Happy to announce Robert Herrera and myself will be presenting about Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap at BlackHat USA this year! We will demo remotely compromising the device and capturing audio.

blackhat.com/us-24/briefing…

I’ve followed Cedric’s work for several years even before his pwn2own wins, and finally got a chance to hang out for a longer 1:1 conversation during OffensiveCon. When you take a training you want proven skills and good communication/character and he’s has both for sure!

If you’re thinking about advancing your knowledge in Windows exploit engineering then this course is from one of best! I have the good fortune to work with Cedric on a day to day and can attest for his skills! here’s a prime opportunity to learn directly in October in Paris👇

🍎iOS 17.5 released fixing multiple kernel memory corruption issues, LPEs, data privacy issues and a PAC bypass.

support.apple.com/en-us/HT214101

Slides of my offensivecon talk are available: synacktiv.com/sites/default/…

Pretty crazy that this vuln is still affecting things 16 years on..

16years.secvuln.info

Irregular reminder that this paper exists and is required reading for anyone working at the AI + Security intersection:
arxiv.org/abs/1701.04739

youtube.com/watch?v=2Lg2Jg… video of my NULLCON Berlin talk 'printer hacking adventures': 🖨️🐛🤓 .. I can't hot-link the slides because X thinks my domain is harmful?

Player 2 has entered the ring.

A new Chinese pwn2own style competition is now public. The list of targets is interesting, lots of edge devices and even Kaspersky. matrixcup.net/page/race/ques…

2024Pwnie奖的提名过程现在打开了！ 请发给我们你最好的漏洞， 胜利，和失败。
pwnies.com/nominations/

Recently modified code and sanitizer instrumentation seem to be among the most effective heuristics for target selection in directed #fuzzing according to this recent SoK by Weissberg et al. LLMs show much promise for target selection, too.

📝 mlsec.org/docs/2024c-asi…

Sunday morning really is the best time to get your fitness training in. Super quiet, everyone still in bed with Saturday nights revelry.

(Cope tweet since I missed offensivecon party’s)

it can actually already do more than simple challenges. it will automatically solve aeg from pwnable.kr up to control of PC.

the challenge involves a long hex encoded input that must pass many checks after which an unsafe memcpy occurs.

with radius2 it takes no RE

Pretty cool a nanoMIPS ISA extension for Ghidra by James Chambers was released. Useful for MediaTek baseband reversing.

research.nccgroup.com/2024/05/07/ghi…

github.com/nccgroup/ghidr…

ASM/Auto pentesting platforms are starting to talk agents, ml, and what not.

Their datasets are vast, but are also full of client info. They can’t confidently train models on all that data without painstaking work, they might not even be allowed to.

Everyone is starting at

Wow #BGGP5 is fast approaching (June 21st 2024)!

What should the challenge be this year? We want something fun and interesting, while leaving a lot of room for creativity.

Comment with your idea below and we may just run with it!

Past challenges here: github.com/binarygolf/bggp

this was the strongest solar storm in 103 years btw if you even care

Norway tourism really going to take a hit as you can strike this off bucket list from the comfort of your own home.

Some notes on control flow guard in Windows 11 24H2 by Milos (ynwarcs):

ynwarcs.github.io/Win11-24H2-CFG

In a new guest blog, Cody Gallagher describes the bug he used to exploit #Oracle #VirtualBox at #Pwn2Own Vancouver. He gives an in-depth analysis of how he used a race condition to win $20,000 at the contest.
zerodayinitiative.com/blog/2024/5/9/…