🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

DawnSecurityLab is giving its talk, “Mystique in the House: The Droid Vulnerability Chain That Owns All Your Userspace” #POC2021

Our recent research writeup on Parallels Desktop which found real exploit bugs and fixed in newest version: dawnslab.jd.com/pd-exploit-blo… English version: dawnslab.jd.com/pd-exploit-blo…

Glad we ranked 6th in Samsung Mobile Security's 2021 yearly Hall Of Fame

Our new blog post: To be a bug hunter with Binary Ninja in IoT dawnslab.jd.com/binaryninja1-e… Chinese version: dawnslab.jd.com/binaryninja1-z…

The details of this chain are finally published in our CanSecWest talk and our blog, check it out at dawnslab.jd.com/mystique-paper… . Slide: dawnslab.jd.com/mystique-paper… Whitepaper: dawnslab.jd.com/mystique-paper…

New blog post on our recent discovered vulnerability: Linux kernel io_uring module privilege escalation exploit dawnslab.jd.com/linux-5.19-rc2…

The first nomination for Best Priv Esc: DawnSecurityLab for “Mystique in the House: The Droid Vulnerability Chain That Owns All Your Userspace” Where an overly-permissive SELinux policy in Android to bypass OS level permissions and break out of the sandbox!

Highlights of the 2022 Pwnie Awards: bit.ly/3xvMeM2 Pwnie Awards

GEEKCON 2024 International is just one month away! We're thrilled to unveil the official schedule and topics! Dive deep into over 30 technical programs, join 40+ white-hat hacker teams, and mark your calendars for May 25th & 26th in Singapore! 👏Huge thanks to our ommitte,

We will be at Las Vegas this year to deliver our talks by Zhongquan Li flanker017 TheDog at Black Hat, see ya

#BHUSA Black Hat My Black Hat USA 2024 presentation is finished. Thank you all for coming. In my presentation, I disclosed some methods to achieve SBX and LPE. Many of them require launching an app, so in an attack scenario, the user may notice an app icon briefly

Finished our talk at Black Hat with Zhongquan Li. Will be hanging around today and tmw at DEF CON and 0x0G. Chats and meetup are always welcomed.

hzshang 𝐒𝐡𝐚𝐧𝐠 𝐇𝐨𝐧𝐠𝐳𝐞, will be presenting his paper "𝐒𝐢𝐦𝐩𝐥𝐞 𝐢𝐬 𝐁𝐞𝐬𝐭: 𝐓𝐡𝐞 𝐣𝐨𝐮𝐫𝐧𝐞𝐲 𝐨𝐟 𝐭𝐚𝐤𝐢𝐧𝐠 𝐨𝐯𝐞𝐫 𝐦𝐨𝐛𝐢𝐥𝐞 𝐬𝐲𝐬𝐭𝐞𝐦 𝐮𝐬𝐢𝐧𝐠 𝐚 𝐆𝐏𝐔 𝐥𝐨𝐠𝐢𝐜𝐚𝐥 𝐛𝐮𝐠 at #OBO2025! offbyone.sg/conference/sha…… offbyone.sg/register

Years later it's thrilled to back to Vancouver and speak again at CanSecWest. Brought to mind the good old days of playing Pwn2Own.

Shang Hongze (hzshang) is a senior security researcher at DawnSecurityLab. Hongze presents his research on Android GPU components over the past year, a vulnerability he has found, how he achieved local privilege escalation... and more! More info: linkedin.com/posts/off-by-o…

Punching 🥊 presentation from hzshang , 𝐒𝐢𝐦𝐩𝐥𝐞 𝐢𝐬 𝐁𝐞𝐬𝐭: 𝐓𝐡𝐞 𝐣𝐨𝐮𝐫𝐧𝐞𝐲 𝐨𝐟 𝐭𝐚𝐤𝐢𝐧𝐠 𝐨𝐯𝐞𝐫 𝐦𝐨𝐛𝐢𝐥𝐞 𝐬𝐲𝐬𝐭𝐞𝐦 𝐮𝐬𝐢𝐧𝐠 𝐚 𝐆𝐏𝐔 𝐥𝐨𝐠𝐢𝐜𝐚𝐥 𝐛𝐮𝐠. We 🩷 it at Off-By-One Conference 2025!

New post: dawnslab.jd.com/%E4%B9%8B%E6%A… writeup for CVE-2025-22056, which we also found but collide with other researchers. A nice bug that can be stably exploited to get kernel privilege on Ubuntu.

How do you pwn billions of devices with one shot? cnwatcher reveals a stealthy Android exploit that hijacks keystore keys, bypasses perms, and opens the door to root. Get know more on #PHTalks Jakarta: phtalks.ptsecurity.com/jakarta