May 27, 2024
May 27, 2024
just finished a new blogpost on how i exploited the V8 javascript engine at a CTF!
— Rebane (@rebane2001) May 25, 2024
it's a beginner friendly journey from a memory corruption to a browser pwn, and features lots of cool CSS to help you understand various concepts along the way.
have fun!!https://t.co/rByOeFSwDP
Arrigo Triulzi on LinkedIn: The “Godot” attack (or "How to exfiltrate using ML") What if you trained…
The “Godot” attack (or "How to exfiltrate using ML") What if you trained a public ML system by feeding it confidential information as nonsense responses to…
Iconv, set the charset to RCE: in the first blog post of this series, @cfreal_ will show a new exploitation vector to get RCE in PHP from a file read primitive, using a bug in iconv() (CVE-2024-2961) https://t.co/7GQvKPszrl
— Ambionics Security (@ambionics) May 27, 2024
We just created a blog for OSS-Fuzz!
— Oliver Chang (@halbecaf) May 27, 2024
The first post is about extending our LLM fuzz harness generation work to completely new, unfuzzed projects: https://t.co/xX9m33E0sc
Long time no research share! Back with some interesting bugs. Let's start with CVE-2024-27842. UDF is a kernel extension that's been on macOS for decades. The vuln lies in VNOP_IOCTL, where an arbitrary cmd can be sent to an arbitrary vnode, leading to memory corruptions.
— Tielei (@WangTielei) May 24, 2024
— Tielei (@WangTielei) May 24, 2024
do you think this is an appropriate amount of spite to put into a reverse engineering project? pic.twitter.com/MFNgmXZogl
— Catherine (@whitequark) May 27, 2024
enjoy https://t.co/cCxwgayt8I
— Catherine (@whitequark) May 27, 2024