Finding and chaining 4 vulns to exfiltrate encryption keys from the Android Keystore on Samsung series A* devices. Did you miss the "Attacking the Samsung Galaxy A* Boot Chain" talk by Maxime Rossi Bellom and Raphaël Neveu earlier this year ? Talk && PoC || GTFO: blog.quarkslab.com/attacking-the-…

I published a post describing the exploitation process for CVE-2024-38193, a use-after-free vulnerability in the afd.sys Windows driver. Hope you enjoy it! :) blog.exodusintel.com/2024/12/02/win…

Sharing slides for another #blackhat EU 2024 talk of us: (Enhancing Automatic Vulnerability Discovery for Windows RPC/COM in New Ways) github.com/edwardzpeng/pr…

🎄 All I Want for Christmas is a CVE-2024-30085 Exploit 🎄 As always, we at starlabs are sharing what we learnt. This time, it's brought to you by Cherie-Anne Lee starlabs.sg/blog/2024/all-…

Think you’ve got what it takes to pop shells and snag your ticket to... RE//verse and Off-By-One Conference ? 😏 github.com/star-sg/challe…

Good tools are made of bugs: How to monitor your Steam Deck with one byte. Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming . A Christmas gift in February, brought to you by the amazing Gwaby 🫶 blog.quarkslab.com/being-overlord…

Bypass AMSI in 2025, my newest blog post is published 🥳! A review on what changed over the last years and what's still efficient today. en.r-tec.net/r-tec-blog-byp…

Hyper-v虚拟磁盘驱动vhdmp.sys漏洞汇总分析 bbs.kanxue.com/thread-285976.… [CVE-2025-24048致谢](msrc.microsoft.com/update-guide/e…) [CVE-2025-24050致谢](msrc.microsoft.com/update-guide/e…)

The fifth article (57 pages) of the Exploiting Reversing Series (ERS) is available on: exploitreversing.com/2025/03/12/exp… I would like to thank Ilfak Guilfanov Ilfak Guilfanov and Hex-Rays SA Hex-Rays SA for their constant and uninterrupted support, which have helped me write these articles over

My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp - googleprojectzero.blogspot.com/2025/03/blasti…

In our latest MindShaRE blog, renorobert describes how to use Binary Ninja’s MLIL to establish a data flow graph by tracing interactions between a specific memory allocation in order to find UAF bugs. He includes source code so you can, too. zerodayinitiative.com/blog/2025/3/20…

One Bug to Rule Them All: Stably Exploiting a Preauth RCE Vulnerability on Windows Server 2025 by zhiniang peng @ver0759 Zishan Lin i.blackhat.com/Asia-25/Asia-2…

3 milliseconds to admin — Our analyst John Ostrowski turned a DLL hijacking into a reliable local privilege escalation on Windows 11. He chained opportunistic locks, and API hooking to win the race to CVE-2025-24076 & CVE-2025-24994. Read his blog post: blog.compass-security.com/2025/04/3-mill…

After #flareon11 challenge 7, I got inspired to build tooling for #dotnet Native AOT reverse engineering. As such, I built a #Ghidra Analyzer that can automatically recover most .NET types, methods and frozen objects (e.g., strings). Blog:👉blog.washi.dev/posts/recoveri…

Technical analysis of CVE-2025-31201: reverse engineering the diff between iOS 18.4 and 18.4.1 to study the changes made to RPAC.: blog.epsilon-sec.com/cve-2025-31201… #iOS #apple #cybersecurity #reversing #pac #security #cve #vulnerability

A quick writeup on potential security issue of Windows LNK that I reported to MSRC last month. They decided to not fix due to relying on MOTW. In the blog I included the proof of concept. All you have to do is to Right-Click and get Info Disclosure :) zeifan.my/Right-Click-LN…

New blog post: Fuzzing Microsoft Defender's mpengine.dll using snapshot fuzzing (WTF, kAFL/NYX). We uncovered several out-of-bounds read & null dereference bugs that can crash the main Defender process on a file scan. Details -> labs.infoguard.ch/posts/attackin…

Out Of Control: How KCFG and KCET Redefine Control Flow Integrity in the Windows Kernel by Connor McGarr i.blackhat.com/BH-USA-25/Pres…

CVE-2025-21479 Meta Quest 3 privilege escalation Exploit poc - github.com/FreeXR/eureka_… #root #MobileSecurity #infosec #dfir

A great write-up of a VMware Workstation guest-to-host escape (CVE-2023-20870/CVE-2023-34044 and CVE-2023- 20869) exploit by Alex Zaviyalov has just been published!