🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

"Proxying to Kernel : Streaming vulnerabilities from the Windows Kernel" 🎦 by An-Jie Yang (Angelboy)

I was curious about how the Linux kernel implements RCU, so I analyzed the source code to understand the execution flow. Feel free to check it out and let me know if you find any mistakes.🙂 u1f383.github.io/linux/2024/09/…

Tips for Pwn2Own player: pick a target that no one care, then you got no collision. Shout out to my colleague: HexRabbit We manage to bypass all the hardware protection together 🎉

Our slides about WASM bugs in browsers are now available. Thanks to everyone who helped with the talk.🫡 Hope we can do better next time. 1. BH USA 2024: i.blackhat.com/BH-US-24/Prese… 2. GeekCon Shanghai 2024: geekcon.top/js/pdfjs/web/v… cc my partners (P1umer xmzyshypnc Q1IQ)

Uploaded my slides from POC2024. I'll soon be giving a slightly shorter version of the same talk on CODE BLUE 2024 too. github.com/leesh3288/talk…

Dropped my slide for POC2024 on Linux kernel exploitation, including a journal from Pwn2Own Vancouver earlier this year. Enjoy 🙂. u1f383.github.io/slides/talks/2…

Earlier this year, I used a 1day to exploit the kernelCTF VRP LTS instance. I then used the same bug to write a universal exploit that worked against up-to-date mainstream distros for approximately 2 months. osec.io/blog/2024-11-2…

Imagine opening a Discord message and suddenly your computer is hacked. We discovered a bug that made this possible and earned a $5,000 bounty for it. Here's the story and a beginner-friendly deep dive into V8 exploit development. Watch: youtube.com/watch?v=R3SE4V…

I just released our kernelCTF VSock 0-day write-up with qwerty . (exp196/exp197, CVE-2024-50264) github.com/google/securit… We made history by being the first to exploit VSock in kernelCTF, expanding its known attack vectors. 🥳 It’s a pretty *simple* race condition, right?

KernelSnitch: Side-Channel Attacks on Kernel Data Structures Paper by Lukas Maar et al. about using a timing side-channel for leaking addresses of exploitation-relevant kernel structures. lukasmaar.github.io/papers/ndss25-…

Amazing... He is a real hacker. cylab.cmu.edu/news/2025/01/0…

If you ever think there are no more bugs left to find… this Linux kernel bug was just patched yesterday and existed for 5 YEARS

Slides of my talk at #Zer0Con2025! ⚡️ Kernel-Hack-Drill: Environment For Developing Linux Kernel Exploits ⚡️ I presented the kernel-hack-drill open-source project and showed how it helped me to exploit CVE-2024-50264 in the Linux kernel. Enjoy! a13xp0p0v.github.io/img/Alexander_…

New blogpost! Want to see how we exploited Synology Inc. network-attached-storage devices at Pwn2Own Ireland? RCE to root via out-of-bounds NULL-byte writes, click the embed for a fun little writeup of CVE-2024-10442 🔎🎉 blog.ret2.io/2025/04/23/pwn…

We are back😎 Say hello to our kernelCTF submission for CVE-2025-37752🩸 Who would have thought you could pwn a kernel with just a 0x0000 written 262636 bytes out of bounds? Read the full writeup at: syst3mfailure.io/two-bytes-of-m… 👀

Our first confirmation of #Pwn2Own Berlin! Pumpkin (Pumpkin 🎃) from DEVCORE Research Team used an integer overflow to escalate privs on Red Hat Linux. He earns $20,000 and 2 Master of Pwn points. #P2OBerlin

Billy again…

🚨🚨🚨We just broke everyone’s favorite CTF PoW🚨🚨🚨 Our teammate managed to achieve a 20x SPEEDUP on kctf pow through AVX512 on Zen 5. Full details here: anemato.de/blog/kctf-vdf The Sloth VDF is dead😵 This is why kernelCTF no longer has PoW!