Ben

Can't win them all I guess :(

@evilsocket @IamAlch3mist I wonder if a CVE will be assigned for this

Pwn2Own 2026 Capacity Overflow, Hackers Drop 0-Days Solo awesomeagents.ai/news/pwn2own-b…

Security researchers become trapped into an identity that they can’t escape, life seems purposeless, reality shifts and they realize they can’t bend like a tree in the wind. It turns out that intelligence isn’t the key to happiness. For those that know. Chop wood, carry water.

@halvarflake LLMs are fantastic at finding useless bugs

And I mean, one of my personality flaws is that I absolutely *love* shitty bugs, but each one of these bugs has remained there for a reason - people looked at it, decided it's too painful or impossible to use, and moved on.

I am doing this LLM vuln discovery wrong I fear. I have found a few genuine memory corruptions reachable from the network in software I care about, but so far one is a multi-free with no allocation in-between on modern glibc, and the other is overwriting a function pointer ...

📣New Android Vulnerability Researcher vacancy. Open to mid-level, senior and principal researchers. interruptlabs.teamtailor.com/jobs/7668923-a…

@POC_Crew @munmap Glad to hear 😄🙌🏻

@XploitBengineer @munmap LOVED IT!😎

Had a blast in Seoul with @munmap speaking at Zer0Con Huge thanks to @POC_Crew and the other attendees for being so welcoming. Definitely a great event for my first speaking gig

@0vercl0k Cheers mate :)

@XploitBengineer grats dood!

@0x_shaq @munmap @POC_Crew Thank you!

@XploitBengineer @munmap @POC_Crew congrats on your first talk! :)

@0x_shaq Or, hear me out here. Project Xoero. Pronounced Project Zero

Final offer: It’ll be Project XORO, pronounced as “Project Zoro”

@ScottyBauer1 @0x_shaq What is you current go to?

@0x_shaq x.com/ScottyBauer1/s… This was the exact driver that caused ^ that tweet. Glad real solutions were developed other than my whiteboard.

nobody: android drivers handling the smallest task:

🤖Georgi G(@munmap) & Ben R(@XploitBengineer) - Promp2Pwn – LLMs Winning at Pwn2Own

@boredpentester I have not had much success at all with LLMs for kernel exploitation either. I'm not sure what we're doing wrong 😬

VuLneRbiLitY reSeaRcH iS cOoKed

@iBSparkes Unfortunately it's going the opposite way. Samsung has preemptively rolled out locked bootloaders globally as of ~August 2025 - apparently due to the new "Radio Equipment Directive"

I think — genuinely — the only hope for jailbreaking at the point is if the EU forces manufacturers to have unlocked bootloaders. It is deeply fucked up to me that you can buy a $1000 computer and are not allowed to install your own software on it.

@pkqzy888 @0xocdsec Was this a userspace or kernel LPE?

Professors have approximately zero free time. And yet. 👀 Turns out LLMs as super assistants make exploit dev manageable and fun again. Pixel 10 root exploit (LPE) with an N-day. No public exploits exist for this thing. Maybe I should teach a course on this. #LLM #ExploitDev

Long overdue episode with the iOS avengers @s1guza @littlelailo @iBSparkes @jonpalmisc @hdemoff_ open.spotify.com/episode/7IyjVv…

We'll be in Seoul talking about AI and Samsung 1-clicks :)

🎥 How does rev.ng detect jump table? In this presentation Ale explains how the rev.ng decompiler detects jump tables and, more in general, how it devirtualizes indirect jumps.

After weeks of reverse engineering MediaTek's DA2 with @shomykohai, we finally figured out how the V6 exploit works. We decided to call it heapb8 ("heapbait")! Technical writeup: blog.r0rt1z2.com/posts/exploiti… PoC: github.com/shomykohai/pen…

@SinSinology @InterruptLabs It's a mystery, for sure. Looks like you had a great time in Japan btw, solid work 💪🏻

@XploitBengineer @InterruptLabs you're right! that looks like mitm to me too! i'm wrong in that case, now i got no idea when it is and when its not allowed

Latest from our Labs - @XploitBengineer looks at how NAS vendors get TLS wrong, and why this matters. interruptlabs.co.uk/articles/when-…