@inbarraz Luckily, while this bug looks scary, it's very unlikely to lead to exploitable conditions. I suggested low severity in my report
English
dinosaurlover38
31 posts
dinosaurlover38
@_dinolover38
0-day monkey | IBM X-Force Offensive Research (XOR)
Stuck in Vim Katılım Mayıs 2025
167 Takip Edilen748 Takipçiler
@_dinolover38 TBH, I would much rather the software vendors find their own bugs and fix them before releasing, than some security researcher reporting those after everyone's been breached.
English
OSS-Fuzz found this 18 yr old remote integer underflow in nginx. I found it too, but 2 weeks slower.
Google's CodeMender AI submitted the exact same fix as me.
Just look how similar our reports are.
Security research might just be cooked.
issues.oss-fuzz.com/issues/4865610…
English
I know the universe owes me nothing but it'd be really cool if I got some nginx 0-days for getting 2x more code coverage compared to OSS-fuzz just saying
English
@chompie1337 Imitation is the sincerest form of flattery!
English
THATS A WRAP ON DISTRICTCON YEAR 1! ☃️❤️🪩
We sincerely hope you had a great time - it wouldn’t be possible without our amazing team, our speakers, the villages, our sponsors, and most importantly YOU! We hope this brings you a sense of community. Stay warm, be good to each other, and we’ll see you again for Year 2!
English
Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices.
projectzero.google/2026/01/pixel-…
English
Experience the joy of race conditions in the comfort of your own home!
GIF
chompie@chompie1337
Watch XOR’s talk CUDA de Grâce: Owning AI Cloud Infrastructure with GPU exploits Kernel + driver bugs aren’t just a LPE problem, they’re a cloud problem. With the explosion of AI in the cloud, NVIDIA’s GPU drivers have become a valuable attack surface youtu.be/Lvz2_ZHj3lo
English
dinosaurlover38 retweetledi
Any Canadian friends with strong red team backgrounds looking for an AdvSim spot?
ibmglobal.avature.net/en_US/careers/…
English
You can also use this same idea to defeat CONFIG_SLAB_VIRTUAL, even if a kernel PTE has been assigned; the memory still has another VMA from the fixed phys/virt relationship
We did this in our exploit for CVE-2025-23282 (public soon🤞)
Seth Jenkins@__sethJenkins
We really should be talking about this more....KASLR is just not working properly on Android right now, and it hasn't for a long time. googleprojectzero.blogspot.com/2025/11/defeat…
English
dinosaurlover38 retweetledi
Last month, @d_tranman and I gave a talk @MCTTP_Con called "COM to the Darkside" focusing on COM/DCOM cross-session and fileless lateral movement tradecraft.
Check out the slides here: github.com/bohops/COM-to-…
Recording should be released soon.
English
dinosaurlover38 retweetledi
en 5 minutos, en vivo!! entrevista en español con yo @_dinolover38 youtube.com/live/RdihQH7uu…
YouTube
Español
dinosaurlover38 retweetledi
From kernel oops to kernel exploit: How two little bugs (CVE-2025-23330, CVE-2025-23280) in #NVIDIA open GPU #Linux driver can lead to full system compromise.
Full technical breakdown inside, #vmalloc exploitation technique included!
blog.quarkslab.com/nvidia_gpu_ker…
English
dinosaurlover38 retweetledi
tfw a tweetable PoC can take down yr cloud compute
dinosaurlover38@_dinolover38
CVE-2025-23282 is going to debut tomorrow at @hexacon_fr in our talk "CUDA de Grâce" w/ @chompie1337, but you can try CVE-2025-23332 now! Tweetable Python PoC: ``` import fcntl fcntl.ioctl(open('/dev/nvidiactl'),218,0) ```
English
CVE-2025-23282 is going to debut tomorrow at @hexacon_fr in our talk "CUDA de Grâce" w/ @chompie1337, but you can try CVE-2025-23332 now!
Tweetable Python PoC:
```
import fcntl
fcntl.ioctl(open('/dev/nvidiactl'),218,0)
```
NVIDIA PSIRT@NVIDIAPSIRT
NVIDIA has released a security bulletin for NVIDIA GPU Display Drivers. NVIDIA thanks Daniel Rhea, Sam Lovejoy, Valentina Palmiotti, Robin Bastide, JunDong Xie, Giovanni Di Santi, Andrea Di Dio, and Cristiano Giuffrida for reporting their findings. nvidia.com/en-us/security/
English
@halvarflake but pdfLaTeX/beamer wouldn't let me render the italian hands emoji to express my love for race conditions 🤌🤌🤌
English
I know Markdown is supposed to be simple, but I miss LaTeX functionality all the time, from TikZ to proper ToC management...
English
¡Rompiendo los drivers GPU en español!
Hasta pronto Buenos Aires
Ekoparty | Hacking everything@ekoparty
Charlas Main Track #EKO2025 🔥 📌 “Rompiendo la Jaula: Compromiso de la nube IA bajo fuego de GPU NVIDIA” dictada por @_dinolover38 y @chompie1337. 💡 El auge explosivo de la IA ha disparado la demanda mundial de GPUs. Para satisfacer esta demanda, los proveedores de nube han lanzado ofertas de Infraestructura como Servicio específicas para cargas de trabajo de inteligencia artificial y aprendizaje automático. Estas plataformas dependen de CUDA, la herramienta propietaria de NVIDIA para la aceleración de hardware en GPU, y también de sus controladores de GPU. Con más del 90% de cuota en el mercado de GPUs para centros de datos, prácticamente todas las cargas de IA/ML terminan ejecutándose sobre hardware NVIDIA. A medida que la IA se generaliza, el número de GPUs desplegadas se multiplica y con ello aumenta la confianza implícita en su pila de controladores. 🗣️ En esta charla, los investigadores del equipo X‑Force Offensive Research (XOR) de IBM revelan vulnerabilidades 0‑day en los controladores de GPU de NVIDIA y examinan sus consecuencias para el modelo de seguridad en la nube. Explican su metodología de descubrimiento, que incluye una campaña de fuzzing, y las técnicas de explotación capaces de sortear las mitigaciones modernas del kernel más resistentes. Con un solo bug se obtiene ejecución en modo kernel, lo que permite a un atacante escalar a root y romper el aislamiento multi-cliente dejando expuestos los modelos, los datos y las credenciales de todos los inquilinos que comparten la GPU. ✅ Esta charla será dictada en español. 📍 22, 23 y 24 de octubre en el CEC - Buenos Aires. 🎟️ ¡Comprá tu entrada ahora! >> entradas.ekoparty.org
Español
dinosaurlover38 retweetledi