Can't sleep, gotta go to bed after the pwn2own competition :(

Wow! The Theori was able to exploit VMware Workstation with an additional Windows Kernel LPE vulnerability in the Virtualization category. They went from guest OS to SYSTEM on the host OS. They're off to the disclosure calls with details. #Pwn2Own

Pwn!!

We posted our third writeup of N-day full chain series: Chaining N-days to Compromise All: Part 3 — Windows Driver LPE: Medium to System medium.com/theori-blog/ch…

vm on vm on vm 😕 confused

The 2024 Pwnie Award Nominations are now live! Submit your best and brightest bugs, wins, and failures at the link below: pwnies.com/nominations/

Huawei Security Hypervisor analysis and reverse engineering by Impalabs Hypervisor analysis: blog.impalabs.com/2212_huawei-se… OOB vuln: blog.impalabs.com/2212_advisory_… #huawei #infosec

This advisory is about Pwn2Own Vancouver. There are a few mistakes in the credit information. I found a leak bug in HGFS, and Starlabs found one in vBluetooth that I couldn't find. 🤩 Let's diff.

[ZDI-24-601|CVE-2024-30085] (Pwn2Own) Microsoft Windows cldflt Heap-based Buffer Overflow Local Privilege Escalation Vulnerability (CVSS 7.8; Credit: Gwangun Jung(@pr0ln) and Junoh Lee(bbbig) at Theori(Theori)) zerodayinitiative.com/advisories/ZDI…

Sadly, I was unable to attend due to personal issues. I believe that Mr. Kye made a great presentation. I hope that I will attend next time.

I couldn't attend, but I got attendance gifts. Thank you. Off-By-One Conference

Virtual Escape; Real Reward: Introducing Google’s kvmCTF security.googleblog.com/2024/06/virtua…

🚨 solid writeup on CVE-2024-21338! Learn how a clever AppLocker driver exploit bypasses SMEP & kCFG. Two paths to SYSTEM access revealed. Worthy read! Great work by Crowdfense crowdfense.com/windows-apploc…

Very interesting series on dynamically hooking Golang programs Part 1: blog.quarkslab.com/lets-go-into-t… Part 2: blog.quarkslab.com/lets-go-into-t… Credits Mihail Kirov and Damien Aumaître (quarkslab) #infosec

Debugging Hyper-V: 1. Halt in hvix64. 2. Set VM Resume breakpoint. 3. Turn on Intel Processor Trace. 4. Break in the Secure Kernel. Record all Intel PT executed instructions by reading Host mode memory from within Guest mode. Hopefully cool video for hypervisor enthusiasts.

During #Pwn2Own Automotive, the team from Synacktiv used 2 bugs to take over the #Autel Maxicharger. Our latest blog takes a brief look at how they did it, and how Autel patched it. zerodayinitiative.com/blog/2024/8/22…

Our CFP was accepted by hexacon. See you in Paris! #hexacon