你可能会喜欢
So the challenge i wrote for @PotluckCTF introduced a new heap house (which I shamelessly dubbed "house of water" after my two teams), and a general technique I dubbed "safe link double protect". Both are now available here: github.com/shellphish/how… github.com/shellphish/how…
Made a fun little heap challenge for #37C3 @PotluckCTF called Tamagoyaki. It features a fun way to bypass protect_ptr without a leak I discovered while exploiting a bug. It only got one solve during the CTF, so made a writeup: github.com/UDPctf/CTF-cha…
Here is a fun little 0-click RCE for WarCraft II I wrote for BlueWater CTF (which unfortunately won't see the light of day) It works on the GoG release, and hits everyone on the network searching for a game. So be careful at your next boomer lan party😱 github.com/UDPctf/CTF-cha…
An analysis of a recent 0-click exploit targeting Samsung devices: googleprojectzero.blogspot.com/2025/12/a-look…
Analysis of CVE-2025-6554: A type confusion vulnerability in V8! Constructed addrof/fakeobj, read/write primitives in V8 sandbox. Thanks to @DarkNavyOrg, @mistymntncop, @bjrjk for helping me with the exploitation. github.com/aklnjakln/CVE-…
We really should be talking about this more....KASLR is just not working properly on Android right now, and it hasn't for a long time. googleprojectzero.blogspot.com/2025/11/defeat…
I'm pretty excited about this (POE2 in particular)! It's basically what we've been preparing for with the PKEY-based hardware sandboxing prototype for V8 (docs.google.com/document/d/1l3…)
More HW security goodness from Arm: community.arm.com/arm-community-… vMTE (Virtual Memory Tagging) allows to use MTE in a more flexible way, consuming less RAM. POE2 allows to build efficient in-process sandboxes and isolation. More-or-less improvement over x86 Memory Protection Keys.
Guess you could say they were Unsat :^)
Planning a CTF? We're here to support organizers with proven expertise and a commitment to quality challenges. Apply here: dfsec.com/ctf-support
It's so over
First mention of x86 memory tagging (aka MTE) by both Intel and AMD (codename ChkTag): community.intel.com/t5/Blogs/Tech-… amd.com/en/blogs/2025/… 🤘🤘🤘
Check out our newest blog about how we took advantage of a WebGPU feature to turn an integer underflow bug into an arbitrary read in Chrome’s WebGPU. This bug was fixed by Google long ago, but our ticket is still restricted. qriousec.github.io/post/oob-angle/ by @lanleft_ + @__suto
so excited to finally share something I’ve been working on alongside many brilliant colleagues. MTE will truly raise the bar for memory safety. security.apple.com/blog/memory-in…
🥈 Thrilled to nab 2nd as Blue Water, teamed up with @perfect_blue at DEFCON CTF Final 33! 🙌 Congrats to @mmm_ctf_team for their 4th straight 1st 💪 We’re gunning for the crown next year! Join our crew to make it happen! DM us or drop us an email! 🚀 #DEFCON #CTF
Getting 2nd place in Defcon finals for the third year in a row has triggered the great depression for the team xd
Mini Writeup of CVE-2025-6554. POC by @DarkNavyOrg. All errors in writeup my own. gist.github.com/mistymntncop/3…
Finding exploitable browser bugs during exam season sucks. Makes it very difficult to focus on studying when constantly thinking of the bug 🫠
🚨🚨🚨We just broke everyone’s favorite CTF PoW🚨🚨🚨 Our teammate managed to achieve a 20x SPEEDUP on kctf pow through AVX512 on Zen 5. Full details here: anemato.de/blog/kctf-vdf The Sloth VDF is dead😵 This is why kernelCTF no longer has PoW!
anemato.de
Beating the kCTF PoW with AVX512IFMA for $51k
PoW is gone 🦀🦀
United States 趋势
- 1. Bears 132K posts
- 2. Caleb Williams 35.4K posts
- 3. Malik Willis 14.8K posts
- 4. #BearDown 4,377 posts
- 5. Nixon 11.8K posts
- 6. Ben Johnson 9,360 posts
- 7. Doubs 8,789 posts
- 8. Oregon 35.3K posts
- 9. Jordan Love 12.6K posts
- 10. Bowen 11.7K posts
- 11. #GoPackGo 7,767 posts
- 12. Tulane 31.9K posts
- 13. Cher 35.6K posts
- 14. #GBvsCHI 3,165 posts
- 15. LaFleur 4,248 posts
- 16. GOOD BETTER BEST 3,660 posts
- 17. Texas Tech 7,078 posts
- 18. Duke 25.3K posts
- 19. Jahdae Walker 3,665 posts
- 20. James Madison 9,893 posts
你可能会喜欢
Something went wrong.
Something went wrong.