🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

V8 Sandbox escape/bypass/violation and VR collection github.com/xv0nfers/V8-sb…

techcommunity.microsoft.com/t5/windows-os-… VTL 2, finally publicly announced!

Has been such an honor to be part of this event – a dream conference come true! 🔥💥 Killer talks and super engaging attendees. Huge props to Outflank and MDSec for making it all possible. Already looking forward to the next one! 🎤

Want to hunt zero-days like a pro? While spaceraccoon | Eugene Lim shares his vulnerability research expertise at #OSSummit Tokyo, grab his guide to tracking down security flaws at 30% off! Code ZERODAYDISCOUNT until tomorrow at midnight PT. nostarch.com/zero-day

Don't panic now, but LLM-based agent discovered a previously unknown real-world vulnerability. Details in googleprojectzero.blogspot.com/2024/10/from-n…

The history of Chrome development and design decisions as a comic. An enduring gem google.com/googlebooks/ch…

My keynote slides from VXCON 2024 zerodayengineering.com/research/slide…

bughunters.google.com/blog/508511148…

Attackers can use QR codes to bypass browser isolation and establish command and control. Learn how the technique works, and recommendations on how to stay ahead of this threat: bit.ly/49uMYms

I spent the last month reverse engineering Call of Duty's anti-cheat! Blog post here: ssno.cc/posts/reversin…

Virtual fortresses aren’t as invincible as they seem 🏰⚔️. Read about our latest research on using Secure Enclaves in Windows for offensive ops — plus fresh insights for red teamers. Check out Part 1 of our blog series here: outflank.nl/blog/2025/02/0…

Had an awesome time speaking at NDC Conferences about Chrome exploitation 👾🤩

Awesome post from my team on VBS enclave security techcommunity.microsoft.com/blog/microsoft…

If you’re getting into V8, this thread is a solid starting point.

so hyped for #Zer0con2025

[#Zer0Con2025] 🎙️ SPEAKER Highlight: matteo malvica ⭕ "Breaking Chrome's V8: Type Confusion, WASM JIT-Spraying and Heap Sandbox Evasion" 💥

"WebAssembly Is All You Need:Exploiting Chrome and the V8 Sandbox 10+ times with WASM" by Xion Worth a watch :) youtube.com/watch?v=nb1so4…

Some of my analysis of several Map related bugs and vulnerabilities while learning v8. xia0.sh/blog/visit-the…

Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application. ibm.com/think/x-force/…