Ranked #19 this year, congratulations to everyone on the list.

[New Blog Post] Analysis of DirectComposition Binding and Tracker object vulnerability iamelli0t.github.io/2021/08/15/Dir…

CVE-2021-40444 is so bad🤦‍♂️

After doing some debug and reverse on CVE-2021-40444, I think the developer of MS should re-read this article. They made another mistake on this issue.

It seems that MS has correctly patched the cab path traversal issue(part of CVE-2021-40444), now it will convert forward slashes (/) into back slashes (\) before calling PathCchCanonicalizeA 👏

Reproduced CVE-2021-40449 according to Kaspersky’s blog🤔

#BHUSA I will share some experience and insights on itw Windows LPE 0day hunting at Black Hat USA 2022. It's a great honor to be invited by Black Hat

Here is a blogpost by me and Eli analyzing Follina exploit paloaltonetworks.com/blog/security-… #Follina CVE-2022-30190

This year #9 for Office and #38 overall, congrats to all on the list!

Glad to be credited along with others👏, anyone who had learned my Black Hat USA 2022 slides should catch this itw 0day: i.blackhat.com/USA-22/Thursda…

New year, new blog post! CVE-2021-31985: Exploiting the Windows Defender AsProtect Heap Overflow Vulnerability pixiepointsecurity.com/blog/nday-cve-…

I'm honored to have been acknowledged by Microsoft along with Kaspersky and Mandiant, again.

New blog post is up, exploring detection options for some recent In- the- Wild Windows LPE 0- days elastic.co/security-labs/…

Two days later, we'll discuss 10 ITW Windows CLFS exploits at the Off-By-One Conference. This summary of a two-year journey will include references to others' work and new details not previously disclosed. Attendees will gain a more comprehensive understanding of these crazy exploits.

Big changes to one of the most targeted attack surface in Windows - techcommunity.microsoft.com/t5/security-co…

Today, I saw that Microsoft has introduced targeted mitigation for CLFS, which indicates that the attacks against CLFS have come to an end. Below is our talk from this year's Off-By-One conference on in the wild CLFS exploits over the past two years. youtube.com/watch?v=tOwSet…

Too lazy to archive my presentation slides, but I finally did it, including the slide on CLFS from the Off-By-One 2024 conference, and the awesome 010 Editor Template to parse CLFS Log file (.blf) by Mas0n github.com/jq0904/Confere…

Another ITW Windows CLFS nday exploit, patched on 2024.08, maybe CVE-2024-38196? virustotal.com/gui/file/c3265…

Happy April Fool's Day! For anyone looking for in-the-wild samples for CVE-2024-9680 & CVE-2024-49039 fullchain in Firefox, here is one of them(with some missing information): virustotal.com/gui/file/e0017…