Cool writeup by pepsipu showing how to build a complete ROP chain from one byte out-of-bounds write hackmd.io/@pepsipu/ry-SK… #infosec #cybersecurity #rop #exploit

Fantastic post by Cedric Chin "Malone was, essentially, a hacker: he stared deeply at the thicket of accounting rules, tax laws, and possible business moves, and found a strategy that exploited the structural realities he found in front of him."

This is one of the best videos I have seen in a long time and one that made me think quite a bit. It should help you understand how a long term investor (a real one) really thinks and why durability should be at the core. youtu.be/a4_U6bS-cU4

Published writeup and exploit for CVE-2022-20452, privilege escalation on Android 13 via Parcel use-after-recycle() github.com/michalbednarsk…

New Project Zero blog post in which I dissect Apple DER-encoded entitlements and tell a story about how I found a fun (albeit short-lived) bug in the way they were decoded. googleprojectzero.blogspot.com/2023/01/der-en…

Ian Beer released his proof-of-concept for CVE-2022-46689 (MacDirtyCow): bugs.chromium.org/p/project-zero… His exploit accomplishes two things I didn't know was possible: - writing the last byte in a 16k page - take over system daemons x.com/ProjectZeroBug…

UPDATED: The world's highest quality compounders ⬇️⬇️⬇️ * Thanks to everyone who commented on my previous post. This version reflects your suggestions.

Blog post #2 is now live! Who knew that null-derefs might still be an exploitable bug class in Linux kernel? 😲 googleprojectzero.blogspot.com/2023/01/exploi…

Security: WebAssembly UAF in catch block with stale memory start pointer (reward: $21000) crbug.com/1377816

High returns on invested capital are far more sustainable than high growth rates and thus this metric is more important than growth in determining valuation. By Intrinsic Investing intrinsicinvesting.com/2023/02/21/val…

Here are the resources for my talk "Racing Against the Lock: Exploiting Spinlock UAF in the Android Kernel" at offensivecon today. Write-up: 0xkol.github.io/assets/files/R… Slides: 0xkol.github.io/assets/files/O… PoC for CVE-2022-20421: github.com/0xkol/badspin #OffensiveCon2023

Paul Graham The key to the game: "Originality in choosing problems seems to matter even more than originality in solving them. That's what distinguishes the people who discover whole new fields. What might seem to be merely the initial step is in a sense the key to the whole game."

We found two 0-day vulnerabilities in @Ubuntu kernel and it all started by reading descriptions of old CVEs 📖 Thread about the discovery of #GameOverlay 🧵👇🏼

I'm heading to DEFCON & BlackHat in Vegas this week. If you're into iOS or Android vulnerability research, let's connect and meet-up.

In light of today’s news, I thought I would try to take a step back and provide perspective on what this is really all about. I first became concerned about Harvard University when 34 Harvard student organizations, early on the morning of October 8th before Israel had taken any military

How do synchronization primitives work during speculative execution? THEY DON'T! Disclosing #GhostRace (paper USENIX Security). We turn all arch. race-free critical regions of OS/Hypervisors into Speculative Race Conditions. Joint work VUSec IBM Research: vusec.net/projects/ghost…

In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled. github.blog/2024-03-18-gai…

Rough copy of the FORCEDENTRY code is now available. Most relevant code is here: github.com/jeffssh/CVE-20… Blog soon!

New blog post "Google: Stop Burning Counterterrorism Operations" My reflection on an incident where Project Zero and TAG knowingly shut down an active Western counterterrorism cyber operation, and the real-world harm that could have resulted from it. poppopret.org/2024/06/24/goo…

“Moat” is the perfectly wrong analogy for thinking about running a business. Connotes a defensive posture, fending off competitors, and continuing to earn return on old invested capital/time. Feels oriented towards the past. Amazon isn’t digging a trench It’s sharpening a spear