🏅 Congratulations to our very own Kasif Dekel (Kasif Dekel) – Top 5 on the 2021 Q3 Microsoft Security Researcher Leaderboard!

Found a fun bug with CodeQL by accident Now there's a bit of a writeup to go with it!

Kudos Assaf Carlsbad and liba2k!

Found three VirtualBox vulnerabilities earlier this year. 2x Heap Overflows and 1x OOB read. Pretty great to get this post out! Come learn about emulated network offload bugs

🔥New on SentinelLabs! 25 CVEs and counting: Vulnerabilities in #AWS & other major #cloud services. Kasif Dekel's latest research reveals millions of cloud users are exposed to privilege escalations from bugs in shared driver software. sentinelone.com/labs/usb-over-… #cybersecurity

Cool Metasploit Project module by Jacob Baines :D github.com/rapid7/metaspl…

As always, awesome research done by my teammate maxpl0it!

Sorry about that Chuanda Ding & James Forshaw, I reported a LPE vulnerability and they decided to remove it. Hoped they'd release a fixed version. I find DeviceTree useful too and you can find a signed version in the repo alongside with the vuln details: github.com/kasif-dekel/OS…

Nice exposure! I actually tweeted about it like 3 years ago x.com/kasifdekel/sta…

- Use-after-frees from JIT - CodeQL for variant analysis - Never-before-seen exploit primitives - Tenured heap tomfoolery I’ve packed just about everything in this post!

Recent research that Ronen Shustin and I worked on. Users are advised to patch their systems ASAP!

I was recorded running in this video :0

A cool research project that Ronen Shustin and I worked on during 2021.

Honored to be listed in Microsoft Most Valuable Researchers 2022 🙃.

Thanks Microsoft Research !

We discovered a container escape vulnerability in the @NVIDIA Container Toolkit. It allows attackers to gain full access to the host's filesystem and achieve Remote Code Execution (RCE). Here's everything you need to know about CVE-2024-0132 🧵👇

Funny lil thing I had to check. #WhatsApp `secret chat` feature isn't as secure as you'd hope. Found a funny way to easily bypass it. It’s supposed to provide local/physical protection to your convos but don't trust it with your super secret convos! 😅. Report dismissed by #Meta.

This was a huge effort from the team. With every small primitive we discovered, we got closer—until we finally landed a full unauthenticated RCE. I had a ton of fun working on this research. ☸️👇

We (+Nir Ohfeld) found a critical vulnerability chain in NVIDIA's Triton Inference Server (CVE-2025-23319) that can lead to full Remote Code Execution (RCE). An unauthenticated attacker can remotely take over the server, a cornerstone of many AI/ML production environments. 🧵