Bryan Alexander

CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog(), @Qualys Security Advisory. openwall.com/lists/oss-secu…

The Kerberos PAC verification bypass me and @monoxgas showed at the end of our BH presentation and was fixed last month is now open in the issue tracker. Certainly an interesting one :) bugs.chromium.org/p/project-zero…

@_wald0 @kfosaaen @xorrior @mcohmi @PyroTek3 @424f424f @mariussmellum @BaileyBercik @JefTek @drone

Reverse #FF. Are you on Mastodon? Reply with your handle, I want to follow you. cc: @kfosaaen @xorrior @mcohmi @PyroTek3 @424f424f @mariussmellum @BaileyBercik @JefTek

@elonmusk this is on you

Breaking the Chrome Sandbox with Mojo - the recording of my black hat talk is out: youtu.be/qhhJCLy0YBA (I'm painfully aware of the red shift :) )

Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend - @chudyPB provides the details of CVE-2022-41040 and -41082. These were the #Exchange bugs used in active attacks and recently patched. zerodayinitiative.com/blog/2022/11/1…

Wherein I propose that C++ initialize all stack variables to zero, preventing ~10% of CVEs. Cost: none. 🔗 wg21.link/P2723R0 🔗

Six actively exploited 0days patched today by Microsoft including one found by @benoitsevens & @_clem1 from TAG. duo.com/decipher/micro… 2022 and we are still seeing active IE scripting exploitation 😔 Thanks to Microsoft for the quick turnaround and patch.

@drone" target="_blank" rel="nofollow noopener">infosec.exchange/@drone for those that are migrating

A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain googleprojectzero.blogspot.com/2022/11/a-very…

Now this is a pretty handy tool... "A plugin to introduce interactive symbols into your debugger from your decompiler" // by @mahal0z github.com/mahaloz/decomp…

Inside Elon Musk's "free speech" Twitter, a culture of secrecy and fear has taken hold. Managers and employees have been muzzled, Slack channels have gone dark, and workers are turning to anonymous gossip apps to find out basic info about their jobs. washingtonpost.com/technology/202…

My new blog series: Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 - Part 1: Root Cause Analysis zscaler.com/blogs/security… Part 2: Exploit Analysis zscaler.com/blogs/security… #0day #exploit #vulnerability #CVE_2022_37969

My keynote "The Evolution of Firmware Threats: Attacks below the OS" from @nohatcon is now available online! youtube.com/watch?v=L1VanO…

I’m really excited for us to shed light on some really cool work we’ve been doing to harden the XNU allocator! This has been a huge effort by so many people, and I’m very proud of the direction: security.apple.com/blog/towards-t…

A couple months overdue, here's the open source release of Concurrence, my new fuzzing library for thread-based targets. Integration code to SockFuzzer, plus Mach process/IPC/VM/etc. support are coming soon. Check it out at github.com/googleprojectz…

Finally, here is the blog documenting the crazy 7 days that I spent on CVE-2022-1786 to pwn kCTF (and won a lot of cash)! Let me know what you think of the blog! blog.kylebot.net/2022/10/16/CVE…

Slides for "Sanitizing the Linux kernel: On KASAN and other Dynamic Bug-finding Tools", the talk I just gave at Linux Security Summit Europe 2022. Covers: 🐧 Generic KASAN implementation 🔥 Other Sanitizers 🗡 Extending KASAN and KMSAN to find more bugs docs.google.com/presentation/d…

New blog post! Part 1 in my new PlayStation hacking series: An **unpatched** PS4 / PS5 userland exploit that also allows pirating PS2 games. mast1c0re: Hacking the PS4 / PS5 through the PS2 emulator - Part 1 - Escape: cturt.github.io/mast1c0re.html Video demo: youtube.com/watch?v=GIl1mR…

We had quite some fun for the last 2.5 years fuzzing CPUs. We wrote one system, scratched it, and wrote another one. This week we open-sourced most of it, and hope to open-source more in the future. github.com/google/silifuzz