j00sean

The largest update since long brought some interesting bugs which nobody talks about. Let me give few details about one: CVE-2025-21365. + Microsoft Office RCE vuln. + Word, PowerPoint and Outlook. + Logic bug. + Built-in process cont. + Built-in PV bypass. All in one. 😋😆🙃

I found 2 UAF bugs in libxslt with Jackalope, let's find more together! The harness is now included in examples (link below). This also serves as a demo for two not very commonly used modes in Jackalope: grammar mutational fuzzing and sanitizer coverage. github.com/googleprojectz…

VR is like being a detective but you have to find the crime scene

We at @dfsec_com are looking for a web security researcher with a strong research background in ruby or perl based services. Feel free to DM me for more info :)

OGHarn mutationally generates harnesses and uses 3 oracles of behavior to determine both their utility and validity, leading to the discovery of 41 new bugs(with zero false-positive crashes)! Paper: futures.cs.utah.edu/papers/25ICSE-… Source: github.com/FuturesLab/OGH… Happy Fuzzing! 🐛

Welcome to @chudyPB in his debut watchTowr Labs post since joining the phorce in January (of many to come..)! In today's post, we dive into Kentico's Xperience CMS - highlighting multiple Authentication Bypass vulns chained with a post-auth RCE... labs.watchtowr.com/bypassing-auth…

@alexjplaskett @_mccaulay @1ns0mn1h4ck Just awesome 😎👏🔥

Just published the slides from @_mccaulay and my talk at @1ns0mn1h4ck on Pioneer IVI hacking. We got a pretty interesting spyware demo too where we extract a bunch of data from the compromised IVI! nccgroup.com/uk/research-bl… vimeo.com/1062015713

@ShravanMeghavat I can't give further details, but it's actually simpler. If you got it working like this, congrats ;)

@j00sean I reproduced by placing malicious dll inside docx file and ziped. When I unzipped the dll is not extracted to temp directory there by not executing dll from temp folder. Is this right approach.

The largest update since long brought some interesting bugs which nobody talks about. Let me give few details about one: CVE-2025-21365. + Microsoft Office RCE vuln. + Word, PowerPoint and Outlook. + Logic bug. + Built-in process cont. + Built-in PV bypass. All in one. 😋😆🙃

"This is decades-old code. On a first glance, it seems strange that it took so long to find such a trivial bug with fuzz testing..." "This is really the same issue as CVE-2017-9047, just in a different function." - Back to 2017😅 gitlab.gnome.org/GNOME/libxml2/…

Bug reports and pocs: gitlab.gnome.org/GNOME/libxslt/… gitlab.gnome.org/GNOME/libxslt/…

🔥 The "impossible" XXE in PHP? Not so impossible anymore. Our researcher Aleksandr Zhurnakov discovered an interesting combination of PHP wrappers and a feature of XML parsing in libxml2 to exploit it. Read: swarm.ptsecurity.com/impossible-xxe…

Today, Microsoft has patched five additional Office bugs I discovered and reported recently, following the two Office bugs patched last month. msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v… Four out of the five are bugs discovered through a novel attack vector in Microsoft Office. Besides the bugs themselves, this attack vector could potentially aid real-world exploitation of Office bugs. As I have repeatedly emphasized, the importance of discovering novel attack vectors cannot be overstated (personally, I’d prefer to call myself an attack vector explorer rather than just a bug hunter). Hopefully I will get time to talk about the details sometime soon! If you're a defender or just a regular Office user, I recommend using the 64-bit version of Office instead of the 32-bit one, as the 64-bit version makes real-world exploitation much difficult. Timely patching, of course, is also important. P.S.: If you’d like to "fund" such novel attack vector research in complex software, I’m #opentowork. :) #office #patchtuesday

El remix #loDeLaLiga con BSO #laLigaGate #laLigaLaLia #domainHunterLaLigaEdition @jaumepons @patowc @Sergio_deLuz y toda la cía.

Hey there, Finally published the article on the exploit for CVE-2025-21333-POC exploit. Here the link to the article: @ale18109800/cve-2025-21333-windows-heap-based-buffer-overflow-analysis-d1b597ae4bae" target="_blank" rel="nofollow noopener">medium.com/@ale18109800/c…

@HaifeiLi @EXPMON_ Ykr. "Pro Tip: When investigating fuzz results know not all crashes are exploitable. Some apps intentionally crash when a bad input is detected." - Jan 10, 2017. "They (Microsoft Office) intentionally crash." - Mar 15, 2022. 😉😅🤷🤦

If you need a real-world Office sample triggering that weird 0xc0000409 crash, my @EXPMON_ system just detected one online: pub.expmon.com/analysis/24784… When an Office app tell you "stack buffer overrun", even with "FAST_FAIL_LEGACY_GS_VIOLATION", it doesn't really mean that, it's still non-exploitable. Sure I'd love if Microsoft's Office team change that one day, but now I just don't want to be played anymore.:)

I ran probably the largest office fuzzing program in the world at one point We had 128 IBM blade systems fuzzing concurrently + office UI analysis @ 25k fuzzing attempts a minute, with crash analysis + crash confirmation + rewind + automated variation + user interaction simulation and code coverage analysis on code I wrote in .NET. we actually used rabbitmq to handle the queue system as well. We found so many crashes that we hired a 3rd party company to analyze. After the crashes continued we straight bought the 3rd party company because it was cheaper than hiring them long term. It was a wild time. Warms my heart to know you're doing cool stuff still with office

I fell into this trap very early into my career. I was told by more experienced ppl that browsers and mobile targets were always too difficult for me. However, after doing mobile research for the past few years I'm starting to see that I limited my own growth cause of others 🤡

Fun facts about this Firefox bug: (1) According to Mozilla, it got introduced in 2003, it predates Firefox 1.0! (2) Although it's a UaF, it doesn't rely on any JS callback, the entire PoC is a single function. (3) It was a purely manual find and just a fun bug to PoC.

Here it is, introducing the Xbox 360 Bad Update exploit, a software only hypervisor exploit for dashboard version 17559: github.com/grimdoomer/Xbo…