y198

@_sondt_ That just how the game goes, gotta accept the rules 😂

@y198_nt sad bro

Supposed to be my Pwn2Own entry this year, like everyone else, the queue was way too crowded. Turns out the hardest part wasn’t getting the exploit working...😭😭

@Zaddyzaddy The bug itself is unauth. The current exploit chain just uses an authenticated primitive to make the demo more reliable.

@y198_nt This look huge, unauth?

What Do Opus 4.6's 500 Zero-Days Mean for Us? atum.li/en/blog/opus-4…

If you are interested in grammar-based #fuzzing, you should have a look at #Grammarinator 26.1, which now comes with native #libFuzzer and #AFL++ integration, besides a bunch of other cool new stuff! Feedback and bug reports are welcome! Happy fuzzing! 🏖️ github.com/renatahodovan/…

A security-first MCP server empowering AI agents to orchestrate Ghidra, Radare2, and YARA for automated reverse engineering. github.com/sjkim1127/Reve…

Windows 11 24h-2 Kernel Exploitation eneio64.sys LPE PoC Task traversal is one of my favorite techniques. I hope everyone like it as me :) Reach the blog at the link below -> lnkd.in/dD6gKV3E #Windows #Kernel #Exploit #win11 #24h2 #kernelexploit #windowskernel

This is my debut hour-long talk on exploiting a heap-overflow in Llama.cpp RPC, when I was fifteen at ZeroCon. Enjoy:) research.pwno.io/llama-paradox

📦 Storage unlocked! Le Trong Phuc & Cao Ngoc Quy of Verichains Cyber Force just cracked the @Synology DS925+ at #Pwn2Own. A brief DNS issues delayed them, but they couldn't be stopped. They're off to the disclosure room to explain what they did. #P2OIreland

Good Morning! Just published a blog post diving into Windows Kernel LFH exploitation in the latest Windows 24h2 build, Focusing on controlled allocations to achieve arbitrary read/write in the kernel. r0keb.github.io/posts/Modern-(…

The slides for my OffensiveCon talk "Finding and Exploiting 20-year-old bugs in Web Browsers" docs.google.com/presentation/d…

Field echo detected! @alisaesage's "Fuzzing from First Principles" lecture dropped the seed – now it shapes reasoning and operations. That’s how structural insight moves. Full blog: 1day.dev/notes/Not-All-…

Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages googleprojectzero.blogspot.com/2025/05/breaki…

so far so gooooodddd 👀

We are back😎 Say hello to our kernelCTF submission for CVE-2025-37752🩸 Who would have thought you could pwn a kernel with just a 0x0000 written 262636 bytes out of bounds? Read the full writeup at: syst3mfailure.io/two-bytes-of-m… 👀

Gave a talk on external fuzzing of Linux kernel USB drivers with syzkaller at SAFACon by @SAFATeamGmbH. Includes a demonstration of how to rediscover CVE-2024-53104, an out-of-bounds bug in the USB Video Class driver. Slides: docs.google.com/presentation/d…

🪲 New RCA up for CVE-2021-4102 by @btiszka! It's a wild one in Chrome's Turbofan #itw0days googleprojectzero.github.io/0days-in-the-w…

My writeup for CVE-2024-7971. Just a POC. Let me know if u have any questions. github.com/mistymntncop/C…

I shared an example earlier for fuzzing libxslt with Jackalope's grammar mutator. But Firefox has its own XSLT implementation, how do we fuzz browser code? The following .patch demonstrates how to do that. It is the setup that resulted in CVE-2025-1932. github.com/googleprojectz…

Part 2 of the Fuzzilli IR series explores Opcodes.swift, Operation.swift, Program.swift, and Variable.swift. With the groundwork complete, the next post dives into the core of the IR engine. rpc.kr/posts/fuzzilli…