and ending with a root shell.💃