@_clem1 Clement Lecigne burned 33 in-the-wild 0-days since 2014 and has found 8 0-days already so far this year. If you find it in the wild, I don’t know if that counts as your bug or not. Finders keepers, maybe? I don’t know.| Pwnies
The Transportation Security Administration The notorious queer anarchist hacker Maia Crimew discovered the entire TSA no fly list lying around on the internet and had the good graces to let everyone know about it. Did anyone else, like, search for themselves? Did anyone find themselves? No? All right.| Pwnies
Threema A new canonical example for “blog post of butthurt”: https://threema.ch/en/blog/posts/news-alleged-weaknesses-statement). Punching down is always lame, Threema.| Pwnies
@scannell_simon ClamAV RCE (CVE-2023-20032): ASLR bypass technique enabling 0 click server side exploits| Pwnies
@danis_jiang and @0x140ceURB https://www.vmware.com/security/advisories/VMSA-2022-0033.html) This team successfully performed VM escapes across all VMware virtual machine products: Workstation, Fusion, and ESXi (within the sandbox), making it the only VMware VM escape at pwn2own last year. We love this because VMware escapes are really difficult, and these guys managed to find one. … It’s very hard work […]| Pwnies
Simon Zuckerbraun at Trendmicro (https://www.thezdi.com/blog/2023/1/23/activation-context-cache-poisoning-exploiting-csrss-for-privilege-escalation). This nomination highlights a new class of privilege escalation vulnerabilities, known as activation context cache poisoning. This technique was being actively used by an Austrian hack-for-hire group tracked by Microsoft as KNOTWEED”| Pwnies
@ghidraninja Thomas [Roth] developed an iPhone JTAG cable called the Tamarin Cable and a Lightning Fuzzer. Though the video at https://www.youtube.com/watch?v=8p3Oi4DL0el&t=1s is no longer available, you can still view Roth’s DEF CON 30 presentation.| Pwnies
Ohm-IClickin’ by Ohm-I (https://mcohmi.bandcamp.com/track/clickin)| Pwnies
Ben Nassi A new cryptanalytic side-channel attack using the RGB values of the device’s LED. This is a really cool one. They basically recorded an LED on a phone, and then through the RGB values, were able to cryptographically break it. https://eprint.iacr.org/2023/923| Pwnies
Sneaky malware (CVE-2022-22036) has found a new playmate for local privilege escalation and sandbox escape adventures! It’s the first bug that’s been released at least in the last decade about performance counters in Windows.| Pwnies