The next battleground is in sight, and things are going to move fast. Half-baked tech pitched as transformational will be quickly adopted and thrown in front of children without any validation, but the demos will be amazing!

We just published @firefox.com updates to fix the exploits used at the Pwn2Own contest yesterday and today. Both contestants achieved RCE in our content process but did not escape the sandbox. blog.mozilla.org/security/202...

It’s only Tuesday but the first night of Lobbycon has already started! 🍻

the takeover has begun.. trainings start tomorrow morning!

RUMOURS are TRUE 🤷‍♀️ PHRACK will be releasing a SPECIAL #71.5 👉HARDCOVER👈 at www.offensivecon.org BERLIN ("The 𞅀-Day Edition"). Main #72 release THIS SUMMER at MULTIPLE conferences (main release at WHY2025). ❤️

2025 agenda is out! www.offensivecon.org/agenda/2025....

To prevent deer from being hit by cars Finland has tried using reflective paint. (https://www.smithsonianmag.com/smart-news/avoid-deer-strikes-finland-painting-deer-antlers-reflective-paint-180949792/) File this under "solutions to modern problems that summon the old gods."

Still adding people as they wash up here go.bsky.app/EhGFSVj

The BlackHoodie training at OffensiveCon has a whole of 2 seats left, and we will have a special give-away with this edition :) blackhoodie.re/Offensivecon...

Don't forget, the CFP for the 40th anniversary issue of Phrack is open until June 15th 2025. You can be someone's favorite article in the future!! bsky.app/profile/phra...

Save the date - @blackhoodie.bsky.social is partnering with @offensivecon.bsky.social this year to bring a BlackHoodie training to Berlin! Students will learn how to place compiler backdoors in innocent code. Mark your calendars for May 15th! Registration opens tomorrow, space is very limited ☺️

Happy to share my slides from BOOTSTRAP25. Unfortunately the bug discussed is still not patched in Linux 6.14.0 despite it being reported explicitly. Slides are in markdown but there's a PDF in "releases" too github.com/jduck/bs25-s...

We are proud to announce our first keynote for Offensivecon 2025, Perri Adams! @perrib.us

Our second keynote for Offensivecon 2025 will be Dino Dai Zovi! @ddz.bsky.social

Must be @argp.bsky.social and karl's article on the FreeBSD kernel allocator. The first one I worked really through, introduced me to kernel exploitation, and finally helped me with my first real exploit for FreeBSD-SA-19:02.fd. phrack.org/issues/66/8#...

Good analysis by the syzkaller developer, how some of thr latest ITW vulns could have been found.

Pumpkin (@u1f383 on X) does cool work. Here is another cool read about an interesting race condition involving signal handling u1f383.github.io/linux/2025/0...

Really great read by @h0mbre (on X) about his journey to exploit a Linux n-day on kCTF. Not only the exploit but the process to understand the bug including own failures, e.g. deal with CONFIG_DEBUG_LIST, is full of insights. h0mbre.github.io/Patch_Gappin...

Hackers rejoice! We are releasing the Phrack 71 PDF for you today! Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue! The CFP is still open, you can find it and the PDF link at phrack.org

To all our Bluesky friends, feel free to follow us here as we will be posting regular updates as the conference gets closer. See you in May!

Thank you @phrack.org !

As of today I'm not longer with CrowdStrike. Looking forward to new challenges in VR :)

Can recommend Satoshi's training as well, rarely had a training that was such hands-on.

[RSS] Linux Kernel: TOCTOU in Exec System github.com -> Original->

Creative vuln research by Eloi (@elvanderb on X) on XNU logic bugs t.co/Z3ktOkj6Gi

Cool idea. Artists under the Taylor Swift level usually get their money through album sales and merch, maybe concerts only.

I really like the idea of Bandcamp Gift Cards! Get your friends and family hooked on supporting independent artists/small labels! https://bandcamp.com/gift_cards Original->

Interesting paper by Erin Avllazagaj to automatically find Linux kernel objects being potentially useful for privilege escalation, tool is called SCAVY. www.usenix.org/system/files...

Slides for my @ekoparty talk "Advanced Fuzzing With LibAFL" - > docs.google.com/presentation...

All the recordings from #r2con2024. 🤩 🙌 radare.org/con/2024/

Custom Linux kernel fuzzing with libFuzzer by @r00tkitsmm.bsky.social r00tkitsmm.github.io/fuzzing/2024...

Let's give this network a second chance and see if critical mass is hit.