Quickly Confirmed! Sunjoo Park (aka grigoritchy) used a logic bug to execute code on the underlying OS through #Parallels. He wins $40,000 and 4 points towards Master of Pwn. #Pwn2Own

Parallels Desktop 17 VM Escape youtu.be/n8CWw_HIpfs

I don't know what is a CVE number for my spooler EoP 0-day that i discovered last year. Anyway It was patched by microsoft tuesday patch, So I'm sharing this PoC one of the bug that listed on the screenshot for spooler EoP here: github.com/grigoritchy/po…

Pwn2own 2023 is coming in now. This pwn2own season remind us that we pwned microsoft teams (unfortunately we failed in real round). Here is our first blog post about our journey of pwn2own 2022 microsoft teams RCE. blog.pksecurity.io/2023/01/16/202…

Root Cause Analysis - CVE-2023-32439 Webkit in the wild bug blog.pksecurity.io/2023/07/07/cve…

Hello, Android!

PKSecurity 에서 같이 일하실 분을 모집합니다! 하시게 될일은 아래중 하나 입니다. 웹해킹 안드로이드 해킹 윈도우 해킹 지원방법: [email protected] 메일로 자유형식 이력서 보내주세요

First time in Spain. Realized that they use vim for cleaning something. It’s true for me, i use vim too for cleaning my spaghetti code ;)

Found two Samsung exynos kernel bug a month ago. Samsung seems using minor security update website for the exynos device since this year. semiconductor.samsung.com/support/qualit…

I've had experience on blockchain 1 years ago, which was new area for me, did bounty on Immunefi and rewarded. Was good experience for learning new thing :) I've set my wallet address to FTX for reward and remained it, but FTX is now.. anyway writeup is: github.com/grigoritchy/po…

My linux kernel netfilter OOB read bug CVE-2023-39192 is finally patched. github.com/grigoritchy/po…

It is interesting to see similar shift/unshift race condition issues that i found and exploited webkit in 2018 (github.com/grigoritchy/un…) are exploited on safari, chrome these days as an in the wild bug

Getting root of Huawei p60 pro(103.1.0.132) with 1-day kernel vulnerability. Completely locked down, an unavailable of panic logs and can't find the firmware image matching to my device were really tricky managing to.