ZeusBox

Jit-Picking: Differential Fuzzing of JavaScript Engines (ACM CCS'22) publications.cispa.saarland/3773/1/2022-CC…

@ashtoncirillo Soon the collective west will have to deal with big waves of Ukrainian refugees. Winter is coming. The energy situation is not rosy. If Ukraine wouldn't have violated the international law this wouldn't have happened. They can anytime capitulate and end this mess now.

Holy shit. Russia hit Kharkiv's power grid. The entire city is out of power.

Understanding the Compound File Binary Format and OLE Structures to Mess with CVE-2022-30190 cymulate.com/blog/cve-2022-…

💥 And another new RCA up today: CVE-2022-2294, the itw 0-day in WebRTC that targeted Chrome! Authored by @natashenka googleprojectzero.github.io/0days-in-the-w…

Bochs its now in github github.com/bochs-emu/Bochs we will be glad to see your contribution, Looking for new devs :D

Our intern @_qwerty_po was destined to analyze a recent Linux kernel LPE vuln (CVE-2022-32250), a bug found and reported by @FidgetingBits. Here's a brief write-up on the analysis of the bug and the exploit development. Check it out! blog.theori.io/research/CVE-2… (exploit included)

Backdoors in the system partition of budget Android device models target arbitrary code execution in the WhatsApp and WhatsApp Business messaging apps. Devices are counterfeit versions of famous brand-name models news.drweb.com/show/?i=14542&…

New blog post released! Windows Segment Heap: Attacking the VS Allocator by @_vepe labs.bluefrostsecurity.de/blog.html/2022…

We @KunlunLab will share the vulnerability and exploitation I used in the TianfuCup2021 for escaping Adobe Reader sandbox on #BCS2022, this vulnerability existed in Named Pipe File System for nearly 10 years since AppContainer was born. We called it "Windows Dirty Pipe".(1/2)

Android Universal Root: Exploiting Mobile GPU / Command Queue Drivers #MobileSecurity #AndroidSecurity #BlackHatUsa2022 [SLIDES] by @1ce0ear @ExploitDr0id @jon_bottarini i.blackhat.com/USA-22/Wednesd…

CVE-2022-29582, an io_uring vulnerability A detailed and well-written article by @Awarau1 and @pqlqpql about exploiting a slab use-after-free vulnerability in the io_uring subsystem. ruia-ruia.github.io/2022/08/05/CVE…

Detailed analysis of an Android in-the-wild 0-day exploit developed by surveillance vendor Wintego by Xingyu Jin from Android Security Research team: googleprojectzero.blogspot.com/2022/08/the-qu…

@bitfield It's like chess. Most people can think only a few moves ahead. The bright ones can see the whole game. If you need to hire such a person, leetcode is definitely useful.

LeetCode is a useless interviewing tool. Very few of our jobs are actually about finding an efficient algorithmic solution on the spot, with no support, and real life generally requires days of work on a design. Why are we using riddles to hire developers? fev.al/posts/leet-cod…

Kudos to Microsoft for this move to share more symbols 👏🏽 msrc-blog.microsoft.com/2022/08/08/mic…

@ejmalrai , not to mention a direction confrontation with the enemies. Look at the Kaliningrad blockade: they acted and then they backed up. The same with Kosovo, and the same will happen with Taiwan. They are thus acting only in the realm of tragic comedy.

The #US is opening fire on two superpower countries simultaneously: #Russia and #China. This is a strong indication that the US unilateral hegemony is heading towards the end, but we must acknowledge that Washington is the best contributor to its own decline.

@realadamqureshi @China2ASEAN The americans have announced their intention to grossly violate the international law. China can do whatever is necessary to protect it's sovereignty and territorial integrity.

According to Hainan Maritime Safety Administration, #China will hold MILITARY EXERCISES in the #SouthChinaSea from August 2-6. Entry will be prohibited.

@NinjaParanoid I believe the guard pages are there to prevent you from reading/parsing the EAT. One can bypass that by walking backwards in memory and looking at page boundaries for the PE header of the main exe/dll. Inspect IAT recursively and use HellsGate to grab syscall id's dynamically.

@mmolgtm Some of those with locked bootloaders will build you a statue for this.

This might be the best bug I found. Never thought I'd be writing a kernel exploit as reliable, clean and fast as a browser exploit. For a while I actually used this to root my research phone when can't be bothered to patch the rom: github.blog/2022-07-27-cor…

💥💥Sign extension of bit fields => DANGEROUS. When comparing signed stuff of different sizes sign extension happens. Since "a" has 1 as the most significant bit, it will be sign extended to -1. For unsigned stuff zero extension happens and we don't have this issue.

In this post "Corrupting memory without memory corruption" @mmolgtm is showing how a powerful kernel bug, CVE-2022-20186, can be used to root a Pixel 6 from a malicious app github.blog/2022-07-27-cor…