I've seen too many people get confused with the red vs blue team concepts so I made a handy Venn diagram which should put the matter to rest. If you can't understand it, sorry, maybe Cybersecurity isn't for you. 🤷

Just pwned Windows 11 with a kernel 0day in Pwn2Own Berlin! Thanks to my teammates Gerrard and Thach(Thach Nguyen Hoang 🇻🇳) for helping me run the exploit. Goodluck to their entries as well.

We have a bug collision. Although Sina Kheirkhah (SinSinology) of Summoning Team (SummoningTeam) successfully demonstrated his exploit of #NVIDIA Triton, the bug he used was known by the vendor (but not patched). He still earns $15K and 1.5 Master of Pwn points.

PoC Released: iOS Kernel Flaw Allows File System Modification Without Jailbreak securityonline.info/poc-released-i…

Most points in the AI category at the recent Trend Zero Day Initiative Pwn2Own! 🥳

I've just released the slides from my 0x41con talk with [email protected] - "The State of iOS Jailbreaking in 2025". github.com/alfiecg24/Pres…

Back in 2023, the assessment of the pre-authentication vulnerability in SSH was that it wasn't exploitable on Linux. For my OffensiveCon 2025 keynote, I wrote enough of an exploit to show, with the right heap groom and stabilization, it's likely exploitable. Then I tried to have

My OffensiveCon talk, Unexpectedly Excavating an ITW Exploit, is now available to watch! youtu.be/lnK1iACJ3-c?si…

ZathuraDbg: Open-Source GUI tool for learning assembly reddit.com/r/lowlevel/com…

[ZDI-25-298|CVE-2025-31233] Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability (CVSS 8.8; Credit: Hossein Lotfi (Hossein Lotfi) of Trend Micro Zero Day Initiative) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-305|CVE-2025-31219] Apple XNU kernel vm_map Race Condition Local Privilege Escalation Vulnerability (CVSS 8.8; Credit: Michael DePlante (Michael DePlante) and Lucas Leong (Lucas Leong) of Trend Micro's Zero Day Initiative) zerodayinitiative.com/advisories/ZDI…

Check out our latest deep dive into the #Fortinet CVE-2025-32756, a classic buffer overflow! This is being exploited in the wild and was added to the CISA KEV catalog last week. horizon3.ai/attack-researc…

The final part of j00ru//vx’s Windows Registry series is live! Contains all the hive memory corruption exploitation you’ve been waiting for googleprojectzero.blogspot.com/2025/05/the-wi…

ghidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients. github.com/LaurieWired/Gh…

NetExec now has native checks for LDAP signing and channel binding capabilities of the target DC, thanks to the implementation of Thomas Seigneuret 🚀 I also fixed querying LDAP with non-ASCII characters, so you can finally query groups such as "Dämonen-Administratoren"🎉

The slides for offensivecon talk "Hunting for overlooked cookies in Windows 11 KTM and baking exploits for them" by Cedric Halbronn and I are here: docs.google.com/presentation/d…

A step-by-step guide to writing an iOS kernel exploit alfiecg.uk/2024/09/24/Ker…

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by Guillaume André and Wil. synacktiv.com/publications/n…

Released my small IDA plugin for finding low-hanging fruit vulnerabilities, a global cross reference list for hexrays github.com/L4ys/LazyCross/

Excellent article from Synacktiv detailing CVE-2025-33073. It's an easy peasy LPE on any server where SMB signing is not enforced. I have already replicated it and works a charm. If you still aren't enforcing SMB signing... what are you doing?! Harden your environment & patch!