Joined June 2023
- Tweets 239
- Following 181
- Followers 76
- Likes 878
37 Photos and videos
Pinned Tweet
Mar 12
I started digging into npm packages auth logic a few days ago and got my first critical CVEs ^^
github.com/parse-community/p…
1
5
300
mk0 retweeted
Jun 12
We published a new research article on the Chromium 146 Renderer Process!
In this article, we start from the CVE-2026-3910 Maglev write barrier elision bug and walk through the full exploit chain: building a V8 heap R/W primitive via a GC-induced UAF, achieving an out-of-sandbox read using WebAssembly internals, abusing JSPI UAF and StackMemory / JumpBuffer, and ultimately reaching renderer process RCE.
Our goal was to provide a structured explanation of how modern V8 exploitation works in practice, from compiler-level bug analysis to sandbox-boundary primitives and final code execution. Huge thanks to our team member @m411k_ for conducting this research!
Check out the PoC!
Full article:
research.rewritelab.org/2026…
1
35
165
11,004
🚨 Introducing "ITScape" (CVE-2026-46316)
A Guest-to-Host Escape in KVM/arm64. Guest-side actions alone exploit a use-after-free to run root-privileged code in the host kernel.
Unlike the commonly published QEMU escapes, the bug lives in in-kernel KVM, not QEMU. On a successful exploit, commands run with host kernel privilege rather than the privilege of a user process, threatening the guest-host isolation of multi-tenant arm64 public clouds.
To the best of public knowledge, the first Guest-to-Host Escape Exploit targeting in-kernel KVM/arm64.
Details: itscape.io
4
91
296
25,324
mk0 retweeted
shipping v5 of LitterBox after way too many late nights
real EDR in the loop now. drop an agent on your VM, fire payloads at it, alerts land back with full call stacks. Elastic Defend Fibratus work. new UI better performance — notes in the release.
github.com/BlackSnufkin/Litt…
4
67
260
15,350
mk0 retweeted
New #redteam tool for blocking EDRs: EDRChoker
Instead of fully blocking the EDR agents' connections to their server, we can throttle their bandwidth so they consistently time out when sending data, which is effectively the same as blocking but avoids triggering "block" or "drop" packet events
#pentest #cybersecurity
Github: TwoSevenOneT/EDRChoker
ALT EDRChoker run throttling EDR process list
ALT Elastic EDR blocked by EDRChoker
ALT EDRChoker run remove throttling EDR process
24
178
751
109,436
Pwning V8CTF with a 0day in Chrome thanks to Phi untagging.
Read here: kqx.io/post/cve-2026-4447/
3
32
202
14,677
Jun 6
nah that's karma at this point
Jun 5
> Microsoft GitHub repos banned
> "Terms of Service violation"
> ???
> Look inside
> Was compromised
... was Microsoft going to become a victim of a supply chain attack on their own platform via their own product?
21
Hello,
I want to share something important ( 7 Points ).
1. First up all Congratulations to Microsoft and GitHub. The community did nothing, reality hits hard.
2. Regarding the repo, I believe an old copy is still available on the @vxunderground website. I’m not sure, but feel free to take a look. i will be hosting a private gitea server later, but i don't have the motivation for now.
3. From Monday or Sunday onwards, a friend of mine will be sharing some cool blogs that I selected.
4. My GitHub account will be back up next week i guess. idc about this…
5. I’m seeing my own tears after two years when I’m deleting these repos. That’s where my journey began. Who cares about my fucking feelings? Nah, literally no fucking one. So it’s a fucking waste of time for everyone.
6. Gonna focus on myself for some time...
7. I need a break from all this, so yeah,. see you after some time...
Thank you for your time. Take care.
Best regards,
Albert @5mukx ♠
15
7
126
8,488
mk0 retweeted
Jun 4
This guy sucks. At my first Pwn2Own he asked me over and over if it was my first CVE. I said no but he kept insisting, in front of everyone, he’d never seen my name credited before. Turns out he was confusing me with another woman in infosec. In charge of security research engagement for MSRC btw
42
79
1,268
134,699
mk0 retweeted
I'm not sure the community will like this. @Hacker0x01 will now reuse your novel techniques / exploits / old reports to look for vulns on the rest of the customer's infra. I guess they will add you as collab and give you a bounty, right? right?!
17
40
268
75,621
Hey @martinwoodward
My GitHub account was flagged without any prior notice. I'm a college student and have been an active open-source contributor for over 4 years. I've released multiple security research projects and even contributed to Microsoft's open source editor.
My repositories help security researchers test and strengthen defensive systems through authorized work. Today I was releasing updates to a new tool when the flag occurred. I've already submitted a reinstatement request (Ticket #4440743).
So I kindly request you to help and resolve this issue.
Thank you
9
25
179
15,103
mk0 retweeted
Jun 1
Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously.
To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate.
We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them.
Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow.
The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.
Community note
Contrary to this claim, Microsoft previously threatened legal action via its Digital Crimes Unit against researcher Nightmare Eclipse for publishing unpatched vulnerabilities. pcmag.com/news/microsoft…
3
57
495
16,123
mk0 retweeted
Everyone except me ? We are in fact still in court over this.
Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously.
To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate.
We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them.
Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow.
The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.
Community note
Contrary to this claim, Microsoft previously threatened legal action via its Digital Crimes Unit against researcher Nightmare Eclipse for publishing unpatched vulnerabilities. pcmag.com/news/microsoft…
36
250
2,648
146,145
mk0 retweeted
May 31
Funny how some people react to MSRC's attitude to these 0day's, like it's a surprise..
From my angle, it's not a surprise.
They literally called my boss in Australia back in 2010 to shut down my fuzzing research on SMBv1.
@dustin_childs knows.
4
24
193
15,403
mk0 retweeted
Last time I dealt with MSRC
I found a command injection vulnerability present for a decade in context menus, not highly critical but still exploitable. (see my talk Shift Happens)
MSRC did not reward a bounty nor did they attribute a CVE to this finding because this ”doesn’t meet [their] criteria as a vulnerability that requires an immediate security update”
However, this was fixed a month later in Windows 11 Canary (10.0.27902.1000).
Case closed.
microsoft.com/en-us/msrc/blo…
11
61
336
29,008
mk0 retweeted
May 28
MSRC when you find an 0day:
This exploit is intentional and will not be fixed. Also you are a criminal if you tell anyone about it.
Then they flip a coin to decide if they patch or not
May 28
This is *quite* a post.
I honestly don't know offhand: Has Microsoft as a company ever before suggested in any official statement that it might seek to have criminal charges brought against security researchers who drop 0days?
microsoft.com/en-us/msrc/blo…
3
15
85
4,696
