Today, my PC was nearly compromised. With just one click, I installed a malicious @code extension. Luckily, I was saved as my PC doesn't run on Windows. Hackers are getting smarter and aren't just targeting beginners. Here's how they do it and how you can protect your coins!

And the recording is now also public: https://t.co/oeEmEimt8M thanks @offensive_con!

Well, it really looks legit... 🙈

@offensive_con was an absolute blast! It was amazing catching up, making new friends, and timeless memories. And thanks to @Cellebrite my phone didn't run out of juice😅. Xray by a friend.

👑 As long as Javascript JIT is present, browsers will always be the supreme way to remotely pwn a device. Delve into the quirky world of JS engine vulnerabilities and exploits with @n30m1nd ➡️ https://t.co/HyVfdWQDsp 📆 30/09-03/10 2024 📍Espace Vinci, Rue des Jeuneurs, Paris

A V8 writeup of a recently patched vulnerability we found a few months back, affecting Maglev, and probably one of the last exploits to be "unaffected" by Ubercage on x86 :)

Si los hackers tuvieran una biblia, este sería su primer capítulo.

Finished a write-up of a vulnerability in the io_uring subsystem of the Linux Kernel. This one is interesting because it gives you an incredibly powerful primitive - a multipage-wide OOB read and write to physical memory. https://t.co/fFZ3lUGTQb

At #OBTS Javier (@n30m1nd) and Vignesh (@sherl0ck__) from @ExodusIntel fuzz'd and audited the cr.p out of the Webkit JavaScript engine JavaScriptCore - bugs bugs and moar bugs were found!

Join @n30m1nd and I as we talk about converting JavaScript NaNs into WebKit RCEs in about 2.5 hrs at #OBTS v6!

Join us in London, England on Nov 14, 2023, for our highly anticipated Browser and Mobile Exploitation trainings! #exploitation #Training #Cybersecurity #London https://t.co/7cQBJrNwtH https://t.co/WHCO2dwKIF

Is your PC eligible?

Here is the writeup for CVE-2023-3389, a Use-After-Free on an hrtimer in io_uring, which I exploited for the kCTF VRP https://t.co/KhfJzEWp4f

> we are having the CTF, and while checking traffic, I noticed that one of the team's exploits is not GLES 3.1 or compute shader specific. I checked that it's a 0day. > I eventually reported the issue to ensure that it actually is taken care of,

Sharing another V8 Sandbox design document more widely: https://t.co/h29nL4uBEM This one discusses how to protect code pointers - probably the most performance sensitive part touched by the sandbox - with (almost) no performance overhead.

Continuing with another browser vuln on the @XI_Research blog, this time on Safari by my teammate @sherl0ck__

Our deepest condolences to the friends, family, and colleagues of Mr. Kevin Mitnick. https://t.co/UPeddvYNyw

Night full of bangers by @shirobon Too bad couldn't hear Xilioh live but "there's only so much you can fit in a set"; maybe next time 😁. Shouts to @ctrix64 for keeping the hard-core vibe after @nuphory going 🤘

Hey @andyrozen @patrickwardle seems we're missing each other and seems like you're not getting our emails (Cc @sherl0ck__ ). Check your DMs for confirmation! We're excited to be on this edition of #OBTS!

There are about 5 tickets left for tonight so if you haven't got yours yet do so now as they won't be available on the door! https://t.co/JVYk1qLz5O