[ZDI-23-900|CVE-2023-35001] (Pwn2Own) Linux Kernel nftables Incorrect Pointer Scaling Local Privilege Escalation Vulnerability (CVSS 7.8; Credit: Tanguy DUBROCA (Sideway) from Synacktiv (Synacktiv)) zerodayinitiative.com/advisories/ZDI…

Later today, Mastho will talk at #HITB2023HKT about two bugs he exploited in Windows kernel during #Pwn2Own and how the future mitigations will make them harder to exploit (or not 😱) conference.hitb.org/hitbsecconf202…

Sometimes simple is best. See how Sideway exploited a 9-year-old Linux kernel bug at #Pwn2Own Vancouver 2023! synacktiv.com/publications/o…

This year, #HEXACON2023 will introduce the social event with a lightning talks session! 💡 ⏳ 5 minutes long ⛔️ No bullshit/commercials 🎠 Fun topics appreciated 🍻 Beers allowed 🫵Open to everyone Short talks submission will take place during the event

After a bit of delay, we're finally releasing advisories for 139 vulnerabilities we found in 23 trustlets used on Huawei mobile devices. Some of them can be exploited to access the Secure World and retrieve sensitive data. 🧵 A thread of our most interesting findings

Don't miss CODE BLUE! David B and vdehors will present how they managed to compromise the Tesla during the latest #Pwn2Own event codeblue.jp/2023/en/talks/…

The program for GreHack is out with 3 Synacktiv talks! 🖥️ Virtualization from an attacker Point-Of-View: cbayet & Major_Tom 🚘 Unlocking the Drive: Exploiting Tesla Model 3: David B & vdehors 🐧 Ubuntu Shiftfs: Unbalanced Unlock Exploitation Attempt: JB Cayrou

Last sponsor we want to introduce is a special one: it's Synacktiv, the company organizing #HEXACON2023. Leader in offensive security, Synacktiv helps companies assess their networks's security. There will be a lot of ninjas in the conference, feel free to talk to them! 🤗

En raison de la situation actuelle en Israël, on a quelques tickets pour Hexacon en rab et Cellebrite serait heureux de vous les offrir. Pour participer, il suffit de répondre à ce message et on sélectionnera des gagnants demain (12 octobre) dans l'après midi.

Limited edition of our new t-shirt! Come visit our booth. And don't get caught in the wild ...

In this post I'll use CVE-2023-4069, a type confusion bug in the Maglev JIT compiler of Chrome that I reported in July, to gain RCE in the Chrome renderer sandbox: github.blog/2023-10-17-get…

👀

We're naming names 🔥 because the harm is not hypothetical. Today we share "Buying Spying", our new report diving into the commercial surveillance/spyware industry. We dive into the players, the campaigns, the spyware, & the harm it perpetuates. blog.google/threat-analysi…

[Pwn2Own 2024](CVE-2024-2886)[330563095, 330575496] PinArrayBufferContent is insufficient to keep the backing store itself pinned and WebCodecs VideoFrame Race Condition UAF W -> RCE is now public with PoC, exploit and wp. issues.chromium.org/issues/3305754… issues.chromium.org/issues/3305630… Xion

If you see hypervisors as magic black boxes that are hard to break, join us to this training and learn to apply your reverse, bug hunting and exploit knowledge to build VM escapes !

Fun facts about this Firefox bug: (1) According to Mozilla, it got introduced in 2003, it predates Firefox 1.0! (2) Although it's a UaF, it doesn't rely on any JS callback, the entire PoC is a single function. (3) It was a purely manual find and just a fun bug to PoC.

My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp - googleprojectzero.blogspot.com/2025/03/blasti…

stop using ubuntu 24.04 to host your kernel pwn challenges lmao kqx.io/post/qemu-nday/