I was human participant no 3 in this research paper. Stanford paid me (and another 9 humans) to hack their network for 10 hours 😎I found 3 critical vulns, 2 high, 1 med and 1 low, 7 in total. Their AI agent did pretty well, 11 total vulns, 9 valid. What is crazy to me is the

A great achievement from Apple on Memory Safety

We are very happy to announce the nominees for the 2025 Pwnie Awards! As a reminder, we will be presenting the winners at DEF CON this year. Saturday the 9th, 10:00AM Main Stage. Hope to see you there! https://t.co/hWUu2PcM8B

The OffensiveX 2025 Agenda Is Live. On June 18–19, we’re bringing the sharpest minds in offensive security to Athens to drop real research, real tools, and real tactics. You’ve seen who’s speaking. Now it’s time to see what they’re dropping. 🔗 Check the full agenda:

Marvel Rivals Remote Code Execution on PC and PlayStation 5

🚨 The wait is over—CFP for #OffensiveX2025 is NOW OPEN. Got research that challenges assumptions, breaks new ground, or exposes critical security flaws? This is your chance to take the stage at Europe’s most technical offensive security conference. No fluff. No marketing. Just

I have posted the slides for the talk @chompie1337 and I gave this past weekend at @h2hconference -> The Kernel Hacker’s Guide to the Galaxy: Automating Exploit Engineering Workflows #H2HC https://t.co/Cl8b58KkAv

Rooting an Android POS "Smart Terminal" to steal credit card information:✅ Paper "Exploring and Exploiting an Android 'Smart POS' Payment Terminal", by Jacopo Jannone.Paying with a POS will never feel the same for me. PDF: https://t.co/mZqbgoZZyh Video: https://t.co/V98uJ4MH0m

The first ever end-to-end cross-process Spectre exploit? I worked on this during an internship with @grsecurity! An in-depth write-up here: https://t.co/mze3LQkpJR

I just released my C2 I was working on, on my free time. Feel free to play around make your own forks if you like it. It needs a lot of work but it is a fully rust one with small implant and working sleep obfuscation. https://t.co/kSu1KW6IYN

KVM escape CTF challenge (corCTF 2024) solution writeup https://t.co/fSnIXwCESO Credits @zolutal #Linux #cybersecurity

🔥💀 Here is the "Real" writeup and exploit for the pre-auth deserialization RCE I reported to Ivanti CVE-2024-29847 Apparently, folks at horizon3 tried to write about my bug before me but they did it wrong https://t.co/Df8lIDYNRH

The exploding Hezbollah pagers situation is an incredibly impressive supply chain attack by Israel (most likely). I am sure more details will come, but there are already some educated guesses to be made that narrow it down. 🧵1/n

If you’re interested in getting started in cryptography, check out the crypto 101 course by Dr. Alfred Menezes from UWaterloo. https://t.co/cevF3j5OTb He’s planning on publishing the lectures from his Applied Cryptography course, which was my introduction to the field.

"Most concerning is the illusion that LLMs are retrieving information rather than constructing word associations. LLM responses are statistically likely rather than factually accurate. Sometimes these things correspond, but often they do not." E. Salvaggio

🚨We are very pleased to announce the nominees for the 2024 Pwnie Awards! Be sure to tag your friends and catch us at Def Con! 🚨 🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇 https://t.co/TxplA2l6X6

Introducing a new Windows vulnerability class: False File Immutability. 👉 Bonus: a kernel exploit to load unsigned drivers. https://t.co/rckAZVs5Lf

From Theory to Practice: Kernel Heap Spray Exploitation for Privilege Escalation💥 Part two of the blog series by my colleague Alex: https://t.co/rP2eFoi01t

One year ago, @T00uF and I did a talk at @_leHACK_ about DPAPI and #DonPAPI. Well, we've completely rewritten it to add a lot of new features. DonPAPI 2.0 available now 🚀 ▶️ https://t.co/3QJzpJcKaw

A very interesting podcast from @SCWpod