🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Inspired by Seth Jenkins's cool research on the adsprpc driver in Android, I took a deep dive into the codebase and documented the internal workings of the Qualcomm DSP Kernel Driver (FastRPC implementation). Blog: streypaws.github.io/posts/DSP-Kern…

An interesting discovery from Kaspersky: a new AV killer is leveraging the legitimate ThrottleStop.sys driver to take down security processes. Attackers used this technique, known as BYOVD, to disable defenses before deploying MedusaLocker ransomware. securelist.com/av-killer-expl…

🇪🇺 DEATH OF PRIVACY: EU'S DICTATORSHIP CAN COME WITH A SUIT AND KIND WORDS By October 2025, your phone could become a state surveillance device, scanning every message, photo, email, and video before you send it. Encrypted apps? Irrelevant. Chat Control scans your content

just gave my Rektoff guest lecture on symbolic execution. open sourcing my MoveVM symbolic execution engine I wrote two years ago. good reference for understanding how symbolic execution (and move vm) works github.com/publicqi/pbctf…

I pushed updates to SCCMHunter as part of my Arsenal demo at #BHUSA today! New features include a relay module for TAKEOVER-5 and a community contribution to coerce client push from a *nix host for ELEVATE-2. github.com/garrettfoster1….

Free speech in Europe is disappearing. A controversial European Union proposal dubbed “Chat Control” is gaining momentum, with 19 out of 27 EU member states reportedly backing the measure. The plan would mandate that messaging platforms, including WhatsApp, Signal and Telegram,

During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs. github.com/olafhartong/Ba… Slides available here: github.com/olafhartong/Pr…

Our “Dark Corners: How a Failed Patch Left VMware ESXi VM Escapes Open for Two Years” slides are now available! This research was a collaborative effort with 0x140ce, Ezrak1e and myself. In this talk, we introduce the ESXi virtual machine escape and sandbox escape

A Full-Chain Exploit of an Unfused Qualcomm Device hhj4ck.github.io/qualcomm/2025/… #infosec #dfir #IoT

It's going to be a hot summer. 🔥 We’ve got two blog posts in the pipeline, one with a great primitive we’re excited to drop. Just waiting on MSRC approval + CVE assignment before publishing. Stay tuned...

If you want to know how this works, the PR github.com/Pennyw0rth/Net… mentions this blog post: blog.compass-security.com/2022/05/bloodh…

Booting into Breaches: Hunting Windows SecureBoot's Remote Attack Surfaces by Azure i.blackhat.com/BH-USA-25/Pres…

🚨 Part 2 of RCE on the Shenzhen Aitemi M300 Wi-Fi Repeater (model MT02) is live! 🔗 chocapikk.com/posts/2025/whe… Discovered 5 new CVEs, including the rock-solid CVE-2025-34152. Metasploit module PR ➡️ github.com/rapid7/metaspl…

Our latest post details how we exploited Retbleed (a CPU vulnerability) to compromise a machine from a sandboxed process and VM! Curious? 👇 bughunters.google.com/blog/624373010…

Speculative rop chain execution in guest-to-host attack 👀

It's tiiiiime

delano.lu/article/huawei…

Same stuff different week. I did an analysis on ampa.sys driver and write PoC exploiting the driver. You can find the analysis and PoC here, zeifan.my/Ampa-Driver-An…

blackhat.com/us-25/briefing… Our(k0shl zhiniang peng wei and me ) presentation is available now, hope you like it ;)

Exploiting All Google kernelCTF Instances And Debian 12 With A 0-Day For $82k Article by Crusaders of Rust about exploiting a UAF in the network packet scheduler. Researchers manipulated red-black trees to achieve a page-level UAF and escalate privileges. syst3mfailure.io/rbtree-family-…