I just finished one of my long-standing todos. The "Hypervisor From Scratch" tutorial is completely revised. Codes from all parts are updated, unnecessary details are removed, and new explanations are added to the tutorial. Take a look at new updates. github.com/SinaKarvandi/H…

microsoft.com/security/blog/… The cat is out of the bag!

Had fun writing an exploit for CVE-2022-1802 TrendAI Zero Day Initiative github.com/mistymntncop/C…

github.com/emredavut/Chro… Oh wow, I didn't realize that the Lazarus Group's (old) Chrome SBX had been captured.

Speaking of USENIX Association security ‘22, this paper is fascinating…Integration of a similar functionality in IDA/Ghidra/Binja would make much sense, to allow reversers to improve the pseudocode. Decomperson: How Humans Decompile and What We Can Learn From It usenix.org/conference/use…

So this is the blogpost about CVE-2022-22715 Windows Dirty Pipe, I share the root cause and exploitation on it, thanks all help from our KunlunLab and Adobe Product Security Incident Response Team. Enjoy! Blog post: whereisk0shl.top/post/break-me-… PoC: github.com/k0keoyo/my_vul…

Part 2 of the blog describing the #Firefox bug used by Manfred Paul at #Pwn2Own Vancouver is live. Hossein Lotfi continues looking at the code execution bug with sandbox escape that won $100K at the event. Read the details (and watch the video demo) at zerodayinitiative.com/blog/2022/8/23…

I update my blog post and update a demonstrate code about how I invoke WNF APIs in sandboxed process about your confusion. Tim Uniranger Alex Plaskett

Our intern qwerty was destined to analyze a recent Linux kernel LPE vuln (CVE-2022-32250), a bug found and reported by fidgeting bits. Here's a brief write-up on the analysis of the bug and the exploit development. Check it out! blog.theori.io/research/CVE-2… (exploit included)

Recently @fidgetingbits presented at HITCON on a 6 year old Linux kernel use-after-free vulnerability (CVE-2022-32250) which we exploited to gain reliable priv esc on Ubuntu 22.04. research.nccgroup.com/wp-content/upl… by @nccgroupinfosec EDG Cedric Halbronn @fidgetingbits Alex Plaskett"

#HITB2022SIN presentation slides and materials are here: conference.hitb.org/hitbsecconf202…

slides for my talk "E’rybody Gettin’ TIPC: Demystifying Remote Linux Kernel Exploitation" are up here: conference.hitb.org/hitbsecconf202…

ipc_kmsg_get_from_kernel blogpost, part 2 - different message, better structures overlap :) saaramar.github.io/ipc_kmsg_blogp…

Another exciting open-software release from the Galois team! They are open-sourcing cclyzer++, a new pointer analysis for languages that compile to LLVM, including C and C++. Find out more in the release announcement here. galois.com/blog/2022/08/c…

A veritable treasure trove of FreeBSD kernel exploitation techniques and possibilities… FreeBSD 11.0-13.0 LPE via aio_aqueue Kernel Refcount Bug, by root accessvector.net/2022/freebsd-a…

Learn how we discovered 5 distinct vulnerabilities on WatchGuard #Firebox/#XTM firewalls, and obtained a pre-auth Remote Code Execution as root #0day (CVE-2022-31789, CVE-2022-31790). ambionics.io/blog/hacking-w…

Nice PoC for one of my IKE bugs fixed this month😀

Watching Cedric Halbronn pwning a printer OTA.

The slides for Toner Deaf – Printing your next persistence at Hexacon by Cedric Halbronn and Alex Plaskett demonstrating remote compromise of a Lexmark printer and a persistence backdoor are now available research.nccgroup.com/2022/10/17/ton…

Video now out for our Lexmark printer exploitation and persistence research by Alex Plaskett Cedric Halbronn and fidgeting bits in the talk titled 'Toner Deaf – Printing your next persistence (Hexacon 2022)' research.nccgroup.com/2022/10/17/ton… youtube.com/watch?v=TUHcZp…