Linux kernel v4.20 has been released! I'm excited about the stackleak plugin, better kernel memory access faults for improved fuzzing, spectre v2 userspace mitigations, jump labels getting switched to read-only, and the end of VLAs (*whew*)! outflux.net/blog/archives/…

unauth, unassoc remote code exec on the Marvell Avanstar Wifi chip SoC used in Playstations, Xbox, Surfaces, Chromebooks, Samsung phones and more in under five minutes attack time. Bonus second stage escalation in the linux drivers, PoC on steamlink. 2018.zeronights.ru/wp-content/upl…

Primeros ponentes confirmados de RootedCON 2019 rootedcon.com/noticias/prime… #rootedcon #rooted2019

we have updated our payout table for Pwn0rama #pwn0rama #coseinc

In response to Zerodium's recent MikroTik tweet, I put some of my RouterOS bug hunting experience in writing: medium.com/tenable-techbl… #BugBounty

Slides for my "Coverage-guided USB Fuzzing with Syzkaller" talk offensivecon docs.google.com/presentation/d…

TIL: You can find SunOS 4.1.x, Solaris 2.6, Ultrix 4.3, IRIX 6.5.5, AIX 4.1.3 and OSF/1 1.0 source trees on archive.org: archive.org/download/vario… My 16yo self is rejoicing with joy.

Slides from my talk: vwzq.net/slides/2019-sp…

My talk is already public: youtube.com/watch?v=6kYylH…

So here it is, the first SigDigger release: github.com/BatchDrake/Sig… There is probably a bunch of bugs and glitches, but it should be usable. Anyone in the mood to build it? :D

I know a lot of people will be delighted by this: We are releasing CodeQL for FREE for OSS and Academia. We also have a new VSCode extension: securitylab.github.com/tools/codeql

What? A library that wraps IDA decompiler API and makes it usable? *and* documented? We just released a thing. Blog: fireeye.com/blog/threat-re… Github: github.com/fireeye/FIDL Docs!!!: fidl.readthedocs.io/en/latest/

My write-up covering offensivecon talk! CVE-2019-18683: Exploiting a Linux kernel vulnerability in the V4L2 subsystem a13xp0p0v.github.io/2020/02/15/CVE… offensivecon slides: a13xp0p0v.github.io/img/CVE-2019-1… PoC exploit demo video: youtube.com/watch?v=mb4YHy… Enjoy!

centos 8 / rhel 8 / ubuntu 14.04, 16.04, 18.04 poc is uploaded github.com/duasynt/xfrm_p…. The tech report is public too duasynt.com/pub/vnik/01-03…

uploaded my last stream - Android / Linux kernel SLUB aliasing, ie when special-purpose caches get merged with general-purpose kmalloc caches. hope it will be useful youtube.com/watch?v=5-eRsA…

The year of "re-hosting your favorite firmware target on QEMU and fuzzing it".

This is awesome! #Linux #kernel #CVE #exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore. github.com/bsauce/kernel-…

"... IOActive has demonstrated that data bits stored in the example antifuse memory can be extracted using a well-known semiconductor failure analysis technique..." Our latest blog highlights this technique used in the RP2350 Challenge from Raspberry Pi. ioactive.com/raspberry-pi-2…