After Foxit, It was fun pwning Adobe Reader! Learned quite a lot of things. New achievement unlocked.

Enhanced Insecurity Mode: 23 RCEs in Edge's "Safe" WebAssembly Interpreter Microsoft's "safer" fallback when the WASM JIT is off? 23 paths to RCE in the interpreter itself. Slides now public — huge thanks to the OffensiveCon crew and everyone who came by. @offensive_con

I’ve tried various agent pipelines, and here is one of them. It found five type-confusion bugs in V8 Wasm: three under non-default flags and two in DrumBrake/MS Edge. The repo includes all the bugs in detail, along with a README file that explains how the pipeline works, the prompts used, and many of the genomes it generated. Since the README is enough to let Claude vibe-code it, I won’t upload my messy and embarrassing code. Have fun :) github.com/qriousec/colony_a…

My Windows reverse engineering and exploit research workflow has been: 1. Pick a binary to research like tcpip.sys 2. Use github.com/joshterrill/post-… to automate seeing existing binary versions, download, and generate diffs from them 3. Load the resulting .binexport's and .bindiff into an LLM and ask it to analyze 4. Look up the build number of previous Windows version that old binary existed in from uupdump.net/ such as 26100.8328 and create a VM from it 5. Write code and test, working backwards from LLM analysis

As promised - full blog post is live for CVE-2026-40369 Covers everything: initial research, methodology, the exploitation path, caveats, cleanups, etc. The whole journey from finding it to production-grade exploit: pwn2nimron.com/blog

Just dropped my full notes on Pwn2Own Berlin 2026. Broke down the big wins by DEVCORE, the actual techniques they used, why these matter in the real world, and exactly where you can practice the same skills yourself. Full article here #Pwn2Own #P2OBerlin #CyberSecurity

🚀 Launching: Mr. Chartist Options Terminal ⭐ Star it → github.com/MrChartist/india-… India's best open-source F&O analytics platform. Built for traders who are tired of paying ₹2K/mo for option chain data. ✅ Live Option Chain Greeks ✅ Strategy Builder with payoff charts ✅ IV Rank Scanner ✅ FII/DII Activity tracker ✅ Position Tracker with P&L sim ✅ Dark Light mode 100% free. Open-source. Self-hosted. #OptionsTrading #NIFTY #BANKNIFTY #NSE #OpenSource #IndianStockMarket

Exploit and mini writeup for CVE-2025-5419. github.com/mistymntncop/CVE-…

Remember that great OffensiveCon talk? Or sad you missed it? Well, here are the slides for it! github.com/TrenchantARC/Garb…

My BlackHat USA presentation's whitepaper and slide are now public. blackhat.com/us-23/briefings… #bhusa

(CVE-2025-1920)[$7000][398065918][maglev]Type Confusion chromium-review.googlesource… chromium-review.googlesource… chromereleases.googleblog.co… Revert: chromium-review.googlesource… Reland: chromium-review.googlesource… Revert Reland: chromium-review.googlesource… Reland^2: chromium-review.googlesource…

I have posted the slides for the talk @chompie1337 and I gave this past weekend at @h2hconference -> The Kernel Hacker’s Guide to the Galaxy: Automating Exploit Engineering Workflows #H2HC github.com/FuzzySecurity/H2H…

Disclosure of 7 Android and Google Pixel Vulnerabilities - PoC published : blog.oversecured.com/Disclos… PoC :

✍️ Fuzzing for complex bugs across languages in JS Engines by @cffsmith powerofcommunity.net/poc2024…

Releasing full 2 hr video of my browser exploitation workshop from VXCON 2024: youtube.com/live/b9OhamkAY2I In which I show what goes inside the mind of a skilled hacker while exploiting a highly non-trivial vulnerability in v8, from zero to exploit concept. Especially this workflow requires advanced abstract thinking, thereby emphasize the role of theoretical modeling in attacking hard zeroday research targets, which is a part of why it's fun. @zerodaytraining

🤔 (CVE-2024-7965 - exploited ITW)[356196918][compiler]Improper optimization of ZeroExtendsWord32ToWord64() leads to Memory Corruption is now open with PoC & RCA issues.chromium.org/issues/3…

Domato Lives! Today, we merged a WebGPU fuzzer written by @btiszka who used it to find several serious bugs in Chrome. Check it out at github.com/googleprojectzero…. Potentially also interesting for other browser vendors working on their own WebGPU implementation ;)

Dropped my slide for POC2024 on Linux kernel exploitation, including a journal from Pwn2Own Vancouver earlier this year. Enjoy 🙂. u1f383.github.io/slides/talk…

CVE-2024-26926 Analysis #LinuxKernel #CVE202426926 #Analysis #GitHub #SecurityVulnerabilities github.com/MaherAzzouzi/Linu…

Analysis of VMware vCenter heap overflow vulnerability exploited at Matrix Cup competitions in China, June 2024 (CVE-2024-38812): blog.sonicwall.com/en-us/202… Another one in same code, 2023: blog.sonicwall.com/en-us/202… ** Both are RCE to management console, not a hypervisor VM escape!

Our (@040xZx and myself) talk from Defcon about hacking the Xiaomi 13 Pro at Pwn2Own Toronto 2023 is up. Yay! media.defcon.org/DEF CON%2…