New blog post: CVE-2020-0022 an Android 8.0-9.0 Bluetooth Zero-Click RCE – BlueFrag

You gotta be kidding Mi - We just published the Xiaomi Pwn2Own 2018 advisories, which were patched just before Pwn2Own 2019, for silent APK install in the Browser and WiFi categories by @munmap https://t.co/Ku2K5EmEdO and

Two security researchers went on a web app test and you won't believe what overflowed next: check out our new blog post "Prince of the Honeycomb" by @pwnfl4k3s

Confirmed! The @FSecureLabs crew used an #XSS bug in the NFC component of the #Xiaomi Mi9 to exfiltrate data just by touching their specially made NFC tag. Their efforts earned $30,000 and 3 more Master of Pwn points. #P2OTokyo

The @mwrlabs team demonstrated 9 bugs in our inaugural internal pwn2own - showing remote and local bugs in IoT devices and routers. Awesome stuff ☺️

Ever wanted to hack a car? Break out of a hypervisor? Get over the air remote code execution on a baseband? MWR is looking for an offensive security researcher. https://t.co/7xgfo8gaLI #0day #pwn2own

I have finally published a write-up of the Trinity exploit chain consisting of three stages and six different vulnerabilities! https://t.co/TAUL31rWqt

I wrote a thing about my macOS sandbox escape & LPE from Pwn2Own

Here are the slides from the 35C3CTF talk I just gave:

Fuzzilli, my JavaScript engine fuzzer, is now open source: https://t.co/2noeJIATVf \o/ Keep an eye on the Project Zero bugtracker in the next few weeks for some of the bugs found with it. Also let me know if you encounter any problems when using it! :)

Jumping on the DHCP bandwagon:

Join us in Bamberg to discuss about Ethics, IT Security, and Privacy (March 25–26). 13 speakers, 7 sessions, full program and registration (extended until March 11) at https://t.co/gN3XqCONjK

Project Zero blog: "The Curious Case of Convexity Confusion" by Ivan Fratric (@ifsecure) -

Here is my exploit for one of @_tsuro 's TurboFan bugs related to an incorrect typing of String.(last)IndexOf JSCall nodes. https://t.co/WkRgIyGvis

New blog post published :) https://t.co/GBq58KUumN

Did you recently think what the fuzz is this fuzzing everyone's talking about? Here's a thorough introduction to fuzzing by @flx1101

It looks like the code for Neuzz, a very cool new approach to fuzzing that uses deep neural networks to predict the coverage map for an input and then uses its gradients to focus fuzzing effort, has been released!

Full writeup on exploiting @_tsuro's Math.expm1 typing bug in V8, from analysis of the bug to RCE. Definitely one of the most difficult bugs I've ever worked on. Enjoy!

Thanks, @WanderingGlitch! This is, undoubtedly, one of my all-time favourites. The exploit was quite an exciting one to pull off as well. 🐞

FuzzIL: Guided Fuzzing for JavaScript Engines by @5aelo