FuzzIL: Guided Fuzzing for JavaScript Engines by Samuel Groß offensivecon.org/speakers/2019/…

Thanks, Wandering Glitch! This is, undoubtedly, one of my all-time favourites. The exploit was quite an exciting one to pull off as well. 🐞

Full writeup on exploiting stephen's Math.expm1 typing bug in V8, from analysis of the bug to RCE. Definitely one of the most difficult bugs I've ever worked on. Enjoy! abiondo.me/2019/01/02/exp…

It looks like the code for Neuzz, a very cool new approach to fuzzing that uses deep neural networks to predict the coverage map for an input and then uses its gradients to focus fuzzing effort, has been released! github.com/Dongdongshe/ne…

Did you recently think what the fuzz is this fuzzing everyone's talking about? Here's a thorough introduction to fuzzing by Felix labs.mwrinfosecurity.com/blog/what-the-…

Here is my exploit for one of stephen 's TurboFan bugs related to an incorrect typing of String.(last)IndexOf JSCall nodes. github.com/JeremyFetiveau…

Project Zero blog: "The Curious Case of Convexity Confusion" by Ivan Fratric (Ivan Fratric 💙💛) - googleprojectzero.blogspot.com/2019/02/the-cu…

Join us in Bamberg to discuss about Ethics, IT Security, and Privacy (March 25–26). 13 speakers, 7 sessions, full program and registration (extended until March 11) at bamberg.canvas-project.eu

Jumping on the DHCP bandwagon: labs.mwrinfosecurity.com/advisories/win…

Fuzzilli, my JavaScript engine fuzzer, is now open source: github.com/googleprojectz… \o/ Keep an eye on the Project Zero bugtracker in the next few weeks for some of the bugs found with it. Also let me know if you encounter any problems when using it! :)

Here are the slides from the 35C3CTF talk I just gave: docs.google.com/presentation/d…

I wrote a thing about my macOS sandbox escape & LPE from Pwn2Own phoenhex.re/2019-05-26/att…

I have finally published a write-up of the Trinity exploit chain consisting of three stages and six different vulnerabilities! theofficialflow.github.io/2019/06/18/tri…

Ever wanted to hack a car? Break out of a hypervisor? Get over the air remote code execution on a baseband? MWR is looking for an offensive security researcher. careers.mwrinfosecurity.com/Jobs/Advert/16… #0day #pwn2own

The mwrlabs team demonstrated 9 bugs in our inaugural internal pwn2own - showing remote and local bugs in IoT devices and routers. Awesome stuff ☺️

Confirmed! The WithSecure Labs crew used an #XSS bug in the NFC component of the #Xiaomi Mi9 to exfiltrate data just by touching their specially made NFC tag. Their efforts earned $30,000 and 3 more Master of Pwn points. #P2OTokyo

Two security researchers went on a web app test and you won't believe what overflowed next: check out our new blog post "Prince of the Honeycomb" by pwnfl4k3s labs.f-secure.com/blog/prince-of…

You gotta be kidding Mi - We just published the Xiaomi Pwn2Own 2018 advisories, which were patched just before Pwn2Own 2019, for silent APK install in the Browser and WiFi categories by G. Geshev labs.f-secure.com/advisories/xia… and labs.f-secure.com/advisories/xia…

New blog post: CVE-2020-0022 an Android 8.0-9.0 Bluetooth Zero-Click RCE – BlueFrag insinuator.net/2020/04/cve-20…