New blogpost by Axel Souchet: "Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)" doar-e.github.io/blog/2021/04/1…

Looks like the end of PHdays. The US sanctions on Positive Technologies will make it a bit hard to pay to attend, and “recruiting event for the FSB and GRU” is not a ringing endorsement. home.treasury.gov/news/press-rel…

CVE-2021-20226: Lucas Leong details this #Linux privilege escalation via io_uring originally submitted by @ga_ryo_. The bug leads to a UAF on any file structure, which can be leveraged for LPE in the kernel. bit.ly/3vbrOEx

#Parallels Desktop RDPMC hypercall interface and vulnerabilities: renorobert details how he found a heap overflow & a TOCTOU bug in his latest blog. zerodayinitiative.com/blog/2021/4/26…

In a new guest blog, jeongoh describes how CVE-2021-26900 can be used to escalate privileges on #Windows through win32k. His write-up includes root cause, patch analysis, and PoC. Read the details at bit.ly/3nOpPDz

You've probably heard about the wormable bug in http.sys (CVE-2021-31166) but have you seen what causes it? The Trend Micro Research team provides a detailed root cause analysis of this recently patched #Windows http.sys bug. bit.ly/2S1nXM4

The deadline of CALL FOR PAPERS for #Hacktivity2021 has been extended by one week! If you want to be a presenter or hold a workshop, do not hesitate to apply! More info: bit.ly/3eXgnL4

“ They did, they do and will probably always be around.” - Oui j’agree. Good find!

Do you want to learn how to fuzz efficiently? Our latest blogpost talks about techniques we used to find vulnerabilities in multiple targets. More information in the link bellow: blog.haboob.sa/blog/modern-ha… Happy hunting!

Every time I see a picture of a Tokyo street scene I think “goddamn why does this look so inviting?!” and then I realise it’s because there’s no on street parking

My first MSFT LPE got patched recently! msrc.microsoft.com/update-guide/e…

Remote Deserialization Bug in Microsoft’s RDP Client through Smart Card Extension (CVE-2021-38666) 🤩 thalium.github.io/blog/posts/des…

Pwn2Own’ing Your Router over the Internet by Rado RC1 and Pedro Ribeiro offensivecon.org/speakers/2022/…

This is going to be a good one. Pedro Ribeiro and Rado RC1 are awesome researchers.

My first two CVEs of 2022 have been published: CVE-2022-21908: Microsoft Windows Installer LPE CVE-2022-26751: Apple AppleGraphicsControl component RCE (when rendering the thumbnail of a file) affecting macOS, iOS and iPadOS.

Boom! It takes AbdulAziz Hariri less than 15 seconds to kick off #Pwn2Own Vancouver with a successful exploit of #Adobe Reader on macOS. He's off to the disclosure room to discuss the details of his research.

Success! AbdulAziz Hariri of Haboob completed his attack against Adobe Reader using a 6-bug logic chain exploiting multiple failed patches which escaped the sandbox and bypassed a banned API list. He earns $50,000 and 5 Master of Pwn points. #Pwn2Own #P2OVancouver

🤦‍♂️

Confirmed! AbdulAziz Hariri used an API Restriction Bypass and a Command Injection bug to get code execution on #Adobe Reader. In doing so, he earns $50,000 and 5 Master of Pwn points. #Pwn2Own #P2OVancouver