Fine writeups & exploits by @5aelo @_niklasb @edgarboda @bkth_
Joined April 2017
- Tweets 53
- Following 6
- Followers 3,982
- Likes 25
Photos and videos
I wrote a thing about a Chakra RCE for which the JIT trigger is tweetable :)
function opt(o) {
o.pwn = o.a;
}
phoenhex.re/2019-07-10/ten-m…
105
244
I wrote a thing about my macOS sandbox escape & LPE from Pwn2Own phoenhex.re/2019-05-26/attri…
4
219
508
New blog post written together with my friend @S0rryMybad about using the JIT to abuse a non-JIT bug in Chakra (CVE-2019-0812) phoenhex.re/2019-05-15/non-j…
1
108
241
I published the slides of the presentation I gave @BlueHatIL and @offensive_con about Attacking Edge through the JIT compiler. I also contains exploit code for CVE-2018-8266 github.com/bkth/Attacking-Ed…
1
152
315
phoenhex team retweeted
17 Dec 2018
Attacking Edge through the JavaScript Just-In-Time compiler by @bkth_ offensivecon.org/speakers/20…
13
46
phoenhex team retweeted
17 Dec 2018
IPC you outside the sandbox: One bug to rule the Chrome broker by @_niklasb offensivecon.org/speakers/20…
1
16
43
phoenhex team retweeted
17 Dec 2018
FuzzIL: Guided Fuzzing for JavaScript Engines by @5aelo offensivecon.org/speakers/20…
57
158
phoenhex team retweeted
8 Nov 2018
My #pwn2own exploit chain from this year, essentially 3 logic bugs to go from Safari to kernel on macOS up to 10.13.3, is now open source: github.com/saelo/pwn2own2018. The README also links to a few slide decks which contain some more background information :)
8
445
902
phoenhex team retweeted
14 Oct 2018
#Hack2Win eXtreme @bevxcon - SSD Advisory – Firefox Remote Code Execution blogs.securiteam.com/index.p…
56
85
phoenhex team retweeted
9 Oct 2018
Browser Exploitation by @5aelo
offensivecon.org/trainings/2…
24
65
27 Sep 2018
Today we have a short new blog post about CVE-2018-4358, an infoleak bug in Safari found by @bkth_ @5aelo and @_niklasb that got patched by Apple in their last updates: phoenhex.re/2018-09-26/safar…
67
134
phoenhex team retweeted
20 Sep 2018
First #Hack2win eXtreme winners, @_niklasb @bkth_ @5aelo, 3 categories: Firefox RCE, Firefox InfoLeak and Chrome RCE, beautifully done, for a total prize of 170,000$USD. Still have 330,000$USD to give out to anyone that can show their skills - disclosure soon via @SecuriTeam_SSD
12
61
237
phoenhex team retweeted
10 Aug 2018
Here are the slides from my #BlackHatUSA talk about just-in-time compilers for JavaScript and the @webkit bug I used as part of my Pwn2Own chain this year =) saelo.github.io/presentation…
5
136
284
New blog post: Fuzzing the CS:GO map file loader with AFL in QEMU mode. Includes full fuzzing harness triaging tools to reproduce. Will still find heap overflows, because Valve says these are not security issues :> So get yourself some 0days now! phoenhex.re/2018-08-26/csgo-…
12
266
525
I added a PKGBUILD to get a full debug build of the latest VirtualBox version for Arch Linux, with the 3D security fixes from July reverted: github.com/niklasb/3dpwn/tre…
6
10
I published a small Python Linux library for experimenting with HGCM and VBoxSharedCrOpenGL (3D accel) from a VirtualBox guest. Includes a full exploit for CVE-2018-30{55,85} demonstrating some useful heap exploitation techniques for the 3D component github.com/niklasb/3dpwn
2
138
284
Got CVE-2018-8266 for a bug inside ChakraCore that led to RCE :) portal.msrc.microsoft.com/en…
3
8
86