| 2024-11-01 |
From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code |
Google Project Zero |
|
| 2024-10-26 |
The Windows Registry Adventure #4: Hives and the registry layout |
Google Project Zero |
|
| 2024-10-04 |
Effective Fuzzing: A Dav1d Case Study |
Unknown |
|
| 2024-06-28 |
The Windows Registry Adventure #3: Learning resources |
Google Project Zero |
|
| 2024-06-21 |
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models |
Google Project Zero |
|
| 2024-06-14 |
Driving forward in Android drivers |
Google Project Zero |
|
| 2024-04-19 |
The Windows Registry Adventure #2: A brief history of the feature |
Google Project Zero |
|
| 2024-04-19 |
The Windows Registry Adventure #1: Introduction and research results |
Google Project Zero |
|
| 2023-08-03 |
Summary: MTE As Implemented |
Google Project Zero |
|
| 2023-08-03 |
MTE As Implemented, Part 2: Mitigation Case Studies |
Google Project Zero |
|
| 2023-08-03 |
MTE As Implemented, Part 3: The Kernel |
Google Project Zero |
|
| 2023-04-25 |
Release of a Technical Report into Intel Trust Domain Extensions |
Google Project Zero |
|
| 2023-03-17 |
Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems |
Google Project Zero |
|
| 2022-11-02 |
Gregor Samsa: Exploiting Java's XML Signature Verification |
Google Project Zero |
|
| 2022-06-30 |
2022 0-day In-the-Wild Exploitation…so far |
Google Project Zero |
|
| 2022-06-15 |
An Autopsy on a Zombie In-the-Wild 0-day |
Google Project Zero |
|
| 2022-05-13 |
Release of Technical Report into the AMD Security Processor |
Anonymous |
|
| 2022-03-25 |
Racing against the clock -- hitting a tiny kernel race window |
Ryan |
|
| 2022-02-11 |
A walk through Project Zero metrics |
Ryan |
|
| 2022-01-19 |
Zooming in on Zero-click Exploits |
Ryan |
|
| 2021-12-16 |
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution |
Ryan |
|
| 2021-12-02 |
Shouldn't have happened: A vulnerability postmortem |
fanf2 |
|
| 2021-10-22 |
Windows Exploitation Tricks: Relaying DCOM Authentication |
Ryan |
|
| 2021-10-22 |
Using Kerberos for Authentication Relay Attacks |
Ryan |
|
| 2021-10-20 |
How a simple Linux kernel memory corruption bug can lead to complete system compromise |
Ryan |
|
| 2021-09-15 |
Fuzzing Closed-Source JavaScript Engines with Coverage Feedback |
Ryan |
|
| 2021-08-20 |
Understanding Network Access in Windows AppContainers |
Ryan |
|
| 2021-06-30 |
An EPYC escape: Case-study of a KVM breakout |
Ryan |
|
| 2021-05-21 |
Fuzzing iOS code on macOS at native speed |
Ryan |
|
| 2021-04-23 |
Designing sockfuzzer, a network syscall fuzzer for XNU |
Ryan |
|
| 2021-04-16 |
Policy and Disclosure: 2021 Edition |
Ryan |
|
| 2021-04-02 |
Who Contains the Containers? |
Ryan |
|
| 2021-03-19 |
In-the-Wild Series: October 2020 0-day discovery |
Ryan |
|
| 2021-02-04 |
Déjà vu-lnerability |
Ryan |
|
| 2021-01-29 |
A Look at iMessage in iOS 14 |
Ryan |
|
| 2021-01-22 |
Windows Exploitation Tricks: Trapping Virtual Memory Access |
Ryan |
|
| 2021-01-20 |
The State of State Machines |
Ryan |
|
| 2021-01-15 |
Hunting for Bugs in Windows Mini-Filter Drivers |
Ryan |
|
| 2021-01-13 |
In-the-Wild Series: Android Exploits |
Ryan |
|
| 2021-01-13 |
In-the-Wild Series: Android Post-Exploitation |
Ryan |
|
| 2021-01-13 |
In-the-Wild Series: Windows Exploits |
Ryan |
|
| 2021-01-13 |
In-the-Wild Series: Chrome Infinity Bug |
Ryan |
|
| 2021-01-13 |
In-the-Wild Series: Chrome Exploits |
Ryan |
|
| 2021-01-13 |
Introducing the In-the-Wild Series |
Ryan |
|
| 2020-12-22 |
An iOS hacker tries Android |
Ryan |
|
| 2020-12-06 |
Oops, I missed it again! |
Unknown |
|
| 2020-12-06 |
JITSploitation II: Getting Read/Write |
Unknown |
|
| 2020-12-06 |
JITSploitation III: Subverting Control Flow |
Unknown |
|
| 2020-12-06 |
Exploiting Android Messengers with WebRTC: Part 2 |
Unknown |
|
| 2020-12-06 |
MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle |
Unknown |
|
| 2020-12-06 |
Root Cause Analyses for 0-day In-the-Wild Exploits |
Unknown |
|
| 2020-12-06 |
MMS Exploit Part 3: Constructing the Memory Corruption Primitives |
Unknown |
|
| 2020-12-06 |
An iOS zero-click radio proximity exploit odyssey |
Unknown |
|
| 2020-12-06 |
Enter the Vault: Authentication Issues in HashiCorp Vault |
Unknown |
|
| 2020-12-06 |
Announcing the Fuzzilli Research Grant Program |
Unknown |
|
| 2020-12-06 |
Attacking the Qualcomm Adreno GPU |
Unknown |
|
| 2020-12-06 |
JITSploitation I: A JIT Bug |
Unknown |
|
| 2020-12-06 |
MMS Exploit Part 5: Defeating Android ASLR, Getting RCE |
Ben |
|
| 2020-12-06 |
Exploiting Android Messengers with WebRTC: Part 3 |
Unknown |
|
| 2020-12-06 |
Exploiting Android Messengers with WebRTC: Part 1 |
Unknown |
|
| 2020-12-06 |
The core of Apple is PPL: Breaking the XNU kernel's kernel |
Unknown |
|
| 2020-12-06 |
One Byte to rule them all |
Unknown |
|
| 2020-12-06 |
Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 |
Unknown |
|
| 2020-12-06 |
MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec |
Unknown |
|
| 2020-12-06 |
MMS Exploit Part 1: Introduction to the Samsung Qmage Codec and Remote Attack Surface |
Unknown |
|
| 2020-12-06 |
How to unc0ver a 0-day in 4 hours or less |
Unknown |
|
| 2020-12-06 |
FF Sandbox Escape (CVE-2020-12388) |
Unknown |
|
| 2020-12-06 |
A survey of recent iOS kernel exploits |
Unknown |
|
| 2020-12-06 |
Fuzzing ImageIO |
Unknown |
|
| 2020-12-06 |
You Won't Believe what this One Line Change Did to the Chrome Sandbox |
Unknown |
|
| 2020-02-25 |
Escaping the Chrome Sandbox with RIDL |
Ben |
|
| 2020-02-14 |
Mitigations are attack surface, too |
Ben |
|
| 2020-02-14 |
A day^W^W Several months in the life of Project Zero - Part 1: The Chrome bug of suffering |
Ben |
|
| 2020-02-14 |
A day^W^W Several months in the life of Project Zero - Part 2: The Chrome exploit of suffering |
Ben |
|
| 2020-02-14 |
Part II: Returning to Adobe Reader symbols on macOS |
Unknown |
|
| 2020-01-13 |
Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641 |
Unknown |
|
| 2020-01-13 |
Policy and Disclosure: 2020 Edition |
Unknown |
|
| 2020-01-13 |
Calling Local Windows RPC Servers from .NET |
Unknown |
|
| 2020-01-13 |
Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution |
Unknown |
|
| 2020-01-13 |
Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass |
Unknown |
|
| 2020-01-13 |
SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4 |
Unknown |
|
| 2019-11-22 |
Bad Binder: Android In-The-Wild Exploit |
Unknown |
|
| 2019-10-29 |
In-the-wild iOS Exploit Chain 1 |
Unknown |
|
| 2019-10-29 |
In-the-wild iOS Exploit Chain 5 |
Unknown |
|
| 2019-10-29 |
In-the-wild iOS Exploit Chain 4 |
Unknown |
|
| 2019-10-29 |
In-the-wild iOS Exploit Chain 3 |
Unknown |
|
| 2019-10-29 |
In-the-wild iOS Exploit Chain 2 |
Unknown |
|
| 2019-10-29 |
Implant Teardown |
Unknown |
|
| 2019-10-29 |
JSC Exploits |
Unknown |
|
| 2019-10-29 |
The Many Possibilities of CVE-2019-8646 |
Unknown |
|
| 2019-10-29 |
KTRW: The journey to build a debuggable iPhone |
Unknown |
|
| 2019-10-29 |
The story of Adobe Reader symbols |
Unknown |
|
| 2019-10-29 |
Windows Exploitation Tricks: Spoofing Named Pipe Client PID |
Unknown |
|
| 2019-10-29 |
Google uncovers a significant iPhone security exploit ↦ |
Link ‧ Dan Moren |
|
| 2019-10-29 |
Windows Exploitation Tricks: Abusing the User-Mode Debugger |
Ben |
|
| 2019-10-29 |
Virtually Unlimited Memory: Escaping the Chrome Sandbox |
Ben |
|
| 2019-10-29 |
Splitting atoms in XNU |
Ben |
|
| 2019-10-29 |
Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager |
Ben |
|
| 2019-10-29 |
Android Messaging: A Few Bugs Short of a Chain |
Ben |
|
| 2019-10-29 |
The Curious Case of Convexity Confusion |
Ben |
|
