In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled. github.blog/2024-03-18-gai…

Our first keynote from Natalie Silvanovich is live! Want to find fully-remote bugs? Learn more about her workflow and lessons learned from a true expert in the field. Bonus: during the Q&A you can learn that even just finding a single obscure file format can be what it takes to find a

Another must-watch talk from RE//verse 2025 is live! Zion Leonahenahe Basque challenges decompilers to step up their game and introduces a roadmap for a practical solution to solve some of the trickiest compiler behavior's to analyze. Check it out here: youtu.be/VP29biKLoSw

If you'd like to get started in ROM recovery, this tutorial starts you off with the GameBoy's ROM as a photograph. By the end, you have its bytes and disassembly. github.com/travisgoodspee…

Slides of my talk at #Zer0Con2025! ⚡️ Kernel-Hack-Drill: Environment For Developing Linux Kernel Exploits ⚡️ I presented the kernel-hack-drill open-source project and showed how it helped me to exploit CVE-2024-50264 in the Linux kernel. Enjoy! a13xp0p0v.github.io/img/Alexander_…

About to celebrate Easter with your family but don't know what to talk about at the table? Then don't lose time and read our new article about RPAC! blog.epsilon-sec.com/cve-2025-31201…

Gave a talk on external fuzzing of Linux kernel USB drivers with syzkaller at SAFACon by SAFA Team. Includes a demonstration of how to rediscover CVE-2024-53104, an out-of-bounds bug in the USB Video Class driver. Slides: docs.google.com/presentation/d…

First time in Singapore last week, for Off-By-One Conference ! Great event with good talks. I had an amazing time, and met some really nice and smart peoples. Thank to starlabs Off-By-One Conference for such event, and obviously RandoriSec which made it possible for us to go there !

❤️RandoriSec is sponsoring the 2025 edition !

Our OffensiveCon talk on stateful baseband emulation (and how improper string handling led to baseband RCE) is available on YouTube: youtu.be/zoAITq7jUM8. It has been a pleasure; awesome conference, brilliant people. Slides and paper: danielklischies.net/research/baseb…

"Why is my exploit taking 10 minutes?" *checks logs* *sees 10,000 kernel warnings* "...oh" 💡 Fresh Friday night read: our intern, Tan Ze Jian, on Mali exploitation - sometimes the fix is simpler than you think! starlabs.sg/blog/2025/05-g…

Our new blog post is live: blog.dfsec.com/ios/2025/05/30…

Extracting Embedded MultiMediaCard (eMMC) contents in-system. ZDI researcher Dmitry Janushkevich details how to interact with an eMMC chip and notes some pitfalls you may encounter on the way. zerodayinitiative.com/blog/2025/6/18…

Exploit write-ups for our 🚨latest 0-day🚨and the tragedy that swept the red black tree family dropping soon 👀 Here is a tiktok style video for those of you with no attention span thanks to slop and social media. Turn on the audio!!!

Hexagon Fuzz: Full-System Emulated Fuzzing of Qualcomm Basebands by srlabs srlabs.de/blog-post/hexa…

Had a great time presenting at REcon this weekend - always amazing meeting everyone and sharing research 🙌 For those that missed the conference, or just want to review my WhatsApp work, feel free to read the slides here & hmu if you have questions! docs.google.com/presentation/d…

Documented instructions for setting up KGDB on Pixel 8. Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc. xairy.io/articles/pixel…

The two bytes that make size matter: Reverse engineering Apple's iOS 0-click CVE-2025-43300 improved bounds checking fix, by Madimodi Diawara blog.quarkslab.com/patch-analysis…

My research on CVE-2025-38352 (posix-cpu-timers TOCTOU Race condition) which was released in Android Sept 2025 Bulletin, covering the internals, the patch-fix, vulnerability analysis, and a demo of a PoC that caused a crash in the Android kernel. Blog: streypaws.github.io/posts/Race-Aga…

A technical look at GrapheneOS Hardened Malloc, a memory allocator designed to mitigate heap corruption vulnerabilities (UAF, overflows) and break common exploit primitives. Deep dive for security researchers & exploit developers by nicoski synacktiv.com/en/publication…