New blog on the background and methodology of some research I did into escaping Windows Server containers, why the bugs were eventually fixed, and why you still shouldn't use them :-) googleprojectzero.blogspot.com/2021/04/who-co…

Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate and speed up some tedious Windows Kernel Drivers reverse engineering tasks. voidsec.com/driver-buddy-r…

Success! In the 2nd demonstration of the contest, Bien 🇻🇳 from Team Orca of Sea Security (security.sea.com) was able to get a root shell on the WAN interface of the Cisco RV340 router. He's off to the disclosure call to verify the details. #Pwn2Own Austin #P2OAustin

Another confirmation! trichimtrich used an OOB Read to get a root shell via the LAN interface of the #TP-Link AC1750 Smart Wi-Fi router. That earns him $5,000 and 1 Master of Pwn point. #Pwn2Own #P2OAustin

Confirmed! Bien 🇻🇳 from Team Orca of Sea Security used a three-bug chain, including an auth bypass and a command injection, to take over the LAN interface of the Cisco RV340. He earns $15,000 and 2 Master of Pwn points. His contest total so far is #45,000. #Pwn2Own #P2OAustin

Confirmed! Bien 🇻🇳's last attempt of day 1 was successful. He used a single OOB Read bug to take over the TP-Link AC1750 via the LAN interface. This unique bug chain earns him another $5,000 and 1 Master of Pwn point. #Pwn2Own #P2OAustin

#Pwn2Own After Dark is underway with trichimtrich targeting the LAN interface of the NETGEAR R6700v3. The first attempt was successful, and the team now moves to the disclosure room for verification.

Confirmed! trichmitrich used nearly all the time on the clock, but his command injection bug is unique. His takeover of the Cisco RV340 via the WAN interface earns him $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OAustin

Here are the final Master of Pwn standings. Congrats to Synacktiv on claiming the title. It was a close race, but they pull through.

Our idapcode plugin was released today! That's a very useful tool to lift IDA assembly code to Ghidra P-Code. /cc Hex-Rays SA Ilfak Guilfanov github.com/binarly-io/ida…

#OffensiveCon23 recordings are now live! Hope you enjoy :) youtube.com/playlist?list=…

Our teammate Toan Pham has just pwned V8 JavaScript engine on Google's V8CTF version M120 using a 0-day exploit.

Additionally, last year our teammate Bien 🇻🇳 also pwned Linux kernel on kernelCTF with a 0-day, that has been fixed and assigned CVE-2023-4244. So far, we have successfully pwned 2/3 liveCTF hosted by Google. We are going to aim for kvmCTF in the future.

Well done on some awesome research n30m1nd Vignesh Rao !! Keep tackling those hard targets! blog.exodusintel.com/2024/01/19/goo… #chrome #Exploit #vulnerabilityresearch

hey #googlectf folks please give us a v8 sbx challenge so we can make our recent submitted 0day useful one last time

We reported a total of 51 bugs (low to critical impact) for IoT devices used by Singapore Smart City and Smart Building. event.ntu.edu.sg/SPIRITCYBER-24

A brief JavascriptCore RCE story by Lan Vu and An Nguyễn qriousec.github.io/post/jsc-unini…

Theses findings found by our AI Agent. Probably some writeup when more complex issue got destricted. github.com/qriousec/web3_…

Check out our newest blog about how we took advantage of a WebGPU feature to turn an integer underflow bug into an arbitrary read in Chrome’s WebGPU. This bug was fixed by Google long ago, but our ticket is still restricted. qriousec.github.io/post/oob-angle/ by Lan Vu + Toan Pham