Exploiting the Linux Kernel on October 26 — November 1 online with Ringzer0 @_ringzer0. https://t.co/WhmVtomhR7

🚨 Save the Date for #offensivecon26 Mark your calendars, spread the word, and stay tuned for when registrations open! 📍 Hilton Berlin 🧠 Trainings: 11–14 May 2026 🎤 Conference: 15–16 May 2026 Visit 🔗 https://t.co/83MHwjF4lo for more details.

First mention of x86 memory tagging (aka MTE) by both Intel and AMD (codename ChkTag): https://t.co/puaBEmfAGx https://t.co/UVIsSZ9Twc 🤘🤘🤘

From kernel oops to kernel exploit: How two little bugs (CVE-2025-23330, CVE-2025-23280) in #NVIDIA open GPU #Linux driver can lead to full system compromise. Full technical breakdown inside, #vmalloc exploitation technique included! https://t.co/lVx97yzxyU

Learn why these women are choosing Waymo over traditional ride-hailing services and say they feel much safer.

Meanwhile on x86, upcoming memory tagging support was announced today - named ChkTag. A few notes: - Tags are stored in virtual memory - this is quite similar to the recently disclosed FEAT_VMTE on Arm

Wrote a blogpost today on how to write a harness for Lucid. This is the harness I'll be using to fuzz `nftables`. Some overlap with last blogpost, but everything is explained step-by-step. First blog entry into my earnest attempt to find bugs with Lucid for the 1st time: 👇

💣 We caught @ycombinator–backed @gecko_sec stealing two of our CVEs, one on @ollama , one on @Gradio. They copied our PoCs, claimed CVE IDs, and even back-dated their blog posts. Here’s the full story 👇

CVE-2025-23282 is going to debut tomorrow at @hexacon_fr in our talk "CUDA de Grâce" w/ @chompie1337, but you can try CVE-2025-23332 now! Tweetable Python PoC: ``` import fcntl fcntl.ioctl(open('/dev/nvidiactl'),218,0) ```

In our final ksmbd research post, @73696e65 provides a detailed walkthrough for exploiting a local privilege escalation vulnerability. If you're interested in learning more about exploitation on modern systems - check it out! https://t.co/RPMvj0grOS #doyensec #appsec #security

Wrote a blogpost today about getting Lucid fuzzing on a "real" target, all of the work that it took and the changes we made along the way. Next, we'll take a more earnest bug-finding approach and conduct a serious fuzzing campaign with Lucid:

Pumpkin (@u1f383) wrote an exploit for this issue! Go check out their blog post 👀

As a ‘92 millennial, I thought I knew what gaslighting was… turns out my first real lesson comes from Linux kernel maintainers 😅

$30k for an Ubuntu Linux Kernel container escape. The github links on the rules site are broken, but you can find them by just traversing up to the root of the repo. don't see any restrictions on using unpriv namespace bypasses (also not sure if those have been fixed).

Blog post is out! Come learn about how I analyzed the latest kernelCTF 1-day submission. This was a vulnerability in the Kernel TLS subsystem. I didn't write a full exploit yet, but @u1f383 already gave me some ideas that I will try to implement soon😅 https://t.co/jFcVrwm9NF

My writeup on CVE-2024-38399 (a Use-After-Free in KGSL driver), which was released in @Qualcomm Oct 2024 Bulletin as reported by Xiling Gong(@GXiling), covering the KGSL Fault Mechanism, the patch-fix, vulnerability analysis, kernel tracing and a plan to trigger it. Blog:

Uninitialized memory is the most under-recognized type of security bug (it looks like UAF/OOB got all attention). You don't need ROP, don't need to break ASLR, overlap objects, etc. Just read out crypto keys that the system nicely sends you.

Delivered a workshop at @BalCC0n this weekend on emulating/sniffing/MitM'ing USB devices with Raw Gadget and a Raspberry Pi. All materials are public, so can go through the workshop on your own if you're interested. https://t.co/1En6ikOigB

Updated syzkaller documentation on USB fuzzing to explain how to handle certain tricky cases (e.g. driver quirks applied based on Vendor/Product IDs). https://t.co/cKLagPT87y

A technical look at @GrapheneOS Hardened Malloc, a memory allocator designed to mitigate heap corruption vulnerabilities (UAF, overflows) and break common exploit primitives. Deep dive for security researchers & exploit developers by @iksocin https://t.co/99v99YQTdO

Oh also this, which is technically WAI but has the unfortunate side effect (because of linear map non-randomization) that instead of bypassing KASLR, you can just use 0xffffff8000010000 as your kernel base instead.... https://t.co/JXMIquQ14s

I've derestricted 3 unfixed issues in the Google BigWave driver - these bugs are reachable from media decoding contexts on Pixel devices. E.g. https://t.co/KxgeHA6hdw

FUTURES TRADERS: Get 40% off all evals, no activation fees, end-of-day drawdown in our live-market PRO+ accounts…and still daily PRO payouts!