I have completed the FORCED ENTRY RCE + SBX chain with a PAC bypass. The calculator payload can be found here: https://t.co/voZRBSdgdD. I learned a lot about iOS exploitation and can't wait to share that in a blog post, which I'll release along with the code to generate this PDF.
Let's put together the best articles on v8 vr/xd for 2025-2026. Write the most interesting blog posts, issues/reports, exploitation techniques, and so on in replies.
I'll start with: Seunghyun Lee(@0x10n) and 303f06e3
https://t.co/xrIyRkFjo2
https://t.co/lpl1uQ8MHT
shaking my head while excitedly reading a citizen lab / project zero post so everyone in my work-from-home office knows i disagree with human rights violations
We really should be talking about this more....KASLR is just not working properly on Android right now, and it hasn't for a long time.
https://t.co/AE0vBXEcob
As the operator of a soup kitchen, I don’t see why I should be expected to fix health code violations people report. After all, we are run almost entirely by volunteers
@boredpentester@rdjgr Lots of jbig2 related code in my forced entry repo: https://t.co/Vk8L2VQsFJ
Adder, comparator, segments for bit reads/writes and a strategy for byte reads/writes. Good luck!
Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application.
https://t.co/ykJv0sePN9
I'm thrilled to announce that my talk Ghost Calls: Abusing Web Conferencing for Covert Command & Control was accepted to #BHUSA 2025 (CC: @BlackHatEvents)
https://t.co/hRUncJq3YY