An update (1.5.1) has been released for Phoenix Contact CHARX SEC-3100 EV Charging Controllers which addresses vulnerabilities NCC Group EDG (Alex Plaskett McCaulay) exploited at Pwn2Own Automotive 2014. cert.vde.com/en/advisories/… phoenixcontact.com/en-gb/products…

some people asked for the code .. so I decided to quickly refactor my scrappy paramiko script and turned it into an ssh agent implementation that works with a vanilla openssh client that has a single line patched out. github.com/blasty/JiaTans…

17 yrs of KASLR bypasses was a total waste of time 🫤 lore.kernel.org/all/2024021800…

This dude found a kernel RCE on PS5 via the network (!!!). “Heartbleed”-like attack using an ancient bug from 2006. Disclosed via HackerOne to Sony. This bug allows 3rd parties to clone games (!), cheat, or APTs to persist by compromising PS5/PS4. What did he get? $12.5k 🤦‍♂️

Just published some notes about porting a redis exploit to work on the musl mallocng heap: research.nccgroup.com/2024/06/11/pum…

[ZDI-24-845|CVE-2024-23960] (Pwn2Own) Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability (CVSS 4.6; Credit: NCC Group EDG (@nccgroupinfosec McCaulay Alex Plaskett)) zerodayinitiative.com/advisories/ZDI…

[ZDI-24-867|CVE-2024-25994] (Pwn2Own) Phoenix Contact CHARX SEC-3100 CharxUpdateAgent Unrestricted File Upload Remote Code Execution Vulnerability (CVSS 5.3; Credit: NCC Group EDG (@nccgroupinfosec McCaulay Alex Plaskett)) zerodayinitiative.com/advisories/ZDI…

#RomHack2024 🎟️ conference tickets 🎟️ available right now romhack.io/tickets The #agenda is online, check this year’s edition incredible lineup romhack.io/agenda ⬇️⬇️

I am Super happy 🥳 to announce that I'll be presenting my research about Ivanti vulnerabilities 🔥 in RomHack 2024

Alex (Alex Plaskett) and McCaulay (McCaulay) work on the 2024 pwn2own automotive edition was phenomenal, you don't want to miss this 👇🔥

The before-lunch #RomHack2024 speakers will be Alex Plaskett Alex Plaskett & McCaulay Hudson McCaulay starting @ 11:55 (18 Sept) 🚗 Revving up: the journey to pwn2own automotive 2024 🚗 ⬇️

A few months back we submitted two exploit chains to the first ever Pwn2Own Automotive competition. We just released a blogpost (part 1 of 2) detailing the bugs we abused to remotely exploit the Phoenix CHARX industrial EV charger and win $60,000 🔥🔥 blog.ret2.io/2024/07/17/pwn…

Happy to also be speaking at 44CON with McCaulay on “Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own 2024” in September! 44con.com/44con-2024-tal…

Scapy in Action at Pwn2Own Automotive: github.com/ret2/Pwn2Own-A…

[ZDI-24-1044|CVE-2024-23929] (0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Telematics Directory Traversal Arbitrary File Creation Vulnerability (CVSS 7.3; Credit: NCC Group EDG (@nccgroupinfosec McCaulay Alex Plaskett)) zerodayinitiative.com/advisories/ZDI…

Hacking EV Charger: ChargePoint Home Flex can be exploited via Bluetooth.. sector7.computest.nl/post/2024-08-p…

🇬🇧Next week, Thursday the 19th 17:00 GMT McCaulay and myself will be presenting "Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own 2024" at @44con in London 🇬🇧 Will be good to catch up with the UK crowd!

want to play with the fbsd umtx exploit? check out github.com/fail0verflow/p…

Don't forget tomorrow at 17:00GMT Alex Plaskett and McCaulay will present at @44con on Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own 2024! #Pwn2Own #CyberSecurity #infosec #EVSecurity #VulnerabilityResearch

Alex (Alex Plaskett) and McCaulay (McCaulay) captured in the wild droppin the coolest pwn2own talk 🔥🪲