An analysis of a recent 0-click exploit targeting Samsung devices: https://t.co/ChQTJY16QJ

I posted a short blog about how a Samsung GPU vulnerability (CVE-2025-21479) can be leveraged for an LPE on affected devices https://t.co/9tya9c37Ez

@__sethJenkins broke kASLR by doing … nothing 😩 https://t.co/hxPzVTC1RN

More interposer fun, this time with DDR5 memory. Breaking TDX, SGX, SEV and even Nvidia TEEs. Checkout our work at https://t.co/Jl1dpGnM6J, and get a personally-signed Intel attestation report at @TEEdotFail.

thanks to everyone who attended my #TheSAS2025 talk "Typographic hit job: when fonts pull the trigger". 🙏 I've written an accompanying blogpost that goes over all the details:

I was glad to be back at #OBTS this year. It was another awesome edition of the conference. Thanks for joining my talk about Apple's novel #C1 baseband and thanks to @objective_see :) You can find the slides, a recording, and our tooling on my website. https://t.co/YkpmCqQRQO

Serious bugs often occur in third-party components integrated by other software. @ifsecure and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click. https://t.co/LchMIdKP0P

A technical look at @GrapheneOS Hardened Malloc, a memory allocator designed to mitigate heap corruption vulnerabilities (UAF, overflows) and break common exploit primitives. Deep dive for security researchers & exploit developers by @iksocin https://t.co/99v99YQTdO

My research on CVE-2025-38352 (posix-cpu-timers TOCTOU Race condition) which was released in @Android Sept 2025 Bulletin, covering the internals, the patch-fix, vulnerability analysis, and a demo of a PoC that caused a crash in the Android kernel. Blog:

The two bytes that make size matter: Reverse engineering Apple's iOS 0-click CVE-2025-43300 improved bounds checking fix, by Madimodi Diawara https://t.co/EgSvDqoOEz

Documented instructions for setting up KGDB on Pixel 8. Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc. https://t.co/vb4mgLDJrl

Had a great time presenting at @reconmtl this weekend - always amazing meeting everyone and sharing research 🙌 For those that missed the conference, or just want to review my WhatsApp work, feel free to read the slides here & hmu if you have questions! https://t.co/ZyKfCh23vD

Hexagon Fuzz: Full-System Emulated Fuzzing of Qualcomm Basebands by srlabs https://t.co/P21eZSxsmJ

Extracting Embedded MultiMediaCard (eMMC) contents in-system. ZDI researcher Dmitry Janushkevich details how to interact with an eMMC chip and notes some pitfalls you may encounter on the way.

Exploit write-ups for our 🚨latest 0-day🚨and the tragedy that swept the red black tree family dropping soon 👀 Here is a tiktok style video for those of you with no attention span thanks to slop and social media. Turn on the audio!!!

"Why is my exploit taking 10 minutes?" *checks logs* *sees 10,000 kernel warnings* "...oh" 💡 Fresh Friday night read: our intern, Tan Ze Jian, on Mali exploitation - sometimes the fix is simpler than you think! https://t.co/kIe2DTgFOU

Our new blog post is live:

Our OffensiveCon talk on stateful baseband emulation (and how improper string handling led to baseband RCE) is available on YouTube: https://t.co/n8KqwHZ966. It has been a pleasure; awesome conference, brilliant people. Slides and paper:

In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled.

❤️@RandoriSec is sponsoring the 2025 edition !