🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

echo "hello, darkness" #GitHubUniverse #Keynote githubuniverse.com

Frida 14.2 is out! 🎉 The biggest new feature is attach(pid, realm='emulated') / --realm to run code inside the emulated realm of a given process. Currently this means NativeBridge on Android (32- and 64-bit), but Rosetta on macOS is probably next. Release notes coming soon 🙌

IDA PRO 7.5 KEYGEN bbs.pediy.com/thread-264785.…

See No Eval: Runtime Dynamic Code Execution in Objective-C blog.chichou.me/2021/01/16/see… It reveals more detail that I didn't have time to cover in my previous talk slides

It's been a long time coming: we’re very excited to announce that virtual iOS-based devices are now available for individual accounts on our groundbreaking security research platform. corellium.com/blog/ios-for-i…

Okay hear me out… Apple Pi — A Raspberry Pi with M1

Just Posted: A Three Part Deep Dive on JavaScriptCore's DFG. Perfect for those learning to exploit JIT bugs. zon8.re/posts/jsc-part… zon8.re/posts/jsc-part… zon8.re/posts/jsc-part…

Today, our team member, Đỗ Minh Tuấn , shared his analysis on: "Exploiting CVE-2021-1789 : WebKit JSPropertyNameEnumerator Out-of-Bounds Read" - starlabs.sg/blog/2022/08-e… Thanks to our other team member, Jia Hao for the help in editing it.

Success! STAR Labs demonstrated their DoS attack against the Unified Automation UaGateway. They earn $5,000 and 5 Master of Pwn points. #Pwn2Own #P2OMiami

We are pleased to announce that STAR Labs has been selected by the CVE Program as a CVE Numbering Authority (CNA). To date, 273 organizations from 35 countries have partnered with the CVE Program. Read more: starlabs.sg/blog/2023/02-s…

Success! STAR Labs SG was able to execute a 2-bug chain including directory traversal and command injection against the QNAP TS-464. They earn $20,000 and 4 Master of Pwn points. #Pwn2Own

Success! STAR Labs SG was able to exploit a permissive list of allowed inputs against the Samsung Galaxy S23. They earn $25,000 and 5 Master of Pwn points. #Pwn2Own

Awesome work by our team members Janggggg Thach Nguyen Hoang 🇻🇳 Lê Hữu Quang Linh 🇻🇳 Đỗ Minh Tuấn & Billy for their successful entries x.com/thezdi/status/… x.com/thezdi/status/… Not forgetting the rest of our team members who attempted to find bugs for P2O amid a hectic schedule

New blog on escaping Chromium sandbox from JavaScript from Marco `wsx` and Giulio C 🔥🌸. microsoftedge.github.io/edgevr/posts/E…

Verified! The first #Docker escape at #Pwn2Own involved two bugs, including a UAF. The team from STAR Labs SG did great work in the demonstration and earned $60,000 and 6 Master of Pwn points. #P2OVancouver

During the 2nd day of #Pwn2Own Vancouver 2024, our researchers Billy & Đỗ Minh Tuấn & Ramdhan successfully demonstrated their Docker Escape. 🥳🥳👍🏼

Our researchers Billy & Đỗ Minh Tuấn & Ramdhan are also successful in their LPE attempt in Ubuntu at #Pwn2Own Vancouver 2024, 🥳🥳👍🏼

[346686148][maglev] Fix RecordUseReprHint for loop phis in inlined functions chromium-review.googlesource.com/c/v8/v8/+/5633… Regress test: ./d8 --allow-natives-syntax --maglev --no-maglev-loop-peeling regress-346686148.js github.com/v8/v8/blob/06a…

Thrilled to announce that Thach Nguyen Hoang 🇻🇳 WeShotTheMoon and Đỗ Minh Tuấn ‘s recent exploration into Chrome led to two bugs! CVE-2024-9370 and CVE-2024-9603 in Google’s security updates: chromereleases.googleblog.com/2024/10/stable… chromereleases.googleblog.com/2024/10/stable…

Turbolev(Turboshaft with Maglev as a frontend(faster & simpler arch)) is a new attack surfaces Flags: "--turboshaft" & "--turbolev" Discrepancies between the two IR frameworks might lead to... chromium-review.googlesource.com/q/hashtag:%22t… chromium-review.googlesource.com/q/project:v8/v…