Samsung Mobile Security Rewards Program We've increased the maximum payout by five times, resulting in a maximum rewards of $ 1,000,000! We are waiting for your report!! security.samsungmobile.com security.samsungmobile.com/securityPostDe… security.samsungmobile.com/securityPostDe… security.samsungmobile.com/securityPostDe…

#BHUSA The topic, "Super Hat Trick: Exploit Chrome and Firefox Four Times", between me and Zhenghang has come to an end. Thank all the audiences on the spot for participating in our topic sharing. The white paper and PPT are now available to the public. blackhat.com/us-24/briefing…

A ticking time bomb in your Linux kernel? 💣 That's what CVE-2023-2163 could have been. Our team uncovered and neutralized this critical eBPF vulnerability. Our blog post covers the root cause, the fix, and potential impact. bughunters.google.com/blog/630322602…

Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code

Introducing a fun class of security bug I call “Mishandled Hardware Specification”. It may arise only at the hardware-software boundary due to software developer’s misunderstanding of a documented hardware behavior. I see instances in hypervisor core code (VMM attack surface /

40 page whitepaper on Exploiting Sonos One Over-The-Air talk! nccgroup.com/media/uzbp3ttw…

🚨 New advisory was just published! 🚨 A Chrome RCE has been disclosed during TyphoonPWN 2024. The vulnerability stems from a JS-to-WASM conversion function which leads to a type confusion between arbitrary WASM types. Credit: Seunghyun Lee (Xion). ssd-disclosure.com/ssd-advisory-g…

In this post I'll use CVE-2024-5830, a bug in object transitions in Chrome to gain RCE in the Chrome renderer sandbox: github.blog/security/vulne…

v-v.space/2024/08/19/CVE… Check my blog about Windows secure channel RCE analysis, though MSRC thought it's a DOS. By the way, I'm not the finder. Share for studying

Allocating new exploits Pwning browsers like a kernel & Digging into PartitionAlloc and Blink engine phrack.org/issues/71/10.h…

Excited to share our research on Kernel Streaming! We discovered several vulnerabilities in it that we used at Pwn2Own this year. Check it out: devco.re/blog/2024/08/2…

I translated the presentation from Russian, now in English github.com/xv0nfers/V8san…

Want to try out time travel debugging (TTD) but always been too scared to ask? Good news, this post walks through getting started with Binary Ninja's TTD workflow. It also shares some of my advanced tricks that make TTD even more of an RE cheat code 👀 seeinglogic.com/posts/binary-n…

[Research] Hyper-V 1-day Class: CVE-2024-38080 이번 연구글은 Hyper-V LPE 취약점인 CVE-2024-38080 patch diffing, poc 작성입니다. 익스플로잇은 못했습니다 🥲 hackyboiz.github.io/2024/09/01/pwn…

[POC2024] SPEAKER UPDATE 8⃣ 👤 Thach Nguyen Hoang 🇻🇳 - "VMware Workstation: Escaping via a New Route - Virtual Bluetooth" #POC2024

We've updated our blog on abusing file deletes to escalate privileges. We've also released PoC to demonstrate this. The exploit offers a high degree of reliability and eliminates all race conditions. It has been tested on the latest Windows 11 Enterprise. zerodayinitiative.com/blog/2022/3/16…

Fuzzing from First Principles with Alisa Esage x.com/i/broadcasts/1…

[Research] Hyper-V 1-day Class: CVE-2024-38127 이번 연구글도 Hyper-V LPE 취약점 분석입니다. CVE-2024-38127의 patch diffing, poc에 대해 다루었습니다 🧐 hackyboiz.github.io/2024/09/15/pwn…

New writeup from ꙅɿɘƚɔɘqꙅ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate. Full disclosure: samcurry.net/hacking-kia