Wormable RCE in Windows DNS. Wormable RCE in SMBv3. Linux kernel exploitation via eBPF and io_uring. Windows 11 kernel LPE. Android kernel exploitation bypassing DAC, SELinux, and Knox. Full exploit chains with working PoCs. Heap grooming. ASLR bypass. CFG bypass. Type confusion. Kernel privilege escalation across three operating systems. All free. All published with full writeups. chomp.ie/ Author: @chompie1337 #ExploitDevelopment #ReverseEngineering #InfoSec

Funny enough the dude who did the "jailbreak" to get it to produce anything malicious that led to this merely got a reverse shell back that used some gadgets and shellcode post disabling aslr. It's still very very basic and at that dogshit written malware.

看到一堆人把 Fable5 被禁往地缘政治、AI 核武器上扯 其实导火索挺技术的，就是被 Pliny 越狱了，模型发布才一天 稍微讲下原理。Fable5 和 Mythos5 底模本来就是同一个，差别只在 Fable 外面挂了层分类器，碰到 cyber / 生化 / 蒸馏这种高风险的就偷偷降级，把活甩给更弱的 Opus 4.8去答。所以安全这玩意根本不在模型里，是个外挂开关。Pliny 搞的就是这开关 手法说白了就一个：decomposition recomposition，拆开再拼。 举个具体的。你直接问"冰毒怎么合成"，分类器秒拦。但你把它拆成几个分开的问题——Birch 还原的反应机理是啥、溶解金属还原里电子怎么转移、某类底物在还原胺化里怎么反应——每一 条都是大二有机化学的课本内容，分类器一条条审根本挑不出毛病，全放行。然后你自己在长对话里把这几块拼回去，就是完整路径了。cyber 那边一个道理，单独问 strcpy 怎么用、ASLR 怎么关、怎么不加保护编译，全是正经安全课的内容，拼起来就是一份能用的栈溢出 exp 这就是 Anthropic 说的"狭窄漏洞"（non-universal）的意思——它不是一句话通杀所有请求的万能钥匙，只在"危害能拆成课本碎片"的地方漏，还得你自己有本事拼回去、试很多次、甚至挂个已越狱的 Opus帮忙。 他放出来的截图里有反向 shell、栈溢出教程、合成路径，顺手还把 12 万字的 system prompt 扒到 github 上了 Anthropic 反驳说有些图压根不是 Fable 出的、剩下的也都是公开信息，没否认越狱成立，就强调一句完美越狱抵抗谁也做不到，行业都这样 道理是对的。但监管不吃这套，因为它按最坏情况算账，不按平均。窄缝也是缝，对耗得起的国家级攻击者来说"难走"根本不算事；而且官员的逻辑很简单——今天能找到一条窄缝，凭什么保证没有更宽的、还没被发现的 所以 Mythos 系统卡一半篇幅都在讲对齐，不是没原因。前沿这一档，决定你能不能上线的早就不是模型多强，是那条最窄的缝有多容易被人撬开

Disable ASLR for your shellcode? Holy shit it's 2012 again. youtu.be/5vSUV1nii5k

No infoleak. No memory disclosure. Just collected libc mappings and a bit of statistics. Even if ASLR was technically random it just had a few favorite numbers 🙃 lol therealcoiffeur.com/c110100.…

automable certcc.github.io/SSVC/refere… the vulnerable component is not searchable or enumerable on the network weaponization may require human direction for each target delivery may require channels that widely deployed network security configurations block exploitation is not reliable, due to exploit-prevention techniques (e.g., ASLR) enabled by default

Desde el Firmware al RCE: Atacando NVRs de Hikvision 👀 En esta charla dictada en la EKO Miami 2026, Pedro Guillen Nuñez y @EinyelLA muestran cómo descubrieron y explotaron vulnerabilidades en dispositivos Hikvision: obtención y análisis de firmware, ingeniería inversa, explotación, evasión de DEP y ASLR, persistencia y una demo en vivo sobre un NVR de Hikvision. 🔥 🤓 ¿Querés ver cómo lo hicieron? Mirá la charla completa en nuestro canal de YouTube >> youtu.be/ZlftJt49O2I

🤖 Claude Fable 5 Jailbroken: System Prompt Leaked via Multi-Agent Attack Within days of Anthropic launching Claude Fable 5, researcher "Pliny the Liberator" bypassed its safety classifiers using a coordinated multi-agent attack strategy. The jailbreak leaked Fable 5's 120,000-character system prompt to GitHub and generated outputs including stack buffer overflow exploitation guidance and a meth synthesis pathway. Anthropic had claimed no universal jailbreaks were found across over 1,000 hours of external bug bounty testing before launch. The Model Architecture → Fable 5 and its restricted twin Claude Mythos 5 share the same underlying model. → Split by a layer of safety classifiers. → When a query trips a classifier in high-risk categories (cybersecurity, biology, chemistry, model distillation), Fable 5 silently hands off the request to Claude Opus 4.8. → User is notified of the fallback. 🎯 Attack Vectors Used → Unicode, homoglyphs, and Cyrillic character substitution to evade keyword classifiers. → Long-context reference tracking to smuggle harmful intent across large conversations. → Taxonomy and document-structure framing: embedding harmful queries inside legitimate-looking study guides or academic references. → Fiction and narrative framing to mask offensive intent as creative content. → Decomposition and recomposition: extracting sensitive technical information in benign, isolated chunks, then reassembling them into actionable uplift. ⭐️ Most Effective Technique → Decomposition and recomposition proved most effective. → Researcher described: "getting uplift on the process itself, like Birch reduction method or reductive amination, is much more doable" than requesting a named harmful compound directly. → A jailbroken Opus instance assisted in the backend, further lowering difficulty. ⚠️ Outputs Generated → Step-by-step stack buffer overflow exploitation guidance for x86 Linux systems. → Disabling ASLR, writing vulnerable C server code with strcpy overflows, compiling without protections. → Birch reduction mechanism (classic meth synthesis pathway). ⚠️ System Prompt Leak → Fable 5's approximately 120,000-character system prompt leaked to GitHub. → Exposes internal framing and safety instructions Anthropic uses to govern model behavior at the base level. The Architect's Dilemma Anthropic's classifier architecture, routing flagged requests to a weaker fallback model rather than refusing outright, was designed to reduce friction for legitimate users. The researcher argued this creates a false sense of security while frustrating legitimate security researchers who need access to offensive techniques for defensive work. When one jailbroken model (Opus) can assist another (Fable 5) in evading controls, single-model safety evaluations are fundamentally insufficient. The tension between AI capability and safety containment remains unresolved.

私のモテタイプは「ASLR」です！ #モテタイプ診断 #ラブキン lovecharacter64.jp/motetype1…