#Parallels Desktop RDPMC hypercall interface and vulnerabilities: renorobert details how he found a heap overflow & a TOCTOU bug in his latest blog. zerodayinitiative.com/blog/2021/4/26…

#4 in MSRC 2021. Randomness were kind this year.

An analysis of a #Parallels #Desktop stack clash vulnerabilities. renorobert describes some recently patched bugs and looks at how Binary Ninja’s static data flow capability can be used in automating bug finding tasks. zerodayinitiative.com/blog/2021/9/9/…

Fuzzing Windows image parsers - RAW and HEIF: mandiant.com/resources/fuzz…

Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities: renorobert provides copious details on using #BinaryNinja to discover lots of bugs in #MySQL Cluster, and he provides source code so you can, too. zerodayinitiative.com/blog/2022/2/14…

In his final blog on finding bugs using taint analysis, renorobert experiments with #CodeQL’s IR and #Clang checkers for detecting untrusted pointer derefs & tainted loop conditions. These techniques led to multiple vuln discoveries. Read the details at zerodayinitiative.com/blog/2022/2/22…

Made a PoC binding over TTD traces and a few examples of use, such as trace diffing (ie. finding where traces'path differs) or call tree extraction (with symbol, ret value, etc.): github.com/commial/ttd-bi…

Likely my last post on the Windows HEIC image parsers - recovering symbols, porting to PDB and root-causing an out of bound write vuln: mandiant.com/resources/fuzz…

ZDI Researcher renorobert looks at the patch gap between the #VMware ESXi TCP/IP stack and the #FreeBSD kernel it was based on. Some bugs went unpatched for years. Read the details at: zerodayinitiative.com/blog/2022/7/25…

In our latest #MindShaRE blog, renorobert talks about using Binary Ninja's stack data flow feature to look for uninitialized memory disclosure in BSD kernels. Read all the details (incl sample scripts) at zerodayinitiative.com/blog/2022/9/19…

VM escapes in #Parallels Desktop are a common target for many researchers. renorobert details some local privilege escalation via setuid root binaries in his latest blog. His write-up includes root cause analysis of CVE-2023-27322, -27324, & -27325. zerodayinitiative.com/blog/2023/4/5/…

PoC for one of the recently patched MSMQ vulnerabilities. github.com/omair2084/msmq…

CVE-2022-31696: renorobert takes an in-depth look at this #VMware #ESXi type confusion privilege escalation he discovered. He shows his research methodology and looks at the patch released to fix it. zerodayinitiative.com/blog/2023/6/21…

Most of the code is never written to be read/reviewed/fuzzed. But, yes, the VP wants the code (written over a decade by 100s of engineers) to be reviewed in 2 weeks to find ALL vulnerabilities :D

Excited to share vmi-rs - a batteries-included, easy-to-use and fast framework for Virtual Machine Introspection in Rust! Built from scratch. Optimistically aiming to address some long-standing issues in the VMI space. github.com/vmi-rs/vmi 🧵

🎄 All I Want for Christmas is a CVE-2024-30085 Exploit 🎄 As always, we at starlabs are sharing what we learnt. This time, it's brought to you by Cherie-Anne Lee starlabs.sg/blog/2024/all-…

Register-Modify-Callback FTW!

Accidentally found a WinDbg Time Travel Debugger instruction emulation bug. Wrote a rudimentary fuzzer, found more bugs. One of the bug ended up as a instruction discrepancy between INTEL and AMD CPUs. cloud.google.com/blog/topics/th…

In our latest MindShaRE blog, renorobert describes how to use Binary Ninja’s MLIL to establish a data flow graph by tracing interactions between a specific memory allocation in order to find UAF bugs. He includes source code so you can, too. zerodayinitiative.com/blog/2025/3/20…