Hello world! Today, I am officially released, and you can use me to create and fuzz high-quality binary inputs at amazing speed - with optional coverage guidance, and without needing seed inputs. Read about me and download me at uds-se.github.io/FormatFuzzer/

The #Qualys Research Team has discovered an easily exploitable memory corruption vulnerability (#Pwnkit) in polkit a SUID-root program that allows any unprivileged local user to gain root privileges on all major linux systems in its default configuration: fal.cn/3lCr6

Today we're publishing new techniques for recovering NTLM hashes from encrypted credentials protected by Windows Defender Credential Guard. These techniques also work on victims logged on before the server was compromised. research.ifcr.dk/pass-the-chall…

Introducing DavRelayUp - A port of #KrbRelayUp with modifications to allow for NTLM relay from WebDAV to LDAP and abuse #RBCD in order achieve #LPE in domain-joined windows workstations where LDAP signing is not enforced. Demo in second tweet. github.com/Dec0ne/DavRela…

For anyone that has ran this PoC, consider your data stolen. This is what eventually runs on your host after a few stages. If you wanna analyse it, don't use a web browser or your IP will get blacklisted. #CVE_2023_35829 #backdoor

A new blog post on Intel VT-rp! Part 1 is about how HLAT prevents the remapping attack, taking Windows as an example platform. tandasat.github.io/blog/2023/07/0… Sample hypervisor code: github.com/tandasat/Hello…

First big result from our new CPU research project, a use-after-free in AMD Zen2 processors! 🔥 AMD have just released updated microcode for affected systems, please update! lock.cmpxchg8b.com/zenbleed.html

#HITB2023HKT COMMSEC: B(l)utter – Reversing Flutter Applications by using Dart Runtime - Worawit Wangwarunyoo - conference.hitb.org/hitbsecconf202…

Dropping #Downfall, exploiting speculative forwarding of 'Gather' instruction to steal data from hardware registers. #MeltdownSequel - Practical to exploit (POC/Demo) - Defeat all isolation boundaries (OS, VM, SGX) - Bypass all Meltdown/MDS mitigations. downfall.page

Initial public #blutter tool for #reversing flutter app by compiling/using Dart runtime github.com/worawit/blutter Now, support only Android target. It should still be useful even it is lack of analysis feature.

New write-up on an Intel Ice Lake CPU vulnerability, we can effectively corrupt the RoB with redundant prefixes! 🔥 An updated microcode is available today for all affected products, cloud providers should patch ASAP. lock.cmpxchg8b.com/reptar.html

The new Cookieless variant (CVE-2023-36560) has been added to soroush.me/blog/2023/08/c… Markus Wulftange 😇

We're revealing details of an obscure debugging feature in the Apple A12-A16 SoC’s that bypasses all of the hard-to-hack hardware-based memory protections on new iPhones. Its not used by the firmware and we don't know how the attackers found out about it. securelist.com/operation-tria…

Exploiting CVE-2024-20656, a Local Privilege Escalation in the VSStandardCollectorService150 Service mdsec.co.uk/2024/01/cve-20… - new research from Filip Dragovic

The award-winning Qualys Threat Research Unit (TRU) has discovered a critical vulnerability in OpenSSH, designated CVE-2024-6387 and aptly named "regreSSHion." This Remote Code Execution bug grants full root access, posing a significant exploitation risk. blog.qualys.com/vulnerabilitie…

The detailed version of our #WorstFit attack is available now! 🔥 Check it out! 👉 blog.orange.tw/posts/2025-01-… cc: splitline 👁️🐈‍⬛

What if you skipped VirtualAlloc, skipped WriteProcessMemory and still got code execution? We explored process injection using nothing but thread context. Full write-up + PoCs: blog.fndsec.net/2025/05/16/the…

Good morning! Just published a deep dive into PatchGuard internals: how it works, key internal functions, context init, and possible bypasses. r0keb.github.io/posts/PatchGua…