🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Think HVCI and kCET mean the end of kernel code execution? I wrote a blogpost exploring an alternative way to execute a kernel payload! :) blog.slowerzs.net/posts/keyjumpe…

#Kernel_Security The Evolution of Dirty COW u1f383.github.io/linux/2025/03/…

We know what you’re waiting for…..this isn’t it 😅 🚀Join the watchTowr Labs team today on our journey into Kentico Xperience CMS again - chaining vulnerabilities together for full RCE.... labs.watchtowr.com/xss-to-rce-by-…

Submitted this bug to ZDI a long time ago, but they weren’t interested 🥲. Later sent to Oracle, marked dup of CVE-2023-22047. CVSS 7.5 but leads to unauth RCE. Fortunately, some big programs accepted it. Check exploit here : github.com/tuo4n8/CVE-202… #BugBounty #InfoSec #Oracle

One Bug to Rule Them All: Stably Exploiting a Preauth RCE Vulnerability on Windows Server 2025 by zhiniang peng @ver0759 Zishan Lin i.blackhat.com/Asia-25/Asia-2…

Did you know, that PW "encryption" for ZIP files has some room for improvement and can be circumvented in some cases? Not new, but seem to be a lesser known technique. Made a small WriteUp for this. badoption.eu/blog/2025/04/0…

vCenter Lost - How the DCERPC Vulnerabilities Changed the Fate of ESXi by hz z zblee Yue Liu i.blackhat.com/Asia-25/Asia-2…

I shared an example earlier for fuzzing libxslt with Jackalope's grammar mutator. But Firefox has its own XSLT implementation, how do we fuzz browser code? The following .patch demonstrates how to do that. It is the setup that resulted in CVE-2025-1932. github.com/googleprojectz…

It's way easier to setup than you might think. Played with it a couple months ago. Give it a try ;) Thanks Axel Souchet for making it open source!

When injecting or o/w messing with process (either from ③ or ⓪), it can be crucial to ensure loader init completed - i.e. ntdll!LdrpInitializeProcess has set up vital structs and dlls. Best way to check: initDone = (peb.Ldr != 0) && !peb.ProcessInitializing (peb32 for wow64)

Great blog post from our intern, Ashleigh, walking us through how she created her Binary Ninja plugin that imports function parameter and type information from C header files. Check out the plugin on GitHub: github.com/interruptlabs/… interruptlabs.co.uk/articles/query…

Slides of my talk at #Zer0Con2025! ⚡️ Kernel-Hack-Drill: Environment For Developing Linux Kernel Exploits ⚡️ I presented the kernel-hack-drill open-source project and showed how it helped me to exploit CVE-2024-50264 in the Linux kernel. Enjoy! a13xp0p0v.github.io/img/Alexander_…

My blog post on some vulns in GFI MailEssentials frycos.github.io/vulns4free/202…

My new article, "Writing a Full Windows ARM64 Debugger for Reverse Engineering," covers the topic in detail, including its internals and the core differences between Windows on Intel and ARM64: keowu.re/posts/Writing-…

I've released a blog series about modern Linux kernel exploitation, where you can learn some advanced techniques used in real-world kernel exploits. Enjoy! r1ru.github.io/categories/lin…

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…

Launching a student-only free workshop: ".NET Exploitation Basics" 🪲 If you're a student (or know one), let's write some deserialization exploits, Manchester, July 12. 10 seats. summoning.team/free-training-…