Details about the MDSec 's process for identifying Veeam 1Day vulns, writing working exploit & considerations for further weaponisation (including preauth. RCE(s), LPE + complete analysis) - Such an awesome post by SinSinology 👏 defense.one/d/36-cve-2022-…

We've finally landed the run-time memcpy() overflow warning patch in linux-next: git.kernel.org/pub/scm/linux/… So now I'm constantly reloading a search on lore, checking if anyone has run into new instances on real work loads. :P lore.kernel.org/all/?q=%22dete…

We had quite some fun for the last 2.5 years fuzzing CPUs. We wrote one system, scratched it, and wrote another one. This week we open-sourced most of it, and hope to open-source more in the future. github.com/google/silifuzz

New blog post! Part 1 in my new PlayStation hacking series: An **unpatched** PS4 / PS5 userland exploit that also allows pirating PS2 games. mast1c0re: Hacking the PS4 / PS5 through the PS2 emulator - Part 1 - Escape: cturt.github.io/mast1c0re.html Video demo: youtube.com/watch?v=GIl1mR…

Slides for "Sanitizing the Linux kernel: On KASAN and other Dynamic Bug-finding Tools", the talk I just gave at Linux Security Summit Europe 2022. Covers: 🐧 Generic KASAN implementation 🔥 Other Sanitizers 🗡 Extending KASAN and KMSAN to find more bugs docs.google.com/presentation/d…

Finally, here is the blog documenting the crazy 7 days that I spent on CVE-2022-1786 to pwn kCTF (and won a lot of cash)! Let me know what you think of the blog! blog.kylebot.net/2022/10/16/CVE…

A couple months overdue, here's the open source release of Concurrence, my new fuzzing library for thread-based targets. Integration code to SockFuzzer, plus Mach process/IPC/VM/etc. support are coming soon. Check it out at github.com/googleprojectz…

I’m really excited for us to shed light on some really cool work we’ve been doing to harden the XNU allocator! This has been a huge effort by so many people, and I’m very proud of the direction: security.apple.com/blog/towards-t…

My new blog series: Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 - Part 1: Root Cause Analysis zscaler.com/blogs/security… Part 2: Exploit Analysis zscaler.com/blogs/security… #0day #exploit #vulnerability #CVE_2022_37969

My keynote "The Evolution of Firmware Threats: Attacks below the OS" from No Hat Con is now available online! youtube.com/watch?v=L1VanO…

Inside Elon Musk's "free speech" Twitter, a culture of secrecy and fear has taken hold. Managers and employees have been muzzled, Slack channels have gone dark, and workers are turning to anonymous gossip apps to find out basic info about their jobs. washingtonpost.com/technology/202…

Now this is a pretty handy tool... "A plugin to introduce interactive symbols into your debugger from your decompiler" // by Zion Leonahenahe Basque github.com/mahaloz/decomp…

A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain googleprojectzero.blogspot.com/2022/11/a-very…

infosec.exchange/@drone for those that are migrating

Six actively exploited 0days patched today by Microsoft including one found by Benoît & clem1 from TAG. duo.com/decipher/micro… 2022 and we are still seeing active IE scripting exploitation 😔 Thanks to Microsoft for the quick turnaround and patch.

Wherein I propose that C++ initialize all stack variables to zero, preventing ~10% of CVEs. Cost: none. 🔗 wg21.link/P2723R0 🔗

Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend - Piotr Bazydło provides the details of CVE-2022-41040 and -41082. These were the #Exchange bugs used in active attacks and recently patched. zerodayinitiative.com/blog/2022/11/1…

Breaking the Chrome Sandbox with Mojo - the recording of my black hat talk is out: youtu.be/qhhJCLy0YBA (I'm painfully aware of the red shift :) )

The Kerberos PAC verification bypass me and monoxgas showed at the end of our BH presentation and was fixed last month is now open in the issue tracker. Certainly an interesting one :) bugs.chromium.org/p/project-zero…

CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog(), @Qualys Security Advisory. openwall.com/lists/oss-secu…