Natnael Samson

@thedawgyg @w3llr00t3d @tyler_J___ From what you are saying it's 1 click exploit not 0 click.

its 0 click, exploited just from opening a webpage. but its not a sandbox escaped RCE, its a renderer RCE. I was hoping for 50-60k from VRP for it, so was disappointed with the 11k. i think i know what happened here and requested they re-eval it, because most of the evidence about the exploit + bisect + patch were in restricted comments that i dont think they saw (they even said this right before the bounty "In the future, please do not restrict bug comments. It potentially impacts the VRP process.")

Maybe should sell to the brokers next time lol

@thedawgyg What is your system spec?

mm seems my machine is thinking to hard... 14:13:32 up 6 days, 12:17, 6 users, load average: 144.27, 137.84, 133.86

VMware Workstation guest-to-host escape (CVE-2023-20870/CVE-2023-34044 and CVE-2023-20869) by Alexander Zaviyalov (@NCCGroupInfosec) nccgroup.com/media/b2chcbti… #infosec

Drawn to Danger: Windows Graphics Vulnerabilities Lead to Remote Code Execution and Memory Exposure by Gábor Selján research.checkpoint.com/2025/drawn-to-…

Check Point Research demonstrates how generative AI can speed up reverse engineering from days to hours by exporting IDA data to ChatGPT for deep static analysis. research.checkpoint.com/2025/generativ…

Following their presentation at @hexacon_fr, Mehdi & Etienne detail how they exploited CVE-2023-40129, a critical vulnerability affecting the Bluetooth stack in Android ⬇️ synacktiv.com/en/publication…

TrueType is the gift that keeps on giving (do you remember Triangulation?) and Peter @bl4sty keeps on winning pwn2own thanks to it #TheSAS2025

VMware Workstation guest-to-host escape (CVE-2023-20870/CVE-2023-34044 and CVE-2023-20869) nccgroup.com/media/b2chcbti… Credits Alexander Zaviyalov (@NCCGroupInfosec) #infosec

OMG.. whatsapp 0c in pwn2own

Sharp Robotics of Singapore has officially unveiled SharpaWave, an impressively dexterous hand. The 1:1 life-size model boasts 22 degrees of freedom, with over 1,000 tactile sensors per fingertip. It can crack eggs, play the piano, or use scissors, combining strength, speed, and dexterity once thought impossible.

@msftsecresponse Congrats man you did it

Congratulations to all the researchers recognized in this quarter’s MSRC 2025 Q3 Security Researcher Leaderboard! Thanks to all the researchers who partnered with us for your hard work and continued dedication to securing our customers. Learn more in our blog post: msft.it/6016sfncp We also want to recognize the top 10 researchers in the leaderboard: 🥇Brad Schlintz (@nmdhkr) 🥈 Yuval Avrahami 🥉 b2ahex 4. Jianyang song 5. Felix B. 6. Haifei Li @HaifeiLi 6. tuandv of Viettel Cyber Security 8. P1hcn 9. 0x140ce @0x140ce 10. Matthew Jensen

We opened the iOS sandbox like a museum vault—carefully, layer by layer—and found the rulebook written in runes. So @yarden_ha revived an old decompiler (dev CPR 🫀🛠️), added modern iOS support, and turned noise into readable signals. Now the policies aren’t “mystery beach sand,” they’re a map you can navigate: what’s allowed, what’s fenced, why that API says “no.” Research → faster. Insights → deeper. Clarity → finally. Only at #OBTS 🍏 do tools get resurrected and upgraded in one talk.

''Windows Heap Exploitation - From Heap Overflow to Arbitrary R/W'' #infosec #pentest #redteam #blueteam mrt4ntr4.github.io/Windows-Heap-E…

Wrote a blogpost today on how to write a harness for Lucid. This is the harness I'll be using to fuzz `nftables`. Some overlap with last blogpost, but everything is explained step-by-step. First blog entry into my earnest attempt to find bugs with Lucid for the 1st time: 👇

#exploit Windows Heap Exploitation - From Heap Overflow to Arbitrary R/W mrt4ntr4.github.io/Windows-Heap-E… ]-> PoC - github.com/mrT4ntr4/Chall… // vulnerability exists in the add/update function where it re-uses the previous size of the record to read the new data

Windows kernel exploitation (CVE-2024-30088, Pwn2Own Vancouver 2024) exploits.forsale/pwn2own-2024/ #infosec

🐞Bug Spotlight: CVE-2025-10200 – Use-after-Free in Chrome Service Worker [bounty $43000] One-shot renderer RCE to sandbox escape with a deep iterator invalidation Issue: 🔒440454442 (currently private) Reported by Looben Yang Reverse engineering & PoC exploit by @alisaesage

A great write-up of a VMware Workstation guest-to-host escape (CVE-2023-20870/CVE-2023-34044 and CVE-2023- 20869) exploit by Alex Zaviyalov has just been published!