just finished a new blogpost on how i exploited the V8 javascript engine at a CTF!

it's a beginner friendly journey from a memory corruption to a browser pwn, and features lots of cool CSS to help you understand various concepts along the way.

have fun!!https://t.co/rByOeFSwDP

— Rebane (@rebane2001) May 25, 2024

Iconv, set the charset to RCE: in the first blog post of this series, @cfreal_ will show a new exploitation vector to get RCE in PHP from a file read primitive, using a bug in iconv() (CVE-2024-2961) https://t.co/7GQvKPszrl

— Ambionics Security (@ambionics) May 27, 2024

We just created a blog for OSS-Fuzz!

The first post is about extending our LLM fuzz harness generation work to completely new, unfuzzed projects: https://t.co/xX9m33E0sc

— Oliver Chang (@halbecaf) May 27, 2024

Long time no research share! Back with some interesting bugs. Let's start with CVE-2024-27842. UDF is a kernel extension that's been on macOS for decades. The vuln lies in VNOP_IOCTL, where an arbitrary cmd can be sent to an arbitrary vnode, leading to memory corruptions.

— Tielei (@WangTielei) May 24, 2024

POC: https://t.co/fSBZMZ12sz

— Tielei (@WangTielei) May 24, 2024

do you think this is an appropriate amount of spite to put into a reverse engineering project? pic.twitter.com/MFNgmXZogl

— Catherine (@whitequark) May 27, 2024

enjoy https://t.co/cCxwgayt8I

— Catherine (@whitequark) May 27, 2024