CROWBAR: Natively Fuzzing Trusted Applications Using ARM CoreSight link.springer.com/article/10.100…

I think I'm finally prepared for my first talk at DEFCON! #DEFCON32

We found a CPU bug that allows an arbitrary physical memory write, thus allow to *read* and *write* the memory for every process! Check out the website for more details: ghostwriteattack.com

Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code

I meet stacksmashing and LiveOverflow 🔴 at their awesome hextree.io hardware glitching lab! #defcon32

My talk at DEF CON on hacking into Apple's ACE3 chip will be in 45 minutes on track 3! And it just got better: At Black Hat I learned that Apple will not fix an issue I found, so I will show off a cool way to hack the ACE2 - ever bitbanged SWD through the macOS kernel?😎

My talk at @defcon32 on exploiting nftables to earn the kernelCTF bounty will be in 30 minutes on the Warstories track! Feeling a bit nervous before going on stage, hoping it goes well!

🔒 Exploiting memory corruption bugs in server-side software is no easy feat, especially when you're working blind without source code or binaries. See how we used a technique dubbed "Conditional Corruption" to achieve this. bughunters.google.com/blog/622075742…

First blood🩸

amd.com/en/resources/p…

r00tkitsmm.github.io/fuzzing/2024/1… TL;DR I Implemented a super reliable macOS kernel binary rewriting to instrument any KEXT or XNU at BB or edge level.

It's known that we got hired by Raspberry Pi to try to hack the RP2350 - and now, as the hacking challenge has come to an end, we can also share that we succeeded in doing so!

To date, I have published 15 articles (1045 pages) with the strict goal of helping the cybersecurity community. ERS (439 pages, so far): [+] ERS 05: exploitreversing.com/2025/03/12/exp… [+] ERS 04: exploitreversing.com/2025/02/04/exp… [+] ERS 03: exploitreversing.com/2025/01/22/exp… [+] ERS 02:

Inspired by Seth Jenkins's cool research on the adsprpc driver in Android, I took a deep dive into the codebase and documented the internal workings of the Qualcomm DSP Kernel Driver (FastRPC implementation). Blog: streypaws.github.io/posts/DSP-Kern…

Whoah... $250000 (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%) issues.chromium.org/issues/4125787… issues.chromium.org/issues/4125787…

holy shii, someone from perfect blue x BlueWater used an background AI agent solve a LiveCTF challenge while that player was still working on it. youtu.be/TYn38VfmDRU?t=…

Made a pwn challenge for this year’s HITCON CTF, which required participants to bypass PAC, BTI, and deal with relative vtables. Here’s the write-up: bruce30262.github.io/hitcon-ctf-202… Check it out if you're interested🙂

Visiting NCC Group’s blogs right now feels like a CTF challenge: decipher the mangled text while dodging XSS pop-ups. Better to use web archive to see the original content but they have even changed the URLs! Example: nccgroup.com/research-blog/… The fox-it.com etc are

I just solved the strangest tech problem I've ever come across. My wifi kept dropping packets, confirmed by ping. It would look something like the first image (packets dropping, then it comes back to life). After a while the connection would just stop working completely and drop