Want to find out how to exploit Just-In-Time compiler vulnerabilities like this? bugs.chromium.org/p/chromium/iss… Join me at my OffensiveCon training in February and become an blackbelt in Browser Jiu JIT-su: offensivecon.org/trainings/2020…

Updated my tool to exploit .NET remoting services to use a new (unpatched) technique to bypass Low Type Filter to get full serialization exploitation. Abuses the lease feature present on all MBR objects. github.com/tyranid/Exploi…. Don't use .NET remoting in production code!

XNU: remote double-free via data race in IPComp input path bugs.chromium.org/p/project-zero…

Heap Overflows and Double-Free Attacks homes.sice.indiana.edu/yh33/Teaching/…

I've digged up some ancient versions of Adobe Reader to figure out exactly which symbols were public in which builds and when. Turns out all the core modules had them at some point. My full analysis on the P0 blog: googleprojectzero.blogspot.com/2019/10/the-st…

Solving binary-only CTF challenges with honggfuzz and qemu binary instrumentation - matshao.com/2019/11/11/Red…

CVE-2020-0601 Day 3: It begins

The in-the-wild zero-click iMessage exploit detected by The Citizen Lab last year apparently didn't affect iOS 14. I did some reverse engineering to see what had changed in that release and found lots of cool things! googleprojectzero.blogspot.com/2021/01/a-look…

First confirmed entry for day1 of TianfuCup, Kunlun Lab SorryMybad pwned Google Chrome to get Windows system kernel level privilege with only two bugs. First time since 2015 as I remembered

#POC2021 Thanks for the souvenir😀 POC_Crew 👨‍👩‍👦‍👦

New blog post released! Windows Segment Heap: Attacking the VS Allocator by vp labs.bluefrostsecurity.de/blog.html/2022…

Several powerful primitives for exploiting the macOS kernel may never get fixed: blog.ret2.io/2022/08/17/mac…

New blogpost - analysis of the ipc_kmsg_get_from_kernel vulnerability, patched in iOS 15.4 :) saaramar.github.io/ipc_kmsg_vuln_…

i prepared for pwn2own but patched, so sad :(

With members of POC_Crew 👨‍👩‍👦‍👦 (and old-time TROOPERS Conference fellows ;-) at #HEXACON2022

This is different from past goodies We call this the "Chain slippers" Who want some RCE and LPE? Meet more epic goodies for sale in #POC2022

[POC2023] has just started! Starting off with Jinwook’s opening remarks #POC2023

Off to Berlin! Very excited to be part of the community and sponsor offensivecon! If you are there, ping us up for long night drinks 🫠😏

[#POC2025 NOTICE] 20 Years. Reborn. The brand evolved - The mission remains. Welcome to a new era of POC. ⏰ Date: November 13–14, 2025 📍 Venue: Four Seasons Hotel, Seoul, South Korea 🇰🇷 🎤 CFP: June 5 – September 30 🧑‍💻 Training: June 5 – September 30 🎟️ Registration: