Off By One Security

Join me this Friday at 11AM PT on the next @offby1security stream with @thezedwards for a session on "Tracking AI-Scaled Global Financial Fraud Threat Actors!" youtube.com/watch?v=Yk-Nzd…

Join us this Friday at 11AM with @wunderwuzzi23 for the next @offby1security stream on "Hacking AI Agents: Lessons Learned Breaking AI Systems!" youtube.com/watch?v=-KeTHA…

I am excited to release the seventh article in the Exploiting Reversing Series (ERS). Titled “Exploitation Techniques | CVE-2024-30085 (part 01)” this 119-page technical guide offers a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/03/04/exp… Key features of this edition: [+] Dual Exploit Strategies: Two distinct exploit versions using Token Stealing and I/O Ring techniques. [+] Exploit ALPC + PreviousMode Flip + Token Stealing: elevation of privilege of a regular user to SYSTEM. [+] Exploit ALPC + Pipes + I/O Ring: elevation of privilege of a regular user to SYSTEM. [+] Solid Reliability: Two complete working and stable exploits, including an improved cleanup stage. [+] Optimized Exploit Logic: Significant refinements to the codebase and technical execution for better stability and predictability. The article guides you through the two distinct techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow vulnerability. I would like to thank Ilfak Guilfanov (@ilfak on X) and Hex-Rays SA (@HexRaysSA on X) for their constant and uninterrupted support, which has helped me write these articles over time. I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback! Enjoy your reading and have an excellent day.

You can get Off By One Security hoodies and t-shirts here: off-by-one.square.site For shirts we have size Small all the way up to 5XL.

Tomorrow at 11AM PT! Join me with @GrahamHelton3 for a session & live demo of a Kubernetes authentication bypass he recently disclosed that turns a commonly granted read-only permission into remote code execution in any pod in the cluster! youtube.com/watch?v=jTbANt… @offby1security

Join us next Friday, 13-February at 11AM for the next @offby1security stream with the great Connor McGarr (@33y0re) where we'll take a look inside Windows Virtual Secure Mode (VSM), secure calls, VTL transitions, and the secure kernel! youtube.com/watch?v=zvmkTz…

1/ Agentic LLMs can automate vuln detection. Very exciting, but doesn't address the hardest part (imo) of vuln research: prioritization. Can we reliably explore the search space and separate signal from noise? I wrote a paper (and OSS tool) to solve this. arxiv.org/pdf/2512.06155

Join us next Friday, 13-February at 11AM for the next @offby1security stream with the great Connor McGarr (@33y0re) where we'll take a look inside Windows Virtual Secure Mode (VSM), secure calls, VTL transitions, and the secure kernel! youtube.com/watch?v=zvmkTz…