This is what I've been doing for the last few weeks! I'm trying to write a hypervisor-based fuzzer to fuzz linux userspace binaries at native speed while having fast memory resets and code coverage github.com/klecko/kvm-fuzz

Choose your fighter (Advent of Code)

¡Preparados, listos, apunta la fecha! 📆 La VI edición de #HackOn está a la vuelta de la esquina. Anotad el 22/02/2024 en vuestros calendarios. ¡La cuenta atrás ha comenzado! ⏳ #HackOn2024

🚨Confirmamos cuarto taller🚨 Daniel Monzón (stark0de) y Diego Palacios (DiegoAltF4), alumno del grado de Ingeniería de la Ciberseguridad, impartirán un taller utilizando la técnica Fuzzing para el crasheo de programas. 👨‍💻 Gracias por participar en la #HackOn2024.🎉

Empezamos a calentar motores para #HackOn2024 🔥, por eso sorteamos 1 entrada para la /RootedCON de Madrid. Para participar debes: 📝Seguirnos HackOn 🔁RT 🗓️Asistir el día 22 al evento Tienes hasta el día 21 de febrero para participar. ¡Suerte a todos!🍀

Manfred Paul’s Firefox renderer bug is a beauty that takes advantage of an optimisation implemented just 3 months ago. Let’s break it down!

This looks like a candidate for Chrome v8 0day bug used by Manfred Paul in his Pwn2Own 2024 exploit (CVE-2024-2887, just patched in Chrome stable 123.0.6312.86/.87) wasm module decoder had a missing check of type section size in a branch of DecodeTypeSection, easy to spot manually:

Keep calm and Qemu on!! If you want to see how to exploit a vulnerable PCI device and escape from Qemu, take a look at the writeup that DiegoAltF4 and dbd4 have prepared about their HackOn 2024 challenge. zeroclick.sh/posts/quememu-…

New post is up!! . Tired of not solving FSOP challenges on the latest libc? You don't need to look any further;) Intro to FSOP exploitation and House of Paper by k4kii zeroclick.sh/posts/fsop-int…

Easy right? Well then here is the writeup for a CTF pwn challenge that requires both linux heap and FSOP exploitation techniques. k4kii is the creator of both the challenge and the write up. zeroclick.sh/posts/la-casa-…

Check this out. Some friends and I decided to set up a blog. Hope you like it, feedback is welcomed :)

Patch candidate for Chrome v8 Use-after-free to RCE bug (CVE-2024-3914) exploited by Xion at Pwn2Own 2024 Vancouver against both Chrome and Microsoft Edge. Patched in Chrome 124.0.6367.60/.61 This is not "quite" v8 - it's kinda blink reachable from v8. Classic array neutering

Beyond Android MTE: Navigating OEM's Logic Labyrinths by @patateqbool maxpl0it Mateusz Fruba and G. Geshev now live!

🚀 New blog alert! 🚀 Dive deep with our latest posts: 🍎 "TCC Overview and Internals" - Learn how one of the main macOS protections work 🐝"Intro to Development Using eBPF" - Start your journey with eBPF and Docker! Hope you enjoy the new content made by Ismael

🚨🚨ATENCÓN🚨🚨 #HackOn2025 ya tiene fecha oficial🎉. Por primera vez, el evento tendrá lugar durante dos días: 28 de febrero y 1 de marzo ⏳Próximamente comunicaremos más novedades de esta edición⌛️

I've written a post on SELinux and some public bypasses for Android kernel exploitation. It's especially relevant for Samsung and Huawei devices due to their use of hypervisors. Check it out here: klecko.github.io/posts/selinux-…

🚀 We're back with a fresh blog redesign! Dive into DiegoAltF4's latest post, which offers an in-depth analysis of CVE-2023-22098, including a reliable PoC to escape VirtualBox. 🛠️ Unleash your virtualization magic now! Link below ⬇️

me he creado un canal de youtube donde subo vlogs, charlitas y demás :) os agradecería mucho que le dierais amor🤍 link abajo

We'd like to welcome 👋marce as our latest Application Security Intern. Welcome aboard! 🎉 #doyensec #appsec #internship

We'd like to welcome our newest addition Marcelino Siles Rubia (marce)! Another success story from our #internship program! The future of #appsec is looking bright 😎 at #doyensec!