My talk demonstrating how with minor tweaks you can really frustrate command line-based detections across Windows, Linux and MacOS is now live: ⚡ youtube.com/watch?v=52tAmV… Security BSides Dublin #threatdetection #threathunting #lolbas #offsec

Checkout FizzBuzz101's corCTF 2024 challenge writeups! Leaking Flags from Initramfs with Spectre v1: willsroot.io/2024/08/just-a… KVM Escape from a nested L2 guest to the L1 hypervisor: willsroot.io/2024/08/trojan…

How to achieve code execution with an Out-of-Bounds Write in Chrome V8 engine (Maglev compiler) blog.exodusintel.com/2024/01/19/goo… Credits Javier Jimenez and Vignesh Rao #chrome #cybersecurity

Paper day 1- EXPRACE: Exploiting Kernel Races through Raising Interrupts usenix.org/system/files/s… and 2- Racing against the clock -- hitting a tiny kernel race window ( this is really cool) googleprojectzero.blogspot.com/2022/03/racing…

We're not talking about espionage. This new LaurieWired video is about Inter-process communication. (ok, it's also about espionage, but only because it's a great analogy) youtu.be/Fb4UoqXPEtI?si…

Here’s a blog post covering all the technical details behind a strcpy bug I found in the Tony Hawk video game series that can be used to hack several gaming consoles and even get RCE on the over the network icode4.coffee/?p=954

With the #GhostWrite CPU vulnerability, all isolation boundaries are broken - sandbox/container/VM can't prevent GhostWrite from writing and reading arbitrary physical memory on affected RISC-V CPUs. Deterministic, fast, and reliable - no side channels. ghostwriteattack.com

[RELEASE] Following the talk at DEF CON, I'm releasing all the POC projects associated with DriverJack. More info in the repos. For any additional info, hit me up ;) - github.com/klezVirus/Driv… - github.com/klezVirus/RpcP… - github.com/klezVirus/kopp…

In the UPDATE section of my post decoder.cloud/2024/04/24/hel…, I explained why you won't find my acknowledgment for CVE-2024-38061 any more.

Google Chrome In-The-Wild Type Confusion in V8 (CVE-2024-7971 [360700873]) happens when handling loop inputs inside WASM baseline (A.K.A Liftoff) compiler/assembler: chromium-review.googlesource.com/c/v8/v8/+/5797…

New blog from me on manually manipulating Vectored Exception Handlers to evade some EDRs and perform threadless process injection. securityintelligence.com/x-force/using-… Accompanying code: github.com/xforcered/Vect…

In part 3 of his series on exploiting #Exchange #Powershell after ProxyNotShell, ZDI researcher Piotr Bazydło chains 3 bugs that lead to RCE, mainly by abusing the single-argument constructor conversions. Read the details at zerodayinitiative.com/blog/2024/9/18…

This has been one of my favorites for a while, but now it's time to let it go. Here's my preferred way of getting the KeePass db that we often hunt for: downgrade the executable to version 2.53, use CVE-2023-24055 and wait for the busy admin to trigger the dump of the database.

Releasing full 2+hr video of my browser exploitation workshop from VXCON 2024: youtube.com/live/b9OhamkAY… In which I show what goes inside the mind of a skilled hacker while exploiting a highly non-trivial vulnerability in v8, from zero to exploit concept. Especially this workflow

GitHub - TheN00bBuilder/cve-2024-11477-writeup: CVE-2024-11477 7Zip Code Execution Writeup and Analysis - github.com/TheN00bBuilder…

I read Google's paper about their quantum computer so you don't have to. They claim to have ran a quantum computation in 5 minutes that would take a normal computer 10^25 years. But what was that computation? Does it live up to the hype? I will break it down.🧵

Another approach to disable EDRs (with anti-tampering). Credit goes to sixtyvividtails for the idea🧙‍♂️ PendingFileRenameOperations and an NTFS junction, we can ask Windows to delete EDR binaries on reboot (with Admin privs) A link to a complete GitHub PoC follows in replies

just found out WinRAR sells rly cool merch including this messenger bag shaped like the logo 🫣

We released our Fuzzilli-based V8 Sandbox fuzzer: github.com/googleprojectz… It explores the heap to find interesting objects and corrupts them in a deterministic way using V8's memory corruption API. Happy fuzzing!