w0
@jgrusko
Followers
4K
Following
3K
Media
12
Statuses
3K
💥BOOM!💥 Another privilege escalation blog, this time showcasing how to convert arbitrary file deletions 🗑️ to SYSTEM command prompt🌈 CVE-2023-27470. Learn about TOCTOU, pseudo-symlinks, MSI rollback exploits, and, of course, how to protect yourselves! https://t.co/S3HCXdvoBY
cloud.google.com
8
202
516
PS5 Release: Kernel Exploit (Webkit – v1.03) compiled for ESP8266 Blog post: https://t.co/Rq1tOSGiWD Downloads : https://t.co/sdvjXyE6gs
wololo.net
I was having a hard time finding the latest and greatest version of the PS5 Kernel exploit files (known as v1.03 on SpecterDev‘s github) compiled for the ESP8266. Apologies if a compiled version...
0
60
214
Hello.. is this thing still on? It's 2023, so here's a fun new blogpost on how we used Intel's x86 CPU JTAG to dump the infamous "secret bootrom" in Microsoft's original Xbox: https://t.co/p8Z2Fzab1K
12
150
424
Me, starting to analyze a new piece of software: I basically know how this works already, I just need to learn a few of the finer details Me, a week later: I don't know anything about this software, or computers in general.
6
76
504
A rowhammer-style but different (and worse?) mechanism to induce DRAM bit flips. Get popcorn.
8
18
97
CVE-2023-2008 - Analyzing and exploiting a bug in the udmabuf driver by @dialluvioso_ and @esanfelix
0
51
128
I can finally have closure and peace of mind
We've been asked to share the kernel challenge we had at OffensiveCon. You can download it at https://t.co/gV6YQvU4SD and give it a try. It was meant to be solved live at the conference, but apparently the noisy environment and german keyboard layout made it too hard :').
0
2
11
New blog post is up! Dumping the AMLogic A113X/A113D BootROM (and eFUSE/OTP data):
haxx.in
In this post we will exploit a memory corruption issue in AMLogic El3 code that is used by various consumer devices like the Sonos One (2nd generation) and the Lenovo Smart Clock. The goal is to get...
3
36
121
Here are the slides for my keynote, 'Mobile Exploitation, the past, present, and the future' at #Zer0Con2023. Zer0con was a blast as always, thank you @POC_Crew!! 🚀💫 https://t.co/cqEftba9Cy
12
139
420
✨Amazing detection and analysis by @_clem1 and Google TAG on 2 different campaigns using 5 different 0-days and numerous n-days. Android, iOS, and Samsung devices were targeted https://t.co/CTuZoweYbb
1
31
106
mast1c0re: Part 3 – Escaping the PS5 emulator
reddit.com
Explore this post and more from the netsec community
0
11
27
It's time everybody!!! the OffensiveCon23 ticket shop is now open! Get your tickets quickly, as they tend to run out pretty soon.
4
38
84
Old news for us, but others might find it interesting: https://t.co/0SxKtXdnrn See: https://t.co/LPpFFv2Doj (2019) https://t.co/ikRCf9erb4 (2018) Users should not take too seriously the cover stories used to disguise embargoed vulnerability fixes.
Based solely on what you've read from Linus ( https://t.co/DmUHLq8wsx) and publications like LWN, ( https://t.co/7DfxaqPZEJ
https://t.co/hYsEQnEIKJ) do the current KAISER/PTI implementations prevent defeating KASLR via Meltdown on Intel CPUs?
0
4
20
Exploiting CVE-2022-42703 - Bringing back the stack attack
2
38
104
KmsdBot Botnet Is Down After Operator Sends Typo In Command
theregister.com
Cashdollar: 'It’s not often we get this kind of story in security'
0
3
7