Excited to see an application of applying LLMs for fully automated vulnerability discovery, thanks to larger context windows and code analysis capabilities (try with Claude, Gemini, others). Highly encourage more research in this space and use 11K+ fixed vulns from OSS-Fuzz to

Exciting news! 🚀 Just dropped my blogpost unveiling the universal Linux kernel LPE PoC for CVE-2024-1086 (working on v5.14 - v6.7) used for pwning Debian, Ubuntu, and KernelCTF Mitigation instances, including novel techniques like Dirty Pagedirectory 🧵 pwning.tech/nftables

I just published the long-awaited Part 2 to my PCIe blog post series - "All About Memory: MMIO, DMA, TLPs, and more!" This post also includes a companion experiment where I dive into what pcileech looks like over a PCIe protocol analyzer. Please enjoy! ctf.re/kernel/pcie/tu…

Flipping Pages: An analysis of a new #Linux #vulnerability in #nf_tables and hardened #exploitation techniques 🤩 pwning.tech/nftables/ github.com/Notselwyn/CVE-… infosec.exchange/@raptor/112171…

One problem with software security is that there are lots of materials explaining specific vulns or exploits but not many giving a broad structured overview in one place. This free book llsoftsec.github.io/llsoftsecbook/ on Low-Level Security for Compiler Developers aims to address this.

Exploiting a race condition in the GSM 0710 tty multiplexor in the Linux kernel (CVE-2023-6546) Credits Pikala github.com/Nassim-Asrir/Z… #infosec #Linux

Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu - Exodus Intelligence blog.exodusintel.com/2024/03/27/min…

I just released our kernelCTF VSock 0-day write-up with qwerty . (exp196/exp197, CVE-2024-50264) github.com/google/securit… We made history by being the first to exploit VSock in kernelCTF, expanding its known attack vectors. 🥳 It’s a pretty *simple* race condition, right?

"Invariant inversion" in memory-unsafe languages pacibsp.github.io/2024/invariant…

We're super stoked to publish this post. A huge shoutout to our former intern, rainbowpigeon who poured his heart & soul into this 7-8 months ago. It took us a bit to polish it up but we're incredibly proud of him. Dive in & let us know what you think! starlabs.sg/blog/2025/12-m…

Technical analysis of CVE-2025-31201: reverse engineering the diff between iOS 18.4 and 18.4.1 to study the changes made to RPAC.: blog.epsilon-sec.com/cve-2025-31201… #iOS #apple #cybersecurity #reversing #pac #security #cve #vulnerability

Pwning basebands is often seen as black magic, but it’s surprisingly easy to start... if you know how 😁 Practical Baseband Exploitation teaches you to reverse engineer basebands, find vulnerabilities, and program BTS to exploit them over-the-air. This year, the course is at

Want to learn about Chrome exploitation and the role of WebAssembly in it? In our new article, we'll break down the world of WASM, how it interacts with V8, and use CVE-2024-2887 as a case study to show how flaws in WASM can lead to RCE. Read it here: ssd-disclosure.com/an-introductio…

Page-Oriented Programming Linux exploitation techniques (USENIX Security) usenix.org/system/files/u… #infosec

Documented instructions for setting up KGDB on Pixel 8. Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc. xairy.io/articles/pixel…

From Chrome renderer code exec to kernel with MSG_OOB googleprojectzero.blogspot.com/2025/08/from-c…

finally got around to writing up my windows exploit from pwn2own vancouver 2024! (plus some notes about using it on xbox) exploits.forsale/pwn2own-2024/

Three parts series on Chrome Browser Exploitation (2022) Part 1: jhalon.github.io/chrome-browser… Part 2: jhalon.github.io/chrome-browser… Part 3: jhalon.github.io/chrome-browser… Credits Jack Halon #infosec #chrome

Security research 🕵️ and bug hunting 🐞 takes persistence and flexibility. This post details the rocky road to finding a VM escape bug (hint: involves hypervisor vulns, static analysis, and fuzzing). Join us on the quest 🧭! bughunters.google.com/blog/580034147… bughunters.google.com/blog/580034147…

Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154)  By: Ruben Enkaoua cymulate.com/blog/zero-clic…