Here are the slides from the "Attacking JavaScript Engines in 2022" talk by @itszn13 and myself @offensive_con. It's a high-level talk about JS, JIT, various bug classes, and typical exploitation flows but with lots of references for further digging! https://t.co/DtHsLa34Da
Today we're publishing a detailed technical writeup of FORCEDENTRY, the zero-click iMessage exploit linked by Citizen Lab to the exploitation of journalists,
activists and dissidents around the world. https://t.co/RYsqpTHF5j
The schedule for #Pwn2Own 2021 is live! Check out all of the attempts set for the next 3 days. We'll be updated the schedule with results as we get them. https://t.co/iLyRzBIb6g
It's been a while since I wrote anything so I wrote an article on how to discover the entire x86-64 instruction set in seconds including any hidden instructions and learn their basic properties while on it. There were some pretty interesting results!
https://t.co/t7vMwYDYas
🐋 How Netflix secures their containers using User Namespaces ("rootless containers")
Great overview of the problem space + a discussion of how their architecture has changed over time
by @fabiokung@sargun@aspyker@heliousc6@anwleung et al
https://t.co/7G0V0A83Pc
"Hacking Starbucks and Accessing Nearly 100 Million Customer Records" - write up on a recent directory traversal vulnerability found with @Rhynorater ☕️
https://t.co/3Ug0SSrRI5
The smallest sandbox escape for AngularJS, by @PortSwiggerRes
{{{}.")));alert(1)//"}}
And the full (?) list in the cheat sheet: https://t.co/A3I7Q7BTk4
There’s a lot of buzz right now about a “massive DDoS attack” targeting the US, complete with scary-looking graphs (see Tweet below). While it makes for a good headline in these already dramatic times, it’s not accurate. The reality is far more boring. 1/X https://t.co/4wDIlKnfQg
In case you missed @natashenka's talk at @BlackHatEvents this week, here is a video showing a remote exploit for one of the iMessage bugs we found: https://t.co/iEb1tvZpt0 Be sure to read https://t.co/w9iHf4WwmS if you are interested in these kinds of attacks!