i'll be up in dundee for securitay if anyone wants to chat/catch up 🐧

Hi friends!! 🩷 I’m looking for a new RE role to support me while I’m in grad school! I’ll be kind of in the woods, so remote roles are preferred! Recently I’ve been doing firmware RE/VR, but I got started doing malware RE and I love it lots (1/3)

nice Linux kernel pwn challenge write up by Shunt for LACTF 2025. exploiting a 3 byte OOB write primitive terawhiz.github.io/2025/2/oob-wri…

this is v true, i find it especially relevant for me reading complex state machine bug disclosures in linux kernel. often it's tempting for me to checklist-style audit code in a very granular way that misses this "big picture" type of possibility. ive done a lot better this year

Handy site for anyone curious about who's using what kconfig option 🐧 Looks like it supports Alma, Android, Arch, CentOS, Debian, Fedora, Oracle, Ubuntu & upstream defaults atm

ngl gang i might have got a bit lost in the sauce with this one, but if you're curious about how mmap() is implemented, check out part 2 of my memory management linternals series sam4k.com/linternals-exp…

with offensivecon around the corner, i figured id write another post on linux kernel exploitation techniques - this time i cover the world of page table exploitation! enjoy 🤓 sam4k.com/page-table-ker…

The One With All The Linux VR‼️ EC 71 out NOW Linux VR and Exploit Dev featuring Andrey Konovalov, sam4k, r1ru, and Two Bytes Of Madness macOS Bugs from Trend Zero Day Initiative ö talks Windows KASLR watchTowr makes an appearance + Jobs and MORE blog.exploits.club/exploits-club-…

in berlin this week for offensivecon (finally!!), looking forward to seeing everyone! :)

[CVE-2025-37752] Two Bytes Of Madness: Pwning The Linux Kernel With A 0x0000 Written 262636 Bytes Out-Of-Bounds Great article by D3vil about exploiting a type confusion in the network scheduler subsystem and pwning all kernelCTF instances. syst3mfailure.io/two-bytes-of-m…

I guess this mf of patate is finally hanging out with the cool kids maxpl0it sam4k

this was my first offensivecon and what a blast! had so much fun catching up with old friends and making new ones - not to mention the level of technical content and convos, what an awesome community :)

#OffensiveCon25 videos are now up! youtube.com/playlist?list=…

Stoked to announce #OFTW v3.0 🥳 This *free* student-centric event provides 🍏 trainings & talks! 📍 London 🗓️ July 24-25th Note: Due to limited space you must apply to attend ℹ️More info/apply: objective-see.org/oftw/v3.html Mahalo to Kandji for supporting this event!

its EXPLOITS CLUB DAY! 🏴‍☠️ Sean Heelan finds a Linux bug...with an LLM Your favorite researcher's favorite researcher Man Yue Mo returns @[email protected] talks about the last iOS 0(n?)-day LPE Exploit "chains" from watchTowr + Jobs and MORE 👇 blog.exploits.club/exploits-club-…

This weekend, I gave a talk on web browser security research at a student-organized conference. I tried to make the talk reasonably beginner-friendly, so the slides (linked here) could hopefully be useful to someone as a learning resource. docs.google.com/presentation/d…

This thread is a must read if you've ever dealt with self doubt on your research. It is very important the way we talk to ourselves. Don't be too harsh with yourself.

corCTF 2025 is a little over a month away!🚩 This year, we have a prize pool worth over 10k, with 9k in cash prizes! 💵 As for the first teaser, we are introducing CoRPhone! Are you ready to pwn an Android kernel, exfiltrate chat logs, and save a 1 million dollar pigeon?👀

Documented instructions for setting up KGDB on Pixel 8. Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc. xairy.io/articles/pixel…

We dissect a DFG compiler bug we discovered in Safari/WebKit. This post covers root cause, impact, and technical analysis: blog.exodusintel.com/2025/08/04/oop… #WebKit #VulnerabilityResearch #ExploitDev #Safari #CyberSecurity #ExodusIntel