Let me introduce you to KrbRelay, the only public tool for relaying Kerberos tickets and the only relaying framework written in C#. No-fix LPE + No-fix Cross-Session, VDI deployments has never been more broken. Demo at Images/demo.mp4 ! github.com/cube0x0/KrbRel…

Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities: renorobert provides copious details on using #BinaryNinja to discover lots of bugs in #MySQL Cluster, and he provides source code so you can, too. zerodayinitiative.com/blog/2022/2/14…

In his final blog on finding bugs using taint analysis, renorobert experiments with #CodeQL’s IR and #Clang checkers for detecting untrusted pointer derefs & tainted loop conditions. These techniques led to multiple vuln discoveries. Read the details at zerodayinitiative.com/blog/2022/2/22…

Here are the slides from the "Security Analysis of MTE Through Examples" talk I presented at BlueHat IL :) I hope you will like it and find it interesting! github.com/saaramar/secur…

Slides from our (Ian Beer and myself) talk „A Brief History of iMessage Exploitation“ talk BlueHat IL. Recording coming soon as well! saelo.github.io/presentations/…

I experimented with using a timer to interrupt a race window, here's a blogpost: googleprojectzero.blogspot.com/2022/03/racing…

Likely my last post on the Windows HEIC image parsers - recovering symbols, porting to PDB and root-causing an out of bound write vuln: mandiant.com/resources/fuzz…

We are super excited to open our Call for Talks/Trainings for ShaktiCon 22/23. If you are a women in the field of security, you are invited to join us in this mission to empower, and inspire women to join the field of cyber security. Checkout shakticon.com

ZDI Researcher renorobert looks at the patch gap between the #VMware ESXi TCP/IP stack and the #FreeBSD kernel it was based on. Some bugs went unpatched for years. Read the details at: zerodayinitiative.com/blog/2022/7/25…

I just finished one of my long-standing todos. The "Hypervisor From Scratch" tutorial is completely revised. Codes from all parts are updated, unnecessary details are removed, and new explanations are added to the tutorial. Take a look at new updates. github.com/SinaKarvandi/H…

In our latest #MindShaRE blog, renorobert talks about using Binary Ninja's stack data flow feature to look for uninitialized memory disclosure in BSD kernels. Read all the details (incl sample scripts) at zerodayinitiative.com/blog/2022/9/19…

Hey everyone, I wanted to share my Black Hat talk about Concurrence, a new approach for fuzzing multi-threaded applications deterministically. I just realized it was already published a month ago! youtube.com/watch?v=OpQvXG…

VM escapes in #Parallels Desktop are a common target for many researchers. renorobert details some local privilege escalation via setuid root binaries in his latest blog. His write-up includes root cause analysis of CVE-2023-27322, -27324, & -27325. zerodayinitiative.com/blog/2023/4/5/…

CVE-2022-31696: renorobert takes an in-depth look at this #VMware #ESXi type confusion privilege escalation he discovered. He shows his research methodology and looks at the patch released to fix it. zerodayinitiative.com/blog/2023/6/21…

Join me & Ashwin Shenoi at c0c0n2025 for the training "Fortify APIs: Mastering Penetration Testing for Robust Application Security" 🗓️ Date: 4-5 Oct, 2023 📍 Location: Grand Hyatt, Kochi 📚 Register: bit.ly/c0c0n-23-api #APIsecurity #PenetrationTesting #AppSec #c0c0n2023

A little teaser of what's to come in 𝐈𝐬𝐬𝐮𝐞 𝟑! 'Deceptive Python Decompilation' by Calle Svensson 'Leaking Guest Physical Address Using Intel Extended Page Table Translation' by renorobert 'The Quest of malloc(0)' by red5heep

Paged Out! #3 is out! Download it here pagedout.institute/download/Paged…

PagedOut#3 is out. My article about the Intel EPT side channel was published on page 47.

PagedOut issue #4 is now available. My article on leaking host KASLR bits from a guest VM using a TLB side channel can be found on page 58

In our latest MindShaRE blog, renorobert describes how to use Binary Ninja’s MLIL to establish a data flow graph by tracing interactions between a specific memory allocation in order to find UAF bugs. He includes source code so you can, too. zerodayinitiative.com/blog/2025/3/20…