Check out our newest blog about how we took advantage of a WebGPU feature to turn an integer underflow bug into an arbitrary read in Chrome’s WebGPU. This bug was fixed by Google long ago, but our ticket is still restricted. https://t.co/vYvVPtF2PP by @lanleft_ + @__suto

Theses findings found by our AI Agent. Probably some writeup when more complex issue got destricted. https://t.co/ho0lrb9OEL

A brief JavascriptCore RCE story by @lanleft_ and An Nguyễn https://t.co/mKJMcmVZGS

We reported a total of 51 bugs (low to critical impact) for IoT devices used by Singapore Smart City and Smart Building. https://t.co/WLDvEzg3CE

hey #googlectf folks please give us a v8 sbx challenge so we can make our recent submitted 0day useful one last time

Well done on some awesome research @n30m1nd @sherl0ck__ !! Keep tackling those hard targets! https://t.co/Ka89BplXla #chrome #Exploit #vulnerabilityresearch

Additionally, last year our teammate @bienpnn also pwned Linux kernel on kernelCTF with a 0-day, that has been fixed and assigned CVE-2023-4244. So far, we have successfully pwned 2/3 liveCTF hosted by Google. We are going to aim for kvmCTF in the future.

Our teammate @__suto has just pwned V8 JavaScript engine on Google's V8CTF version M120 using a 0-day exploit.

#OffensiveCon23 recordings are now live! Hope you enjoy :) https://t.co/8cvBFzxoVU

Our idapcode plugin was released today! That's a very useful tool to lift IDA assembly code to Ghidra P-Code. /cc @HexRaysSA @ilfak https://t.co/Fb2GfgggTf

Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate and speed up some tedious Windows Kernel Drivers reverse engineering tasks.

Here are the final Master of Pwn standings. Congrats to @Synacktiv on claiming the title. It was a close race, but they pull through.

Confirmed! trichmitrich used nearly all the time on the clock, but his command injection bug is unique. His takeover of the Cisco RV340 via the WAN interface earns him $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OAustin

#Pwn2Own After Dark is underway with trichimtrich targeting the LAN interface of the NETGEAR R6700v3. The first attempt was successful, and the team now moves to the disclosure room for verification.

Confirmed! @bienpnn's last attempt of day 1 was successful. He used a single OOB Read bug to take over the TP-Link AC1750 via the LAN interface. This unique bug chain earns him another $5,000 and 1 Master of Pwn point. #Pwn2Own #P2OAustin

Confirmed! @bienpnn from Team Orca of Sea Security used a three-bug chain, including an auth bypass and a command injection, to take over the LAN interface of the Cisco RV340. He earns $15,000 and 2 Master of Pwn points. His contest total so far is #45,000. #Pwn2Own #P2OAustin

Success! In the 2nd demonstration of the contest, @bienpnn from Team Orca of Sea Security ( https://t.co/flIrHUt3bG) was able to get a root shell on the WAN interface of the Cisco RV340 router. He's off to the disclosure call to verify the details. #Pwn2Own Austin #P2OAustin

Another confirmation! trichimtrich used an OOB Read to get a root shell via the LAN interface of the #TP-Link AC1750 Smart Wi-Fi router. That earns him $5,000 and 1 Master of Pwn point. #Pwn2Own #P2OAustin

I wrote an ppt about kernel vulnerability and exploitation; https://t.co/AZ3SAqiP7D Chinese version

New blog on the background and methodology of some research I did into escaping Windows Server containers, why the bugs were eventually fixed, and why you still shouldn't use them :-)