Refreshed my Teaserbook of vulnerability research with my recent updates on Qualcomm bb, nginx, Hyper-V, RDP, Android Kernel, and Firefox Time to start writing exploits, no? x.com/i/moments/9785…

During #DEFCON Quals we discovered CPU-level errata... and then we exploited it: blog.ret2.io/2019/06/26/att… #Intel #TSX #shellcoding

Decided to take @[email protected]'s nday and write a full exploit for it. Here is a exploit for iOS 12.3.1 doing SOP bypass via arbitrary read/write

Coming soon to Burp Suite ... WebSockets in Burp Repeater

Nintendo ROM reversing sounds like FUN! Are you ready for the 6th Annual FLARE-On Challenge? @FireEye nickharbour fireeye.com/blog/threat-re…

Big news! I bypassed Google's search limiting CAPTCHA! No proxies, no delays and it always works! Writing a python library, brb 🔥 Meanwhile, suggest a good name for the library.

On Wednesday we'll update Burp Suite with a scan check for a massively overlooked vulnerability class that James Kettle will unveil at #BHUSA. This issue is very widespread in modern web stacks and often has critical consequences. blackhat.com/us-19/briefing…

Oh, great! #67. Francesco Mifsud we did it! What a great team work. Too bad Microsoft Security Response Center could not include your name in front of mine. Such a great journey!

We just finished delivering our DEF CON workshop about Kerberos delegation attacks. As promised, here's the slide deck for those that couldn't attend: shenaniganslabs.io/2019/08/08/Wor…

SQLite Code Execution using an arbitrary database. research.checkpoint.com/select-code_ex…

I'm writing simple chrome v8 exploit tutorial on my github :) Although i'm not very good at Browser exploitation and didn't complete this tutorials, yet, but i hope this one will be helpful for someone. I will make 4 ~ 5 types exploit tutorials ! github.com/vngkv123/aSiag…

#Windows #ProcessInjection: KnownDlls Cache Poisoning – modexp modexp.wordpress.com/2019/08/12/win…

I made a subleq (esoteric one instruction computer) interpreter in ROP for the ropship challenge at Overflow's DEFCON CTF Finals, and an assembler that made it reasonable to write programs against github.com/lunixbochs/sub…

#flareon6 Solve the full version of Memecat Battlestation and bypass the first level of this year's flare-on challenge, which is the demo version of this awesome game. flare-on.com/BHUSA2019.zip password "BHUSA2019"

I'm publishing some 🔥 research today, a major design flaw in Windows that's existed for almost *two decades*. I wrote a blog post on the story of the discovery all the way through to exploitation. googleprojectzero.blogspot.com/2019/08/down-r…

As promised, posting the next lazy write-up, this is how I went from Git to RCE. Bounty: $3500 #bug #bughunter #bugbounty #bounty If you enjoy these and want to see more, I will be posting others soon again.

If you need a fast/light way to instrument and save each instruction (with general purpose & r/e flags) in all levels of execution (User-mode/Kernel-mode/Hypervisor) then use my new customized version of QEMU. github.com/SinaKarvandi/m…

Ransomware is now your biggest online security nightmare. And it's about to get worse ow.ly/KZsg30qUqOF

‼️ Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027) 🔥 #MobileSecurity #AndroidSecurity by CENSUS census-labs.com/news/2021/04/1…

Tap the link and join the game where you can mine crypto via DePIN by scanning networks! Use my code 19e0446d and get 25K Data Chips as a gift: chirptoken.io/kage