Sneak peek under the hood of Electra's kexecute blog.binary.house/2018/10/sneak-…

Want a free Safari 0day? (Ok, it's actually a 1day because it's fixed in the latest WebKit version, but it still works in the latest version of Safari) Then go to github.com/LinusHenze/Web… Please don't do evil stuff with this.

Crashing linux libraries with Richard Johnson at #HITB2019AMS

scriptjunkie (Matt) * Posting about vulnerable boxes that were found via Shodan isn't hacking. * The phrase "The 'S' in IoT stands for Security" was funny once, but is now annoying. * Passing the OSCP is equivalent of learning how to ollie on a skateboard. * Follower count != skill level.

Let Saar Amar preach!

And we're live! 🎥 #OBTS v3.0 live-stream: youtube.com/watch?v=Zt3Hxo… Join us!

“Take Down MacOS Bluetooth with Zero-click RCE” by 360 Alpha Team blogs.360.cn/post/macOS_Blu…

Bored in isolation? Do not despair! #OffensiveCon20 videos are now up! youtube.com/playlist?list=…

A daily reminder that CVSS is random numbers, from this recent bug analysis:

[plz RT for range] A soft DEADLINE for article submissions for Issue #7 of Paged Out! has been set: 30 June 2025 We're looking for articles on literally everything that's computer related, technical, and nerdy. As always: 1 page limit :) More info: pagedout.institute

Many iOS/MacOS sandbox escapes/privescs due to unexpected shared memory-backed xpc_data objects bugs.chromium.org/p/project-zero…

Apple has published the 10.12.6 source: opensource.apple.com/release/macos-…

2000: Facial recognition tech is going to enable the surveillance state and be the end of privacy/anonymity 2017: I am a cat

Awesome work, and I really like that they provide general insights to go along with the attack research results. x.com/dwizzzleMSFT/s…

In December 1932, Polish Cipher Bureau mathematicians Henryk Zygalski, Jerzy Rozycki, and Marian Rejewski first solved the Enigma code. Their success enabled the British to read encrypted German messages during WWII, contributing to Allied success: bit.ly/2BtnpB1

I wrote a paper titled "Weird machines, exploitability, and provable unexploitability", which is slated to be published in TETC and is which now available on IEEE preprint site: ieeexplore.ieee.org/stamp/stamp.js…

Latest blog from AbdulAziz Hariri and Wandering Glitch detail a #VMware guest-to-host escape used at #Pwn2Own 2017. The exploit chain finished with an uninitialized buffer & earned $105K. Will we see more escapes at this year's contest? #StayTuned bit.ly/2t5afep

antisnatchor “Pen testers who can’t write or read code” is a thing because companies go with the low bid on RFPs. This leads to quantity over quality, where the pen test company is forced to only ever hire and retain new talent who simply don’t have skills.

Kudos to gnu for providing useful, actionable information and preventing the build-up of hype.