After seeing the reviews for DOOM: The Dark Ages, id Software has just achieved legendary status once again. I’m so fucking hyped next week 🙌 #doomthedarkages #doom

I am excited to say my talk at Black Hat USA 2025 was accepted where I will be sharing my recent research on kernel-mode CET as well as KCFG on Windows!

Good morning! I just published a blog post about a KASLR bypass that works on modern Windows 11 versions. It leverages Intel CPU cache timings to exfiltrate the base address of ntoskrnl.exe. I hope you like it! r0keb.github.io/posts/Bypassin…

I don't wanna sound like a hater, but I'm really getting tired of everyone yappin about AI. If you take AI and put it in your shitty product, congratulations. You now have a turd with a sticker on it. It's still a turd

Some teasers for the upcoming Kali Linux i3 revamp/redesign I've been working on for a while now: cc: Kali Linux

I published blogs detailing two vulnerabilities I recently discovered in Sudo. Update to 1.9.17p1. CVE-2025-32462 - Sudo Host option Elevation of Privilege Vulnerability stratascale.com/vulnerability-… CVE-2025-32463 - Sudo chroot Elevation of Privilege Vulnerability

Perhaps one of the most badass CVE's I've ever seen from neils 💪😤 cisa.gov/news-events/ic…

Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published. This vulnerability is still not patched. Here's the story:

A software-defined radio can derail a US train by slamming the brakes on remotely dlvr.it/TLw23q

We're excited to announce a new session of our Asynchronous Training: The Fundamentals of Browser Exploitation!💻💥🌐 📆Start Date: September 15th, 2025 🗺️Location: Remote / Self-Paced ✈️Booking and full info: ret2.io/trainings

After months of responsible disclosure, Karan and I are releasing our research on Netskope CVE-2024-7401. We wanted to give organizations and Netskope enough time to patch and remediate this vulnerability. Here is the article: quickskope.com

Wrote a BOF to tamper with process handles in the kernel with BYOVD Allows you to open a low privilege handle to something like notepad and turn it into a full access handle to LSASS and dump credentials, bypassing PPL in the process github.com/ColeHouston/th…

HOW MANY ENERGY DRINKS DID IT TAKE TO PASS #OSEE YOU ASK????

Exploit Developers, Red Teamers, and Malware Enthusiasts gather around. For next week I will be demonstrating Sickle Black Hat at Arsenal! I also bear gifts for those of you who attend (while supplies last).

I have released all my prep notes prior to obtaining the #OSEE from OffSec. This includes material consumed before the AWE and after! You can find a link to it here: github.com/wetw0rk/AWE-PR…

I officially posted my review on the #AWE course and #OSEE certification. This goes in conjunction with the AWE-PREP repository I published last week. You can find it here: wetw0rk.github.io/posts/advanced…

the recording of my talk on the Black Hat show floor is up on yout00b :) youtu.be/whhOYRWd_rs