Exploiting the Source Engine’s network protocol to leak vtable pointers
https://mrnbayoh.github.io/blog/source-engine/2025/06/30/offensive-on-the-source-engine-network-protocol-part-1.html
https://mrnbayoh.github.io/blog/source-engine/2025/06/30/offensive-on-the-source-engine-network-protocol-part-1.html
nba::yoh’s blog
Offensive on the Source Engine Network Protocol - Part 1: InfoLeak
Write an awesome description for your new site here. You can edit this line in _config.yml. It will appear in your document head meta (for Google search results) and in your feed.xml site description.
Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida)
https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
Ibm
Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida) | IBM
Dive into research on a double-free vulnerability, CVE-2019-11932, in an image processing library used by WhatsApp and a GIF-processing vulnerability affecting Android mobile phones.
dive into the world of some of the recently published potato techniques
https://www.r-tec.net/r-tec-blog-windows-is-and-always-will-be-a-potatoland.html
https://www.r-tec.net/r-tec-blog-windows-is-and-always-will-be-a-potatoland.html
www.r-tec.net
r-tec Blog | Windows is and always will be a Potatoland
This blog post will dive into the world of some of the recently published potato techniques that can lead to more serious risks than
what the zero day marketplace looks like in the U.S. and how it compares to China.
https://www.atlanticcouncil.org/in-depth-research-reports/report/crash-exploit-and-burn/
https://www.atlanticcouncil.org/in-depth-research-reports/report/crash-exploit-and-burn/
Atlantic Council
Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace
If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.
CVE-2023-52927 - Turning a Forgotten Syzkaller Report into kCTF Exploit
https://seadragnol.github.io/posts/CVE-2023-52927/
https://seadragnol.github.io/posts/CVE-2023-52927/
SeaDragnoL
CVE-2023-52927 - Turning a Forgotten Syzkaller Report into kCTF Exploit
my first CVE - my first kCTF
From cheap IoT toy to your smartphone: Getting RCE by leveraging a companion app
https://www.synacktiv.com/en/publications/from-cheap-iot-toy-to-your-smartphone-getting-rce-by-leveraging-a-companion-app
https://www.synacktiv.com/en/publications/from-cheap-iot-toy-to-your-smartphone-getting-rce-by-leveraging-a-companion-app
Synacktiv
From cheap IoT toy to your smartphone: Getting RCE by leveraging a
The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction
https://u1f383.github.io/linux/2025/06/26/the-journey-of-bypassing-ubuntus-unprivileged-namespace-restriction.html
https://u1f383.github.io/linux/2025/06/26/the-journey-of-bypassing-ubuntus-unprivileged-namespace-restriction.html
Buried in the Log. Exploiting a 20 years old NTFS Vulnerability
https://swarm.ptsecurity.com/buried-in-the-log-exploiting-a-20-years-old-ntfs-vulnerability/
https://swarm.ptsecurity.com/buried-in-the-log-exploiting-a-20-years-old-ntfs-vulnerability/
Пятничный опрос.
Кто круче? 😎
Кто круче? 😎
Final Results
22%
Threat hunter
64%
Reverse engineer
13%
Forensic investigator
Likely Belarus-Nexus Threat Actor Delivers Downloader to Poland
https://dmpdump.github.io/posts/Belarus-nexus_Threat_Actor_Target_Poland/
https://dmpdump.github.io/posts/Belarus-nexus_Threat_Actor_Target_Poland/
dmpdump
Likely Belarus-Nexus Threat Actor Delivers Downloader to Poland
On June 30, 2025, a file named deklaracja.chm (“declaration.chm”) was uploaded to VirusTotal from Poland.
dynamic binary instrumentation, analysis, and patching framework
https://github.com/redthing1/w1tn3ss
https://github.com/redthing1/w1tn3ss
GitHub
GitHub - redthing1/w1tn3ss: binary instrumentation, analysis, and patching framework
binary instrumentation, analysis, and patching framework - redthing1/w1tn3ss
China Targets Country’s Own Telecommunications
(говорят это были учения)
https://0x0d4y.blog/telecommunications-supply-chain-china-nexus-threat-technical-analysis-of-veletrix-loaders-strategic-infrastructure-positioning/
(говорят это были учения)
https://0x0d4y.blog/telecommunications-supply-chain-china-nexus-threat-technical-analysis-of-veletrix-loaders-strategic-infrastructure-positioning/
0x0d4y Malware Research -
VELETRIX Loader Dissection: Kill Chain Analysis of China-Nexus Telecommunications Infrastructure Targeting - 0x0d4y Malware Research
In my work I had the opportunity to analyze a China-Nexus Threat Actor, called Earth Alux, and this research, which only covers the fundamental points of the Kill Chain and the analysis of some components of its Toolkit, was the starting point of a long process…