huyna
297 posts
Here we are, now we are the Champions 🤩🤩🤩
TrendAI Zero Day Initiative@thezdi
That's a wrap on #Pwn2Own Toronto 2023! We awarded $1,038,250 for 58 unique 0-days during the event. Congratulations to Team Viettel (@vcslab) for winning Master of Pwn with $180K and 30 points. We'll see you at Pwn2Own Automotive in Tokyo next January.
English
Success! Binary Factory was able to execute their stack-based buffer overflow attack against the Synology BC500. They earn $30,000 and 3 Master of Pwn points. #Pwn2Own
English
huyna retweetledi
@rskvp93, @huyna89, @hoangnx99, @_q5ca, @ngcaobaolong from Team Viettel (@vcslab) celebrates their successful SOHO SMASHUP pwn at #P2OToronto with a little 🍾🍾 !! #Pwn2Own
English
huyna retweetledi
[iOS 15.1 Update]: Use-After-Free in Voice Control: CVE-2021-30902 Write-up via @ZecOps Blog blog.zecops.com/research/use-a…
English
huyna retweetledi
This week we are starting an experiment that enables V8's Virtual Memory Cage in Chrome on Desktop (currently only on Dev + Canary channels, then Beta and finally Stable). Here is how that'll work:
English
huyna retweetledi
Finally, here is the blog for the prototype pollution research we did.
"A tale of making internet pollution free"
- Exploiting Client-Side Prototype Pollution in the wild
pwn.af/research/pp
English
huyna retweetledi
So far we have disclosed 25 bugs as a part of Android Partner Vulnerability Initiative!
bugs.chromium.org/p/apvi/issues/…
English
huyna retweetledi
Ever wondered how people find browser sandbox escapes? Wonder no more, because this blog post explains how to find, debug and invoke IPC messages.
From JavaScript.
Using @FirefoxDevTools.
blog.mozilla.org/attack-and-def…
English
huyna retweetledi
huyna retweetledi
We have enabled Warp, a significant update to SpiderMonkey, by default in @Firefox 83. 🕸️
SpiderMonkey is the JavaScript engine used in the Firefox web browser. 🌐
@jandemooij explains how Warp works and how it made SpiderMonkey faster. hacks.mozilla.org/2020/11/warp-i…
English
