Thanks to events like Pwn2Own or our V8CTF (~= exploit bounty program), we now have more data about the types of bugs exploited in V8. Based on that, we've gathered some basic statistics: docs.google.com/document/d/1nj…

🔥 Last barrier destroyed: The compromise of Fuse Encryption Key in Intel CPUs! Full story by our researcher Mark Ermolov swarm.ptsecurity.com/last-barrier-d…

Sunday project: Running a virtual machine in an OpenCL kernel/shader to execute arbitrary code on the GPU. API calls and host memory R/W still has to trap into the CPU of course, but a fun exercise in GPU malware :3

I don't have OSCP—instead, I have OSEE! 🎉

qwerty and I exploited a VSock 1-day in Google kernelCTF back in *February*, securing $71,337 🥳 (CVE-2025-21756, exp237/exp249) And I’ve just published the write-up: github.com/google/securit… A kernel developer reviewing a patch for a separate VSock bug I submitted

Nice blog post! I remember using a non-network exploit chain that was custom to VMWare for the pgsql jdbc attack :-> github.com/sourceincite/h…

Fun fact: I will have an entry-level pentester opening on my team posted within the week. Come join the Mandiant Red Team! I'll post the link once it's public.

🔥 $400K for Chrome 0day – RCE & V8 Sandbox Bypass Wanted We’re actively acquiring high-value 0day vulnerabilities targeting Google Chrome, with payouts up to $400,000. 🎯 Targets of Interest - Chrome RCE (Remote Code Execution) — $400,000 - Chrome V8 Sandbox Escape / Bypass —

[BLOG] Dynamically Instrumenting Beacon with BeaconGate - For All Your Call Stack Spoofing Needs! cobaltstrike.com/blog/instrumen…

New blog post is out! We did some Windows reverse engineering here. Enjoy! ht3labs.com/Brokering-File…

I have done Parallel syscall technique in Rust. github.com/Whitecat18/Rus… Inspired by MDSec Research. #research #poc #rust

poc CVE-2025-21420 github.com/moiz-2x/CVE-20…

Since I haven't posted any exploit videos in a while, here's a macOS Tahoe LPE. 🐟

5 CVEs in libxml2 openwall.com/lists/oss-secu… CVE-2025-49794: Heap UAF DoS CVE-2025-49795: Null pointer dereference DoS CVE-2025-49796: Type confusion DoS CVE-2025-6021: Integer and Buffer Overflow in xmlBuildQName() CVE-2025-6170: Stack-based Buffer Overflow in xmllint Shell

🔥 Microsoft fixed CVE-2025-47955, discovered by our researcher Sergey Bliznyuk! This vulnerability allows a locally authenticated attacker to elevate privileges to SYSTEM via the Windows RasMan service. 🔗 Advisory: msrc.microsoft.com/update-guide/e…

Toolkit to turn Chromium vulnerabilities into full-chain exploits 👇🏻 github.com/Petitoto/chrom… #bsidesLuxembourg #offensiveOps

A toolkit to turn Chromium vulnerabilities into full-chain exploits github.com/Petitoto/chrom… From BSidesLuxembourg 2025 "Browser Exploitation: From N-Days to Real-World Exploit Chains in Google Chrome" pretalx.com/bsidesluxembou…

Great writeup linz04.github.io/2025/06/20/CVE…

#reversing Windows Inter Process Communication: A Deep Dive Beyond the Surface Part 1 - IPC Roadmap - sud0ru.ghost.io/windows-inter-… Part 2 - RPC Architecture Overview - sud0ru.ghost.io/windows-inter-… Part 3 - Handles and binding - sud0ru.ghost.io/windows-inter-… Part 4 - RPC Security -

Join me this Friday at 11AM on the next Off By One Security stream where I will diff a Microsoft patch from this year and see how far we get. We'll use tools like BinDiff and Diaphora and look at the process of determining the vulnerability. youtube.com/watch?v=_ZrHjo…