bbbig

@POC_Crew @0x10n It was really amazing talk thank u

#POC2024 Seunghyun Lee(@0x10n) - WebAssembly Is All You Need: Exploiting Chrome and the V8 Sandbox 10+ times with WASM 🇰🇷

We’ve released Part II of our Windows Kernel Streaming series!

Thank you for listening to our presentation. If you have any questions, please DM(or email) me or @bbbig12.

Thrilled to learn our (@theori_io) CRS got first place in the AIxCC Semifinal competition. For the semifinal competition, we focused on implementing simple ideas in a robust way. I'm eager to implement our more ambitious ideas for the final event next year! @sa-blog/winning-the-aixcc-qualification-round-7263d1cde9c8" target="_blank" rel="nofollow noopener">medium.com/@sa-blog/winni…

🚨 New Linux Kernel vulnerability (CVE-2024-27394) discovered & patched by Theori! 🔗 blog.theori.io/deep-dive-into… Our researcher @v4bel at #Theori identified a critical #UAF vulnerability in TCP-AO caused by a race condition in the #RCU API. Using techniques from the ExpRace paper, we extended the race window to demonstrate its exploitability. Curious how we did it? Read our deep dive for the full details! #Theori #Cybersecurity #LinuxKernel #TCP #VulnerabilityResearch #CVE #TechBlog

See you at Paris!!

In a recent #APT simulation, #Theori uncovered 4 critical #RCE vulnerabilities in @cososys Endpoint Protector (EPP) that let us fully compromise the server & clients. Here’s a peek: 👾 CVE-2024–36072: Unauthenticated attackers can exploit a logging flaw to execute system commands with root privileges. 👾 CVE-2024–36073: With admin access, attackers can overwrite configurations and execute commands on client endpoints. 👾 CVE-2024–36074: Server access allows attackers to execute malicious files. 👾 CVE-2024–36075: Unauthenticated attackers can manipulate client configurations to potentially bypass security and achieve remote code execution. Could your server be #hacked the same way? Find out through our blog post! 👉 blog.theori.io/a-deep-dive-in…

Today, Angelboy (@scwuaptx) revealed his Kernel Streaming research! 🚀 Check out how he uncovered this overlooked attack surface, leading to pwning Windows 11 at #Pwn2Own Vancouver 2024: devco.re/blog/2024/08/2…  #WindowsKernel #MSRC

Our team member @v4bel and @_qwerty_po exploited kernelCTF lts with 0day vulnerability. It was really amazing work. They'll gonna share the detail soon.

Part 4 of our N-Day Exploit Series is LIVE! 🔥 ➡️ blog.theori.io/chaining-n-day… Unveiling CVE-2023-34044, an information leakage vulnerability in #VMware Workstation’s #VBluetooth device, found by our own @pr0ln! It’s a variant of CVE-2023-20870 demonstrated by @starlabs_sg in #Pwn2Own2023 Vancouver. Dive into the details. #Theori #티오리 #VulnerabilityResearch #ndayfullchainexploit

We posted our third writeup of N-day full chain series: Chaining N-days to Compromise All: Part 3 — Windows Driver LPE: Medium to System medium.com/theori-blog/ch…

We posted our second writeup of N-day full chain series: medium.com/theori-blog/ch…

@qwqbebe Our team likes to share things, so 'maybe' we could make it public. Before that, please look forward to the N-day chain blog series that will be posted soon. :)

@bbbig12 Are you planning on detailing it as a write-up later on?🥺🥺

We just pwned VMware and Windows11

@grigoritchy Wow

Getting root of Huawei p60 pro(103.1.0.132) with 1-day kernel vulnerability. Completely locked down, an unavailable of panic logs and can't find the firmware image matching to my device were really tricky managing to.

@0x10n Awesome work...!!

yay :) now back to praying for tomorrow's Edge+Chrome double-tap entry 🙏

Wow! The Theori was able to exploit VMware Workstation with an additional Windows Kernel LPE vulnerability in the Virtualization category. They went from guest OS to SYSTEM on the host OS. They're off to the disclosure calls with details. #Pwn2Own

We've started a blog series on N-day full chain exploits. The first part is about chrome renderer exploit, CVE-2023-3079. Check it now!👇👇 blog.theori.io/chaining-n-day… #Theori #티오리 #Blog #Research #Fermium252 #Chrome #VirtualMachine #CVE #Vulnerability

We are recruiting reversing guys. If you are interested in our team, plz mail to contact@guesser.team with your self introduction. We will review and mail back!! Thank you.

we won zer0pts CTF 2021 😃😃 The challenges are really insanely hard and creative. Thank you for team zer0pts :)