Leaking the email of any YouTube user for $10,000 brutecat.com/articles/leaki…

Our latest deep dive explores libarchive vulnerabilities under recent Windows 11 updates. 🔍🔓 Check out NiNi's (NiNi) technical write-up for key insights and security implications. Read more here: devco.re/blog/2025/02/1… #VulnerabilityResearch #Cybersecurity

Inspired by Stephen Sims , I decided to dig into🛡️Windows Defender Exploit Guard myself. Here is the Part-1 of "Reversing Exploit Guard" series, where I break down how it hooks critical functions and defends against stack pivoting. mrt4ntr4.github.io/Exploit-Guard-…

Exploring Heap Exploitation Mechanisms: Understanding the House of Force Technique #HeapExploitation #HouseOfForce #MemoryAllocation #HeapChunks #ReallocationMechanism darkrelay.com/post/exploring…

I'm excited to share that my paper on using LLMs for reverse engineering firmware is now online! Do you want to use LLMs for reverse engineering? Check it out: arxiv.org/abs/2503.03969

I've published a write-up on reversing and analyzing Samsung's H-Arx hypervisor architecture for Exynos devices, which has had a lot of changes in recent years and pretty interesting design. Hope you all enjoy :) dayzerosec.com/blog/2025/03/0…

[#Zer0Con2025] - SPEAKER 🔟 💁‍♂️Manfred Paul - PAC2Own: From Bug to Shellcode in modern Safari

🚨 New advisory was just published! 🚨 An out-of-bounds write vulnerability in the Linux kernel achieves local privilege escalation on Ubuntu 22.04 for active user sessions: ssd-disclosure.com/ssd-advisory-l…

👀 "Sending Me Your IOUserClients: A Bypass to Immovable Ports" "SPTM's Page Protection Battle Against Kernel R/W Attacks"

hackerone.com/reports/2900606 ps5 kernel exploit

Excited to join Stephen for a stream on Linux kernel fuzzing! 23.05 8 pm CET / 11 am PT

I've released a blog series about modern Linux kernel exploitation, where you can learn some advanced techniques used in real-world kernel exploits. Enjoy! r1ru.github.io/categories/lin…

An analysis of CVE-2024-44236 - an RCE in macOS due to the lack of proper validation of “lutAToBType” and “lutBToAType” tag types. Read the details, see the source code review, and get detection guidance at zerodayinitiative.com/blog/2025/5/7/…

I wanted to end last year with a vm escape, took me a bit longer but I want to present you my latest public research: A VM escape in Oracle VirtualBox using only one integer overflow bug! This was fixed in April 15 and assigned CVE-2025-30712. github.com/google/securit…

Slides and fuzzer code from the Fuzzing Linux kernel modules stream are now live: github.com/sl4v/hfsplus-k… Thanks again to Stephen Sims for hosting!

Extracting Embedded MultiMediaCard (eMMC) contents in-system. ZDI researcher Dmitry Janushkevich details how to interact with an eMMC chip and notes some pitfalls you may encounter on the way. zerodayinitiative.com/blog/2025/6/18…

Hoàng Hải Long 🇻🇳, one of our juniors shared his kCTF exploit and the lesson learned: digging through unreproducible Syzkaller reports for gold. qriousec.github.io/post/cve-2023-…

Writeup for my first kCTF - CVE-2023-52927😋 seadragnol.github.io/posts/CVE-2023…

I've discovered via code review: 2 zero-click RCE logic bugs in Linux kernel Bluetooth & userspace (late 2024). Exploitable to register rogue HID w/o auth. One allows bonding w/o confirmation, bypassing CVE-2023-45866 Marc Newlin patch. Details: ubuntu.com/security/CVE-2…

We dissect a DFG compiler bug we discovered in Safari/WebKit. This post covers root cause, impact, and technical analysis: blog.exodusintel.com/2025/08/04/oop… #WebKit #VulnerabilityResearch #ExploitDev #Safari #CyberSecurity #ExodusIntel