And our whole team who made it happen!

Interested in what happens during DEF CON CTF? My yearly writeup of CTF's biggest competition is finally done: dttw.tech/posts/SJ40_7MNS Thanks again to Overflow for hosting, and my teammates on PlaidCTF for making this another thrilling competition!

We disabled 210 channels on YouTube when we discovered channels in this network behaved in a coordinated manner while uploading videos related to the ongoing protests in Hong Kong. blog.google/outreach-initi…

Learn how found and exploited SockPuppet for iOS 12.4, featuring a bonus collaboration with LiveOverflow! googleprojectzero.blogspot.com/2019/12/sockpu… youtube.com/watch?v=YV3jew…

After an EPIC battle for DEF CON CTF, with MULTIPLE lead changes throughout 32 hours of competition, A*0*E REMAINS VICTORIOUS  👑 PPP takes second place, behind by two points

Congrats A*0*E!!

0day privilege escalation for macOS Catalina discovered in the wild by Erye Hernandez support.apple.com/en-us/HT212825 We saw this used in conjunction with a N-day remote code execution targeting webkit. Thanks to Apple for getting patch out so quickly.

New: In August Google caught hackers using an old Mac exploit together with a zero-day that was published by a research group at a Chinese cybersecurity conference in April. The hackers were targeting Hong Kong users. vice.com/en/article/93b…

Google uncovered a sophisticated attack that leveraged both iOS & macOS exploits (n-/0-days) to infect Apple users! 👀 Interested in a triage of the macOS implant (named OSX.CDDS), including: ▫️ Installation ▫️ Persistence ▫️ Capabilities 📝 Have a read: objective-see.com/blog/blog_0x69…

Glad to be able to share some additional details on the campaign leveraging the macOS privesc (CVE-2021-30869) to install a new macOS backdoor blog.google/threat-analysi…

More technical details from Erye Hernandez and the team on last months exploit and the associated campaign. blog.google/threat-analysi… TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group.

#ESETresearch uncovers new Mac malware DazzleSpy, delivered using watering hole on a pro-democracy Hong Kong radio station website. Payload was launched as root without user interaction, using exploits for Safari and macOS. Marc-Etienne M.Léveillé Anton Cherepanov welivesecurity.com/2022/01/25/wat… 1/7

The exploit for Safari is quite complex and massive. I really wanted to understand exactly what the vulnerability was and how it was mitigated, so I dived into the world of browser exploits for a few days and tried to explain how leaking object addresses was possible.

😀 I am starting a fundraise for picoCTF. PicoCTF is free to everyone, and costs about $500k a year (🙀) to run. If you've had a positive experience with pico, please reply or DM. I'll use it in my fundraise pitch. Pls RT for awareness. #ctf #hacking

#oneisntenough have you registered? Wicked6Games KATZCY @CyberRiskLady Skelly DrReem Faraj AlShammari Mansi Erye Hernandez Women's Cyberjutsu Ann Johnson

Session 1 speakers are set for today's Wicked6games, don't miss your chance to register: hubs.li/Q016B3TH0 DrReem Faraj AlShammari|THE Mari Galloway | Cyberjutsu | International|julie agnes 🌈|Erye Hernandez|Asuka Nakajima | 中島明日香

PlaidCTF is proud to announce visionary innovation and the actualization of experience in the hacking space. We’re moving beyond the ordinary to usher in a new paradigm of pwning. Welcome to the future. Welcome to Plaidiverse. Join us on April 8 at plaidctf.com!

PlaidCTF, Theori (The Duck), and Maple Bacon are joining forces to play DEFCON as Maple Mallard Magistrates. Some PPP members also play on The Duck & Maple Bacon, so this allows all of us to keep playing on the same team. See you all at DEFCON finals!

MMM takes 1st at DEF CON CTF! Had a great time playing with our friends Maple Bacon and Theori as Maple Mallard Magistrates! 🍁🦆🗝 Great job to Katzebin, StarBugs, and all the other teams! And thanks to Nautilus Institute for organizing!