Posts
4227
Following
735
Followers
1628
"I'm interested in all kinds of astronomy."
repeated
Edited 1 month ago

New from Nightmare-Eclipse, we have MiniPlasma

Works reliably to get a SYSTEM cmd.exe prompt on Win11 (including 26H1) with May's updates. Is reportedly a failure to properly fix CVE-2020-17103. I'll note that it does not seem to work on the latest Insider Preview Canary Windows 11.

2
4
0
repeated

TrendAI Zero Day Initiative

We're back for the final day of Berlin! Yesterday we ended the day with $908,750 awarded, 39 unique 0-days, and DEVCORE with a commanding lead for Master of Pwn. What's in store for today? Follow along for live results!

0
2
0
repeated

TrendAI Zero Day Initiative

Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win!

0
4
0
ssh-keysign-pwn: Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass

https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
0
4
3
repeated

They: "On a scale from 1 to 10: How lazy are you?"

Me: Using copy fail instead of sudo to gain root to avoid having to type my password

2
14
1
repeated

Has anyone ENCHANTED any cool WEAPONS lately?

#wizardposting #wizard
2
1
0
repeated
repeated

TrendAI Zero Day Initiative

It's official! Kentaro Kawane of GMO Cybersecurity by Ierae chained 2 Use-After-Free bugs to escalate privileges on Microsoft Windows 11 in the third round, earning $15,000 and 3 Master of Pwn points.

0
2
0
repeated
Edited 1 month ago

Calif demonstrates a not-yet-fixed data-only macOS kernel LPE. MIE, which is available on M5 Macs, does not thwart the attack.
https://blog.calif.io/p/first-public-kernel-memory-corruption

1
2
0
repeated

bert hubert 🇺🇦🇪🇺🇺🇦

Yesterday I attended the first Democratic Tech Alliance (DTA) Assembly over at the European Parliament. The DTA is a political/think tank/civil society/industry initiative that hopes to foster a tech-ecosystem on which we can continue to run our European democracies. Because it is not looking good. Useful progress was made, and here is what I learned: https://berthub.eu/articles/posts/democratic-tech-alliance-may-2026/

1
4
0
repeated

TrendAI Zero Day Initiative

In a video highlight from Day 1 of Berlin, Orange Tsai of the DEVCORE Research Team takes on Microsoft Edge with a sandbox escape! He earns $175,000 and 17.5 Master of Pwn points. https://youtube.com/shorts/8ngMzEVrdVs?feature=share

0
2
0
repeated

TrendAI Zero Day Initiative

Nice work! Angelboy & TwinkleStar03 (@scwuaptx & @_twinklestar03) of DEVCORE Research Team + DEVCORE Internship Program was able to exploit Microsoft Windows 11! If confirmed, they win $30,000 and 3 Master of Pwn points. They're off to the disclosure room to explain how they did it.

0
2
0
repeated

Hoshino Lina (星乃リナ) 🩵 3D Yuri Wedding 2026!!!

I worked at a fairly big tech co years before the AI boom. People did large scale refractoring across huge code bases back then. With refactoring tools. And properly written robots.

Applying changes to code at scale, opening PRs automatically, basic interaction with human reviewers, making sure tests pass, getting things merged when ready. All that already existed before LLMs. And it was actually reliable and not capable of hallucinating terrible things.

It's like we've forgotten how to automate things without LLMs and openclaw now...

3
8
0
repeated

TrendAI Zero Day Initiative

Amaze! Amaze! Amaze! Orange Tsai of DEVCORE Research Team was able to exploit Edge with a sandbox escape! If confirmed, we wins $175K. He's off to the disclosure room to explain how he did it.

0
3
0
repeated

TrendAI Zero Day Initiative

Boom! Valentina Palmiotti wastes no time kicking off Berlin in style. She requires just a few second to get code execution on the NV Container Toolkit. She heads off to the disclosure room to provide all the details.

0
3
0
repeated
Edited 1 month ago

I have published 3.4.0. Now you can install it in IDA by just running this:

$ hcli plugin install diaphora

https://github.com/joxeankoret/diaphora/releases/tag/3.4.0

2
3
1
repeated

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens https://projectzero.google/2026/05/pixel-10-exploit.html

0
2
0
repeated
Edited 1 month ago
2
2
5
Show older