Paolo Stagno (VoidSec)

Address leaks from Windows Kernel are fading away, but CVE-2025-53136 shows how even patches can introduce new possibilities. Proud of the team for discovering it.

We appreciate @crowdfense's continued support to Offensivecon as a Silver Sponsor!

Coming in Q2 for some of our selected clients :)

@dansemperepico Google translate handled it perfectly

Looks like the UAE government press conference is going to be in Arabic only. I'm seeing if, in the next few minutes, Claude Code can code me something that will do live streaming text translation. Working against the clock.

@oechsleoi @rueseraa They are based on proximity, so you only receive them if you're in a possible "affected" area. On android you can check your setting under "wireless emergency alerts"

Patch diffing + RCA for clfs.sys can awhile. I gave the diff + binary to a local LLM. It mapped the UAF path, race condition, all IOCTLs in <20 min LLMs don't replace the work, they are momentum. New blog post following the UAF trail of CVE-2025-29824: clearbluejar.github.io/posts/how-llms…

@Bad_Jubies Actually I'm building MCP to expose already built exploit to AI. To find and exploit bugs I still rely on good old reverse engineering :)

@Void_Sec Anything you can share publicly? I’ve had mixed results. I’ve been exporting bindiff results, feeding it to Claude and give it a binary ninja MCP with pre and post patch binaries loaded. It’s good at identifying/tracing the patch, but I usually have to help dev the trigger

Building MCPs to leverage our n-day feed, interesting experience and some very promising results so far

Samstung Part 2 :: Remote Code Execution in MagicINFO 9 Server srcincite.io/blog/2026/01/2…

Samstung Part 1 :: Remote Code Execution in MagicINFO 9 Server srcincite.io/blog/2026/01/2…

Blog post: On the Coming Industrialisation of Exploit Generation with LLMs sean.heelan.io/2026/01/18/on-… TL;DR: I ran an experiment with GPT-5.2 and Opus 4.5 based agents to generate exploits for a zeroday QuickJS bug. They're pretty good at it. Code: github.com/SeanHeelan/ana…

I wrote about a file format for Unreal Engine 2 games which for the last 20 years has inadvertently hidden game assets from data miners... until now :) landaire.net/a-file-format-…

Man if I see someone drop a remote zero click for $1m I’m going to give up and become a farmer

What is old is new again! Regarding PPL and in general Protected Processes on Windows, may I suggest a talk that I gave on this topic over 2 years ago? youtu.be/-KWZqoJkg-I

Another post from the team :)

@D4mianWayne @gh0stbyt3 @HexRaysSA Cool, thx

@Void_Sec @gh0stbyt3 @HexRaysSA Thanks for asking! So, BinDiff works on disassembly and Diaphora integrates with IDA plugin. DiffRays instead uses pseudocode via headless IDA, with CLI+web for portable/collab use and gives clear visualization of the metrics and simplified navigation.

Teaming with @gh0stbyt3, we built DiffRays for headless IDA (@HexRaysSA) decompilation. It stores decompiled code in a SQLite DB and provides a Web UI for diffing between the stored functions. Built for vuln research. github.com/pwnfuzz/diffra… #pwnfuzz

@AlizTheHax0r STAB looks like an awesome project!

It’s pretty awesome tbh. Plus, STAB is a very “Aliz” project. Like, we’ve all got our strengths but this project suits mine down to the ground. I feel that “other people couldn’t have pulled this off” feeling. My colleagues are leet but this project is matched to my skills.

So watchTowr - my employer - sponsored the back page of phrack! I’m so excited about this, maybe more than I should be. Like, I’m not able to contribute an article but I am still (albeit small) helping hacker culture. It’s also validation that we (wt) are doing things right. Also

@HaifeiLi Currently it's a mess even when you report trivial bugs and full exploits, so... XD

@_Icewall Cool, thx! Nice research anyway :)

@Void_Sec I guess so, that's why I mentioned the timeline in the blog post . On pasted screenshots I only mention about mem leak primitive, but in general I wanted to signal that after 24H2 the exploit won't work.

Exploitation of Asus Armory Crate AsIO3.sys driver | authorization bypass + ObfDereferenceObject primitive to LPE - blog.talosintelligence.com/decrement-by-o…