A belated writeup about macOS snapshot fuzzing I talked about last year: https://t.co/s4JzidEqm5
Builds on @0vercl0k 's WTF and adds loading of VMWare snapshots with some additional scripts/tools. Code here: https://t.co/XNkKeQhqA9

— Aleks (@FuzzyAleks) May 16, 2024

Android-based “portable high-resolution lossless music player” (FiiO M6): Reverse engineering and exploitation
Interesting series by @_stigward

Find a kernel bug: https://t.co/4i2Ki4wqQK
LPE exploit: https://t.co/oJ8MXJE0IH#android pic.twitter.com/rh5MPL9Lc4

— 0xor0ne (@0xor0ne) May 16, 2024

I am definitely biased but if you need to listen to a podcast, I’d highly recommend the latest from @lawfare w @gavinbwilde @emma_landi on the evolving role of LEAs in takedown operations + the relevant guardrails necessary for them to operate responsibly https://t.co/wuXFg27DVp

— Louise Marie Hurel (@LouMarieHSD) May 17, 2024

I have never put napkin math as much to the practise as with building @turbopufferhttps://t.co/XgvXiH9NIF I have this tab open all the time, doing the calculations in @raycastapp which has phenomenal unit support

Profiles and observability will never tell you the lower bound…

— Simon Eskildsen (@Sirupsen) May 16, 2024

⚡️0-Day Insights: Google Chrome "actively exploited" bug chain on Viz & v8-wasm (May 2024) https://t.co/2Tsf1zBgXK (by @alisaesage)

— Zero Day Engineering (@zerodaytraining) May 17, 2024

We (@vaber_b and I) have discovered a Google Chrome zero-day that is actively used in targeted attacks. It was just fixed as CVE-2024-4947 and we're going to reveal more details soon 🔥🔥🔥. Update now! https://t.co/8guemaDow0

— Boris Larin (@oct0xor) May 16, 2024

Sandboxing v8 seems very complicated judging by numbers of recent tickets:https://t.co/JEKu7o8UnU

— Suto (@__suto) March 1, 2024

There is a fuzzer for v8 sandbox called autozilli:https://t.co/503EPlDtij
so far we can see it can be overcome by manipulation heap data to
* corrupt the stackhttps://t.co/m3UUvUa9sd
* corrupt global array memoryhttps://t.co/KaTJm9K1WZ
* or recently manfred case to corrupt jit…

— Suto (@__suto) May 10, 2024

* before v8 sbx officially launched peoples mostly bypass by corrupting some code pointer on heap by runtime objhttps://t.co/JUMtQo4aZ9
or by wasm instance

— Suto (@__suto) May 16, 2024

Why are NordVPN and Surfshark rerouting certain traffic through proxies?

This JA4+ blog finds that they're both routing certain ports, like 5060, through proxies, which no other VPN provider does. And also that NordVPN's proxy is misconfigured?https://t.co/8tzomfcjYG

— John Althouse (@4A4133) May 15, 2024

Updates for the Linux kernel exploitation collection 😋https://t.co/q3QGfQ76ha

— Andrey Konovalov (@andreyknvl) May 16, 2024

Happy to share (me, @0xB4x & Meshari) our new findings on Microchip Atmel SAM E70/S70/V70/V71 family

Writeup - CVE-2024-4760: https://t.co/WxqVcrvFMX

Were we are able to bypass the security mechanism by voltage fault injection⚡️! pic.twitter.com/JHqYLIIdgQ

— Waleed (@WaLeedALzamil) May 16, 2024

Had an amazing experience at @1ns0mn1h4ck this year, talking about adding NVMe-of/TCP to syzkaller.

In case you want to check it out:
Here’s the recording - https://t.co/7waJkjcg8A
And the slides - https://t.co/FosaAhYvc4

— Alon Zahavi (@Alon_Z4) May 14, 2024