> we are having the CTF, and while checking traffic, I noticed that one of the team's exploits is not GLES 3.1 or compute shader specific. I checked that it's a 0day. > I eventually reported the issue to ensure that it actually is taken care of,

There are about 5 tickets left for tonight so if you haven't got yours yet do so now as they won't be available on the door! ra.co/events/1715458

Hey Andy Rozenberg Patrick Wardle seems we're missing each other and seems like you're not getting our emails (Cc Vignesh Rao ). Check your DMs for confirmation! We're excited to be on this edition of #OBTS!

Night full of bangers by Shirobon Too bad couldn't hear Xilioh live but "there's only so much you can fit in a set"; maybe next time 😁. Shouts to cTrix for keeping the hard-core vibe after ❯ julie going 🤘

Our deepest condolences to the friends, family, and colleagues of Mr. Kevin Mitnick. dignitymemorial.com/obituaries/las…

Continuing with another browser vuln on the Exodus Intelligence blog, this time on Safari by my teammate Vignesh Rao

Sharing another V8 Sandbox design document more widely: docs.google.com/document/d/1CP… This one discusses how to protect code pointers - probably the most performance sensitive part touched by the sandbox - with (almost) no performance overhead.

Here is the writeup for CVE-2023-3389, a Use-After-Free on an hrtimer in io_uring, which I exploited for the kCTF VRP qyn.app/posts/CVE-2023…

Join us in London, England on Nov 14, 2023, for our highly anticipated Browser and Mobile Exploitation trainings! #exploitation #Training #Cybersecurity #London blog.exodusintel.com/2023/08/04/pub… blog.exodusintel.com/2023/08/04/pub…

Is your PC eligible?

Join n30m1nd and I as we talk about converting JavaScript NaNs into WebKit RCEs in about 2.5 hrs at #OBTS v6!

At #OBTS Javier (n30m1nd) and Vignesh (Vignesh Rao) from Exodus Intelligence fuzz'd and audited the cr.p out of the Webkit JavaScript engine JavaScriptCore - bugs bugs and moar bugs were found!

Finished a write-up of a vulnerability in the io_uring subsystem of the Linux Kernel. This one is interesting because it gives you an incredibly powerful primitive - a multipage-wide OOB read and write to physical memory. anatomic.rip/cve-2023-2598/

Si los hackers tuvieran una biblia, este sería su primer capítulo.

A V8 writeup of a recently patched vulnerability we found a few months back, affecting Maglev, and probably one of the last exploits to be "unaffected" by Ubercage on x86 :)

👑 As long as Javascript JIT is present, browsers will always be the supreme way to remotely pwn a device. Delve into the quirky world of JS engine vulnerabilities and exploits with n30m1nd ➡️ hexacon.fr/trainer/jimene… 📆 30/09-03/10 2024 📍Espace Vinci, Rue des Jeuneurs, Paris

Well, it really looks legit... 🙈

offensivecon was an absolute blast! It was amazing catching up, making new friends, and timeless memories. And thanks to Cellebrite my phone didn't run out of juice😅. Xray by a friend.

And the recording is now also public: youtu.be/5otAw81AHQ0?si… thanks offensivecon!

Today, my PC was nearly compromised. With just one click, I installed a malicious Visual Studio Code extension. Luckily, I was saved as my PC doesn't run on Windows. Hackers are getting smarter and aren't just targeting beginners. Here's how they do it and how you can protect your coins!