Looking forward to sharing what I’ve learned from 10 years of Project Zero at Black Hat tomorrow 11:20, Oceanside A See you there!

Can't make it to DEF CON? Enjoy our #DEFCON32 sale. Get 32% off site-wide with code DC32. Ends 8/14 at midnight PT. nostarch.com

Wanna chat? Come by the Meet-up area in the Business Hall at 3 pm today. Greeting not required

We finished our presentation at #BHUSA and the slides were published here: i.blackhat.com/BH-US-24/Prese…, you can also find the latest slides and demo here: github.com/ga1ois/BlackHa…, enjoy, especially for our new "field confusion" V8 sbx escape technique : ) Edouard Bochin Black Hat

Find us today at DEF CON in Vendor Area East at Booth 29! Our author signings start with Tim Arnold (Black Hat Python, 2nd Edition) at 11:30am and James Forshaw (Windows Security Internals) at 12:30pm. Full author signing schedule + map: nostarch.com/defcon

Just to remind people I'll be signing copies of my book at 12:30 at Defcon today at the No Starch Press vendor area. See nostarch.com/defcon for details.

A big thank you to everyone who visited us at DEF CON! It's also not too late to shop our #DEFCON32 website sale. Get 32% off site-wide nostarch.com with code DC32. Ends 8/14 at midnight PT.

It seems amazing to me that MS have spent years talking about this feature and have not fixed well known public bypasses. My similar Kerberos trick probably works tiraniddo.dev/2022/03/bypass… as does googleprojectzero.blogspot.com/2019/12/callin… if you accept a prompt :)

The new account type for services finally landed in WIP. Now when running Windows Protected Print (WPP) the service will run as "Restricted Service" and no longer SYSTEM. There will be a SYSTEM process, but it basically just launches the worker.

Put up the slides for my Microsoft BlueHat 2024 presentation on improvements to OleView.NET github.com/tyranid/infose… You can also grab v1.15 of OleView.NET from the PS Gallery which has the new features to generate proxy clients on the fly.

BOO! Our Halloween flash sale is haunting nostarch.com for 24 hours only. Load up on books and merch, then use code HALLOW33N at checkout to save 31%. Warning: This offer creeps away at midnight PT!

Project Zero Blogpost recap for the month: googleprojectzero.blogspot.com/2024/10/the-wi… — j00ru//vx doing another deep dive into the Windows Registry googleprojectzero.blogspot.com/2024/10/effect… — Nick Galloway's dav1d fuzzing case study (new) googleprojectzero.blogspot.com/2024/10/from-n… — an update on using LLMs to find vulns Enjoy! 🎉

In our search for new forensic artifacts at ExaTrack, we sometimes deep dive into Windows Internals. This one is about COM and interacting with remote objects using a custom python LRPC Client. STUBborn: Activate and call DCOM objects without proxy: blog.exatrack.com/STUBborn/

Finding 0day is not the most impactful thing that Project Zero does 😲 — it's sharing knowledge 🧠. One part of that sharing is our tooling work to help other devs and reserachers. Today's installment, James Forshaw's updated OleView.NET👍 Blog: googleprojectzero.blogspot.com/2024/12/window…

My blog post is now live alongside Amnesty International 's joint release, providing remarkable insight into an ITW exploitation campaign! googleprojectzero.blogspot.com/2024/12/qualco… Turns out that you can find out quite a bit with just some kernel stacktraces ;) From Amnesty: securitylab.amnesty.org/latest/2024/12…

If you've ever wondered if one can determine a vuln from just the kernel panic logs, Seth Jenkins (feat. Jann Horn - [email protected] & Benoît) have something to share: googleprojectzero.blogspot.com/2024/12/qualco… Great to collaborate with Amnesty International, find vulns and get them fixed: securitylab.amnesty.org/latest/2024/12…

Two new posts from James Forshaw today: googleprojectzero.blogspot.com/2025/01/window… on reviving a memory trapping primitive from his 2021 post. googleprojectzero.blogspot.com/2025/01/window… where he shares a bug class and demonstrates how you can get a COM object trapped in a more privileged process. Happy Reading! 📚

James Forshaw and his 🐼 panda kicks-off Day 2 Off-By-One Conference 2025 with 𝐈𝐟 𝐲𝐨𝐮 𝐝𝐨𝐧'𝐭 𝐜𝐚𝐫𝐞 𝐚𝐛𝐨𝐮𝐭 𝐚 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲, 𝐰𝐡𝐲 𝐬𝐡𝐨𝐮𝐥𝐝 𝐈? Full house yo!

More goodies!! James Forshaw , Keynote Speaker at Off-By-One Conference books are available at No Starch Press . Use our conference discount code 𝐎𝐅𝐅𝐁𝐘𝟑𝟎 to enjoy a 30% on James books! nostarch.com/networkprotoco… nostarch.com/windows-securi…

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - akamai.com/blog/security-…