Divyanshu

The C code below compiles and prints "hello, world".

BREAKING NEWS The Royal Swedish Academy of Sciences has decided to award the 2025 #NobelPrize in Physics to John Clarke, Michel H. Devoret and John M. Martinis “for the discovery of macroscopic quantum mechanical tunnelling and energy quantisation in an electric circuit.”

I love stories like these. Nothing is impossible if you want to win badly ❤️❤️. Inspiring ✨

@xvonfers Good luck ! 🙌 The *INT also seems interesting. Maybe keep posting some about those in future as well. I would love to read it

Dear readers, I wanted to say that I am slowly leaving vr/xd for SIGINT/COMINT/ELINT/UAV

Whoah... $250000 (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%) issues.chromium.org/issues/4125787… #comment11" target="_blank" rel="nofollow noopener">issues.chromium.org/issues/4125787…

@xvonfers @NearBeteigeuze Thanks for sharing 🙌

@_seg_fault__ Just so that everyone was, I haven't met... There is a compilation from Liam(@NearBeteigeuze): github.com/two-heart/v8-d… And so, I usually come across either chromium issues: issues.chromium.org/issues v8-dev: groups.google.com/g/v8-dev v8 commits: chromium.googlesource.com/v8/v8/+log/ref…

[design doc] Generalizing V8's heap interface docs.google.com/document/d/1qV… Handles & Local Heaps docs.google.com/document/d/17y…

@xvonfers In context of v8 docs!

@xvonfers Is there a way to identify all such public Google docs rather than encountering them by chance?

woah... (CVE-2025-3619)[Critical][media][409619251]Heap-BoF in Codecs(when the size of data to be copied ('copy_size') exceeded the allocated 'buffer_size') chromium-review.googlesource.com/c/chromium/src… chromereleases.googleblog.com/2025/04/stable… Reported by Elias Hohl on 2025-04-09

Leak hole PoC for Chrome in-the-wild vulnerability CVE-2025-6554 published yesterday: github.com/DarkNavySecuri…

When life gives you tangerines🍊 Intern Lin Ze Wei's task: Port a 2-bug exploit to Pixel 6 Pro Problem: One bug "doesn't work" Solution: Make it work with 1 bug Sometimes the best research comes from working with what you think you have starlabs.sg/blog/2025/06-s…

Personal Update: Moved to Spain for Vulnerability Research. Hopefully better bugs and more beautiful exploits this year :)🤞🤞

Compromised renderer can control your mouse and escape sbx (reward: $50000) crbug.com/370856871

Amazing... He is a real hacker. cylab.cmu.edu/news/2025/01/0…

I have posted the slides for the talk @chompie1337 and I gave this past weekend at @h2hconference -> The Kernel Hacker’s Guide to the Galaxy: Automating Exploit Engineering Workflows #H2HC github.com/FuzzySecurity/…

@TinySecEx Hmm interesting. I didn't find any xref to that api in dwmcore. Maybe some other dll. Thanks for this anyways!

@gh0st_R1d3r_0x9 I'm thik there's no need to be able to execute code in dwm, just that some dwm composition request can control the parameters of NtDCompositionDuplicateHandleToProcess, that's enough.

@TinySecEx I get that but the function NtDCompositionDuplicateHandleToProcess has a check around if the process calling it is dwm or not. If not it bails out and the arbitrary kernel write won't work. So the attack surface for this bug is when we already have code execution in dwm right?

@gh0st_R1d3r_0x9 dwm is very special, it is responsible for window composite. Many functions of dwmcore are forwarded to the dwm process.

@udunadan But having a relaxed mindset while hunting is very difficult unless I'm rich and have a do not care attitude about me finding bugs. How do you develop this attitude?

When your livelihood depends on your research effort being of world quality, it is natural to get anxious about it, to get tense, demand the best from yourself. But like with many other things, the best effort sometimes comes out of relaxed, almost playful state and composure.

@f00fc7c800 I don't think windows or any OS for that matter was an eligible target for this yrs pwn2own

So am nobody hacks windows this year at pwn2own ?