I have recently been in the V8 vulnerability research/exploitation topic and in this post I will briefly talk about the key points at the very start of the study:

My sandbox bypass technique is now visible issues.chromium.org/issues/3383813…

New blog post about OSS-Fuzz AI-powered fuzzing is live! We talk about what went into making LLMs work well enough for this use case to find 26 new vulnerabilities (including a CVE in OpenSSL), as well as what else we have planned to make this better. security.googleblog.com/2024/11/leveli…

Windows Sockets: From Registered I/O to SYSTEM Privileges blog.exodusintel.com/2024/12/02/win…

Vulnerability research may feel directionless if you haven't yet worked out metaskill of strategy crafting, particularly scope narrowing. To deal with that, you may use existing bugs to serve as a glorified dice. For example, suppose there is an integer overflow in a regexp

This new Project Zero blog post is sick. It offers a glimpse into how folks do UAF in the "real world". (i.e. in the wild) You have to be smart about what to spray, etc. especially when you don't have a leak

Sharing our slides for #Blackhat EU 2024: Diving into Spooler: Discovering LPE and RCE Vulnerabilities in Windows Printer Driver github.com/edwardzpeng/pr…

Sharing slides for another #blackhat EU 2024 talk of us: (Enhancing Automatic Vulnerability Discovery for Windows RPC/COM in New Ways) github.com/edwardzpeng/pr…

A brief JavascriptCore RCE story by Lan Vu and An Nguyễn qriousec.github.io/post/jsc-unini…

The most elegant V8 Wasm Turboshaft typer exploit that I've reported. This primitive converts **any** Wasm type confusion in **any type hierarchy** into fully controlled arbitrary type confusion - e.g. what happens if you type `null : ref extern`? RCE :) crbug.com/372269618

Write-up of my v8 bug: Critical type confusion in V8's Turboshaft compiler allowed stale pointers to bypass GC, leading to exploitable memory corruption. Full details + PoC: bushido-sec.com/index.php/2025…

Haifei Li I ran probably the largest office fuzzing program in the world at one point We had 128 IBM blade systems fuzzing concurrently + office UI analysis @ 25k fuzzing attempts a minute, with crash analysis + crash confirmation + rewind + automated variation + user interaction

Hey there, Finally published the article on the exploit for CVE-2025-21333-POC exploit. Here the link to the article: medium.com/@ale18109800/c…

My writeup for CVE-2024-7971. Just a POC. Let me know if u have any questions. github.com/mistymntncop/C…

Windows Remote Desktop Licensing Service Pre-auth RCE (CVE-2024-38077) Analysis blog.78researchlab.com/2b2db461-3e5b-…

Collision! Dong, 남훈, Jaeho Jeong, 정상수, and nonetype of 78ResearchLab hit a one‑vulnerability collision against the Alpine iLX‑F511, earning $5,000 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto

As if competing in #Pwn2Own isn’t pressure enough, imagine being on stage in front of your professor as well! The team from 78ResearchLab is doing just that as the successfully target the Phoenix Contact CHARX. Well done! #P2OAuto

Another Collision! Dong, 남훈, Jaeho Jeong, 정상수, nonetype of 78ResearchLab targeted the Phoenix Contact CHARX SEC‑3150, chaining four bugs (two unique and two collisions) to earn $15,000 USD and 3 Master of Pwn points.

Collision! Dong, 남훈, Jaeho Jeong, 정상수, and nonetype of 78ResearchLab targeted the Kenwood DNR1007XR, exploiting one n-day vulnerability along with two collisions to earn $2,500 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto