This might be the best bug I found. Never thought I'd be writing a kernel exploit as reliable, clean and fast as a browser exploit. For a while I actually used this to root my research phone when can't be bothered to patch the rom: github.blog/2022-07-27-cor…

I wanted to end last year with a vm escape, took me a bit longer but I want to present you my latest public research: A VM escape in Oracle VirtualBox using only one integer overflow bug! This was fixed in April 15 and assigned CVE-2025-30712. github.com/google/securit…

Thrilled to share our latest deep dive into Windows Kernel Streaming! Just presented this research at offensivecon. Check it out: devco.re/blog/2025/05/1…

#OffensiveCon25 videos are now up! youtube.com/playlist?list=…

We still need help getting early access to Android 16 sources prior to the stable release in June. Every mainstream Android OEM has it. We're currently spending significant time on reverse engineering Android 16 Beta releases. It's a huge waste compared to having what we need.

sean.heelan.io/2025/05/22/how…

Meet our new buddy, Argusee — an AI-powered, automated vulnerability hunter that has already discovered 15+ vulnerabilities across projects, including a previously unknown Linux kernel flaw (CVE-2025-37891) enabling LPE. Demo and details: darknavy.org/blog/argusee_a…

🚨🚨🚨We just broke everyone’s favorite CTF PoW🚨🚨🚨 Our teammate managed to achieve a 20x SPEEDUP on kctf pow through AVX512 on Zen 5. Full details here: anemato.de/blog/kctf-vdf The Sloth VDF is dead😵 This is why kernelCTF no longer has PoW!

Our new blog post is live: blog.dfsec.com/ios/2025/05/30…

jemalloc is archived 🤯 github.com/jemalloc/jemal…

Had some fun with rust and wrote a kernel. github.com/xwings/elinOS elinOS RISC-V64 kernel

My writeup on CVE-2025-31200. This ones an interesting one blog.noahhw.dev/posts/cve-2025…. thanks to Billy Ellis for the shoutout.

jemalloc Postmortem jasone.github.io/2025/06/12/jem…

A bit late, but I just published my blog post on bypassing Ubuntu’s sandbox! Hope you enjoy it! u1f383.github.io/linux/2025/06/…

🧠 [POC2025] TRAINING Windows Kernel Exploitation: Becoming an "Advanced" Exploit Developer by Cedric Halbronn (Cedric Halbronn) 📅 Nov 10-12 (3 days) 📍 Four Seasons Hotel Seoul, South Korea 🔗 More info powerofcommunity.net/#training #POC2025

I had fun playing with Bitchat today. A MITM attacker can pretend to be a "favorited" peer which has been marked as trusted. This lets an attacker inject themselves into trusted conversations My general thoughts about vibe coding and cryptography are written within

[SECURITY] firefox-patch-bin, librewolf-fix-bin and zen-browser-patched-bin AUR packages contain malware lists.archlinux.org/archives/list/…

arm64: Linear mapping is mapped at the same static virtual address project-zero.issues.chromium.org/issues/4342084…

🚨More than a year after the XZ Utils crisis, we found 35+ publicly available Docker Hub images still carrying the backdoor, some tagged “latest”. Long-tail supply-chain risk is real! Read the blog: binarly.io/blog/persisten…

Alex Hey, I'm going to ask you something just in case. I teach a Linux kernel exploitation course and I wanted to differentiate to the class the kinds of randomizations we see in memory. Even without KASLR or any other configurable randomization, if you check a slub cache right after