Extremely happy and proud to achieve this feat. Thank you @offsectraining for the amazing course and the brutal exam. #osed

This research allowed me to find critical bugs in several electron applications by finding public n-day exploits for older versions of chrome and adapting them to the electron framework. https://t.co/kZKmvuABkq #BugBounty

To wrap up 2022, I'm releasing the final part of my 3-part browser exploitation series on Chrome! In this post, we demonstrate the practical use of the concepts we've learned throughout the series by analyzing and exploiting CVE-2018-17463. Enjoy! https://t.co/Xhrnh4fqNB

In a new guest blog, #Pwn2Own winner @_manfp details CVE-2024-2887 - a bug he used to exploit both #Chrome and #Edge during the contest on his way to winning Master of Pwn. He breaks down the root cause and shows how he exploited it. Read the details at

A file read primitive and you have your KASLR bypass ;)

We wrote about a Chrome bug that arose due to the manner in which V8's Maglev tried to optimize the number of allocations it made. Now, in the newer releases with Trusted Pointers, the v8 heap sandbox looking a bit more formidable 👀

The recording of our (me, @bzvr_, @kucher1n) #37c3 talk “Operation Triangulation: What You Get When Attack iPhones of Researchers” was published!

Write-up & POC for CVE-2023-38146 released Blog - https://t.co/DiRVO4uadN POC -

CVE-2023-28432 Minio information leakage leads to RCE https://t.co/1IaBVptrAQ

🧨 TOOL ANNOUNCEMENT 🧨 We are glad to release a VSCode extension to help out during code reviews! Create inline notes 📝, import findings from Semgrep 🛠️, collaborate with others in real-time 🤝, and more! Find out more at: https://t.co/AswhyyjH4M #infosec #appsec #pentest

Drop your most proud pre-auth RCE below, curious to read other peoples write ups/advisories/exploits :->

For those that want a quick SSO setup, thank me later:

I have successfully reproduced CVE-2022-43781 causing RCE on Bitbucket server. Ref: https://t.co/6zwUokvK0a

Now this is a pretty handy tool... "A plugin to introduce interactive symbols into your debugger from your decompiler" // by @mahal0z https://t.co/QYQHpgHRuK

Eat What You Kill :: Pre-authenticated Remote Code Execution in VMWare NSX Manager: https://t.co/QQlVppKsaB. This post was presented by past #FSWA student @SinSinology and meme courtesy of @lystena :)

WriteProcessMemoryAPC - Write memory to a remote process using APC calls Another alternative to WriteProcessMemory! https://t.co/JIzWS927Uc

After I published the article "CVE-2022-36923 ManageEngine OpManager getUserAPIKey Authentication Bypass", one of the remaining issues was how to use the rest api key to rce, and my colleague's recent research solved this problem. 1/n

Due to (somewhat) popular demand, here's the source code of winapiexec, a small tool to run WinAPI functions through command line parameters. https://t.co/NrWYQ7XLzP

Run your shellcode directly from bash: dd of=/proc/$$/mem bs=1 seek=$(($(cut -d" " -f9</proc/$$/syscall))) if=<(base64 -d<<<utz+IUO+aRkSKL+t3uH+McCwqQ8F) conv=notrunc Credits to "unknown"

The Golden SAML attack has been described and tools released in the last year. I've written a practical step-by-step guide to creating golden saml as there are some tricky parts:

New blog post! What's the Debugger Data Model in WinDbg, and why is it so powerful? Over the past few years we've been adding lots of powerful functionality to the data model. Understanding what it is will help you use WinDbg more effectively. https://t.co/k0Is6xcbsQ