https://www.thezdi.com/blog daily 0.75 2026-04-02 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1489755099202-DZZXWT0JDIIFY1A8EFJI/banner-register-mobile.jpg Blog https://www.thezdi.com/blog/2026/3/11/announcing-pwn2own-berlin-for-2026 monthly 0.5 2026-03-12 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f1a17b36-ce06-47c8-8e58-3435b9bbdcc4/Slide1.jpeg Blog - Announcing Pwn2Own Berlin for 2026 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d9ee752e-7f62-440b-818a-55fd6d94a2f0/Slide2.jpeg Blog - Announcing Pwn2Own Berlin for 2026 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ad7c5b03-1001-43ce-9144-be06b43ef9f6/entapps.jpg Blog - Announcing Pwn2Own Berlin for 2026 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/278211ce-a1e8-4258-b593-3faca48002e5/Slide4.jpeg Blog - Announcing Pwn2Own Berlin for 2026 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/127bc809-2387-4e40-ab0d-2c65175ca167/eop.jpg Blog - Announcing Pwn2Own Berlin for 2026 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/742779a4-1563-4aa4-bb59-8f189c8eb231/Containers2.jpg Blog - Announcing Pwn2Own Berlin for 2026 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d88dfd8d-1260-41d0-bbb2-389c6550a962/aidb.jpg Blog - Announcing Pwn2Own Berlin for 2026 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8bb9ea99-c1b3-4567-97cb-db2395131a77/Slide8.jpeg Blog - Announcing Pwn2Own Berlin for 2026 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/33770fe8-49c1-425f-83e5-2b141bd2f4e0/Slide9.jpeg Blog - Announcing Pwn2Own Berlin for 2026 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/077616af-de47-4235-a621-a8bf07c8295e/nvidia3.jpg Blog - Announcing Pwn2Own Berlin for 2026 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f5332a6b-e3d2-42e1-bb98-4e9c9de46536/Amazon_Web_Services-Logo.wine.png Blog - Announcing Pwn2Own Berlin for 2026 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2026/3/10/the-march-2026-security-update-review monthly 0.5 2026-03-10 https://www.thezdi.com/blog/2026/2/19/cve-2026-20841-arbitrary-code-execution-in-the-windows-notepad monthly 0.5 2026-02-19 https://www.thezdi.com/blog/2026/2/10/the-february-2026-security-update-review monthly 0.5 2026-02-10 https://www.thezdi.com/blog/2026/2/4/cve-2025-6978-arbitrary-code-execution-in-the-arista-ng-firewall monthly 0.5 2026-02-05 https://www.thezdi.com/blog/2026/1/23/pwn2own-automotive-2026-day-three-results-and-the-master-of-pwn monthly 0.5 2026-01-23 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/aa344e50-4c55-4b18-a6bb-a2f7e04c2eb5/Leaderboard+Day+3+.png Blog - Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b79cab09-da95-4945-af8f-791d0421e2ed/Fuzzware.io+-+Alpine+-+collision+.png Blog - Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/30e49aac-52a5-4f4b-869e-3ad0142bc006/Qrious+Secure+-+Grizzl-E+-+Collision+.jpeg Blog - Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/167c33b0-372a-4ebc-884b-19bc161741cf/Team+MST+-+Kenwood+-+Collision+.jpeg Blog - Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1371e471-52a3-4a16-bb03-4953544475ac/PetoWorks+-+Grizzl+E.jpeg Blog - Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9f6d426b-8c56-4861-a0a7-5c7c2369de73/Team+DDOS+-+Alpine+iLX%E2%80%91F511.jpeg Blog - Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/04a68b8c-32c5-4ee6-a86a-72ce671df8cc/Viettel+-+Sony+XAV%E2%80%919500ES.jpeg Blog - Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8455b103-fa8e-43f2-b81e-9c2dd9f2b246/Doom.png Blog - Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4d2df21c-b266-4878-a30a-e27adf71ef8a/Viettel+-+Kenwood+.jpeg Blog - Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fc8cd1a5-592d-43e2-badb-5cdea239d228/Autocrypt+-+Alpine.jpeg Blog - Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2bc0b380-ec4f-487d-af2b-f3a751017166/Juurin+-+Kenwood+-+Success+.jpeg Blog - Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2026/1/22/pwn2own-automotive-2026-day-two-results monthly 0.5 2026-01-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/cfe61bfe-7649-412d-9c6d-2a9449ba9e61/Leaderboard+Day+2.png Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f2e12153-cea1-4c92-99ca-487852f78dc4/Team+MAMMOTH+-+Alpine+-+1+.png Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7cb2e236-6979-4fe3-87ab-657d15e70233/FuzzingLabs+-+Phoenix+-+1.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3c928e38-aeb3-42a4-b67e-15eeb0c47720/Neodyme+-+Sony.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/06984fb2-ac4c-4e44-8283-55e378fe7cc3/InnoEdge+-+Alp.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/29ebd237-77e2-47c5-9c7a-0bfe5ac2ce9f/Viettel+-+Alp.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f986f9c8-3878-4834-9243-482e90747031/boredpentester+-+Grizzl-E.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e314bdbe-8bd2-49c5-aca9-8edd2f5ed6a0/DDOS+-+Collision.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0f26eaa9-dc47-4cc9-80af-1e1b92e70d33/GMO+Cybersecurity+by+Ierae+-+Alpine+.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/61198689-a87e-49e0-bc43-5a7f6562eb6a/78+Research+Lab+-+Kenwood.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/21663852-72b1-4b6e-ac80-0f6e9e7ce5b1/Xilokar+-+1.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4d2e6f33-00f3-4dea-b19f-13c11ab13494/BoB+Takedown+-+Grizzl-E+.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/80f7507f-6331-48c1-a1cb-9f34712cc9ce/Fuzzware.io++-+Phoenix.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d686c98c-bcb5-48ed-8b7a-cd47af950da2/Qrious+Secure+-+Alpine+.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b8c629b2-5f9a-4db3-bff1-d31050bf9c57/BoredPentester.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/59a20a1c-14d2-4f64-a52d-b1894c04baa0/Technical+Debt+Collectors+-+Automotive+Grade+Linux.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d39d3563-2f60-42da-a975-01de3eef7cea/Synacktiv+-+Autel+MaxiCharger+.png Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/eef3f9ba-dd0b-4303-83f1-84ee01080924/Fuzzware.io+-+Charge+Point+.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7b22a0af-668b-44bb-a8c1-be74518381cd/Summoning+Team+-+ChargePoint+Home+Flex.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e5052360-bda6-42d1-a70f-d2cb9cbbbbe7/PetoWorks+-+Kenwood.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ddf3b845-4934-4da4-a76c-a5ef4d07c249/Fuzzware.io+-%C2%A0Grizzl-E+Smart+40A+.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e9a3f597-0874-4c54-8b01-df3534c626a4/Team+DDOS+-+Phoenix+Contact+.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ef93802b-497f-4c02-9027-98cd65f6275b/Summoning+Team+-+Alpine+iLX-F511.png Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6d22b057-9f7a-4c00-81ac-8cb634d906f0/Evan+Grant+-+Grizzl-E.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f5d0679e-7dc3-465f-a980-365943a1c547/ZIEN+-+ChargePoint+.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/32a82129-1b04-43fd-9dbd-94c2bc8f57b7/BoB%3A%3ATakedown+-+Phoenix+-+Collision+.jpeg Blog - Pwn2Own Automotive 2026 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2026/1/21/pwn2own-automotive-2026-day-one-results monthly 0.5 2026-01-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7685cea1-14dd-404e-86c2-b09827f1d65c/Screenshot+2026-01-21+at+9.18.07%E2%80%AFPM.png Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/311d7692-fafb-4073-9656-cd7fad074bee/Neodyme.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d528d548-6d7f-4cbb-acf0-97fd62c2806e/299-Grizzl-E.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f5b6a90c-7f5b-4ee1-b092-310ac8d67668/DDOS+-+ChargePoint.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1a289463-b643-4a32-bbbd-f3c0f9531e64/Compass+-+Alpine.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9a76f3e4-f501-487c-ac5a-2b3e9d615540/PetoWorks.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/40a4170f-e8c8-4a98-8ddd-5130eed59368/Synacktiv+-+Sony+-+1.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/18658a79-5afa-47bc-b578-5ed34942e45b/Synacktiv+-+Sony+-+2+.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b37c0cd1-8f0d-450f-b2e3-12c0b129d63b/Fuzzware.io++-+1+.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/61dfff79-a26d-42a1-bc42-01114e3d9070/Fuzzware.io+-+2.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/402581fc-be61-4f10-a5a1-cb6350563bce/Yannik+-1+.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2ada694d-0938-43b1-a990-66e9209a74d4/Compass+-+collision+.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/39dc2421-353c-4ab0-81f4-debca715d9c5/GMO+Cybersecurity+vs+Kenwood.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d42d2423-6b31-4d24-98b7-89ebc9ee256a/CyCraft+-+Grizzl-E+-+Collision+-+1.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c6b7d561-679f-4e01-bad4-1c0daf0ad63f/Mia+Miku+Deutsch+-+1.png Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f47f61ee-c07c-41d4-8bfa-9b045ac04145/Synactive+-+USB.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e9972cdc-8277-42c3-befe-86c169cd3b5d/78ResearchLab+-+collision+.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2da65c7c-72d8-42b3-8eff-05999375557a/Team+Zeroshi+-+Phoenix.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/240e2e26-ad87-410e-a8a8-c4a71152b990/Team+DDOS+-+Collision+-+Grizzl-E.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1a76fc13-afb4-464d-8ab1-76246c1c3bc7/Fuzzware.io++-+Alpitronic+-+Success.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b60d610c-b324-42ae-b7e9-388b8f63cc50/Team+K+-+Alpine+-+Success.png Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/900b69ed-837d-49f4-8bca-d7b7b7090643/Interrupt+Labs+-+Kenwood.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b03d6060-031a-4cff-a5b0-360145844fc0/FPT+NightWolf.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d016a868-2118-407e-bfe6-6a4d6e4677af/ANHTUD+-+SONY+-+Success+.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9a9e4089-d13f-450f-8f50-2b69c3174019/78+RS+.jpeg Blog - Pwn2Own Automotive 2026 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2026/1/20/pwn2own-automotive-2026-the-full-schedule monthly 0.5 2026-01-22 https://www.thezdi.com/blog/2026/1/13/the-january-2026-security-update-review monthly 0.5 2026-01-14 https://www.thezdi.com/blog/2026/1/8/breaking-down-the-attack-surface-of-the-kenwood-dnr1007xr-part-two monthly 0.5 2026-01-13 https://www.thezdi.com/blog/2026/1/6/breaking-down-the-attack-surface-of-the-kenwood-dnr1007xr-part-one monthly 0.5 2026-01-07 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a9523dfa-875b-4490-b9b7-87a048aa38a2/Picture1.jpg Blog - Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part One - Make it stand out Figure 1: Kenwood DNR1007XR https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/681e54f2-eff7-4159-a6d4-762c5bdc7c9d/Picture2.png Blog - Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part One - Make it stand out Figure 2: SD card slot https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7f69195c-7c5b-4049-953a-e5abe2b74c72/Picture3.png Blog - Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part One - Make it stand out Figure 3: Main board https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/afa785b3-630a-4c94-be3e-368f718ab3d7/Picture4.jpg Blog - Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part One - Make it stand out Figure 4: Dolphin+ TCC8034 SoC https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a5f3da11-f761-4cdb-a2b3-dc84e3c01d10/Picture5.png Blog - Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part One - Make it stand out Figure 5: Kioxia eMMC https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/617cccf1-61e5-4401-ab62-af8185cc7054/Picture6.png Blog - Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part One - Make it stand out Figure 6: Winbond flash https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e62a6f9f-2905-4e1b-95c5-ab6f48985570/Picture7.jpg Blog - Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part One - Make it stand out Figure 7: Murata radio https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1ea78a57-777c-42aa-b7f0-a93c7a4ead5a/Picture8.jpg Blog - Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part One - Make it stand out Figure 8: Debug connector https://www.thezdi.com/blog/2025/12/9/the-december-2025-security-update-review monthly 0.5 2025-12-09 https://www.thezdi.com/blog/2025/11/11/the-november-2025-security-update-review monthly 0.5 2025-11-11 https://www.thezdi.com/blog/2025/10/23/pwn2own-ireland-2025-day-three-and-master-of-pwn monthly 0.5 2025-10-23 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2907519d-ef55-4038-93dd-f9d808b694d8/Final-P2O-Ireland+2025+Master+of+Pwn+Leaderboard.jpg Blog - Pwn2Own Ireland 2025: Day Three and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2cbb6e8c-adab-4e19-8225-5267a38f349d/Image+%2826%29.jpeg Blog - Pwn2Own Ireland 2025: Day Three and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/818c255d-82bb-4bc5-ad7f-f758872f304d/Image+%2828%29.jpeg Blog - Pwn2Own Ireland 2025: Day Three and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3d298a76-aba8-46b5-b5df-2dfdf682c55a/Image+%2829%29.jpeg Blog - Pwn2Own Ireland 2025: Day Three and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/810a73db-c1cf-45a8-80d9-87c1e3dc665a/Image+%2830%29.jpeg Blog - Pwn2Own Ireland 2025: Day Three and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/103842e7-65d0-4516-a728-00312ea5ae8d/image+%2831%29.jpeg Blog - Pwn2Own Ireland 2025: Day Three and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/511c7fb4-9069-45e9-adbf-b4d6adf867b4/IMG_1552.png Blog - Pwn2Own Ireland 2025: Day Three and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e5d91564-446d-42e1-9a0e-3535078bf43c/shared+image+%283%29.jpeg Blog - Pwn2Own Ireland 2025: Day Three and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8b7a6af0-4d6f-4d90-b3ef-15e60aca358c/Image+%2832%29.jpeg Blog - Pwn2Own Ireland 2025: Day Three and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8f2b75dd-d054-4343-82a2-ab9516d19ba9/Media+%282%29.jpeg Blog - Pwn2Own Ireland 2025: Day Three and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2e99188f-9fc3-4880-95f3-979e894ad603/Image+%2834%29.jpeg Blog - Pwn2Own Ireland 2025: Day Three and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f23d9804-03d8-4d75-8574-ba8fbabab203/Image+%2835%29.jpeg Blog - Pwn2Own Ireland 2025: Day Three and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2025/10/22/pwn2own-ireland-2025-day-two-results monthly 0.5 2025-10-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ed3fad29-80eb-41e1-9fcf-3befa9eb2890/Day+2-+P2O-Ireland+2025+Master+of+Pwn+Leaderboard.jpg Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/72575de5-680d-4154-b9c5-160ad7df970d/Image+%2817%29.jpeg Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out Veteran competitors showing their skills https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b448bfa9-bced-4c18-a0e3-c0824e173199/Media+%281%29.jpeg Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out Returning Master of Pwn champs getting started with a win https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/96609c34-f80a-440d-998f-9a4fca8b35e6/Untitled-2-q.png Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1fe6898e-e455-4ec2-817a-7bc3e8e27782/IMG_1543.png Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out A canine confirmation for CyCraft Technologies https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f0a8ad50-1d2d-43cf-8e33-efb9d4c8f57f/Image+%2818%29.jpeg Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/64f5aa28-d571-4de8-8e31-a3eb68761854/Image+%2819%29.jpeg Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fc7a1ef1-9f27-4fcb-9611-77940b458c89/Image+%2820%29.jpeg Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6f2743da-0474-4e89-8eb7-82463f78803a/image+%2821%29.jpeg Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5391c947-0fa3-449f-866c-4cf03f2fd88c/IMG_1545+%281%29.png Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6e45a738-1ee0-40f1-a75c-5e63ddcf88ec/KGS25.jpeg Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b5325d40-4a30-4f43-a312-1129ded515db/Image+%2822%29.jpeg Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3879da99-7d38-4b3d-925c-22f79978d28e/Image+%2823%29.jpeg Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9e00b831-873a-4782-9dd2-b89d151df3b6/Image+%2824%29.jpeg Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6eb18869-e850-4d63-a51b-4af3bcced934/Image+%2825%29.jpeg Blog - Pwn2Own Ireland 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results monthly 0.5 2025-12-16 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4aadd1e2-ada8-4950-bc9a-f6d2b23b49fe/P2O-Ireland+2025+Day+One+-+Master+of+Pwn+Leaderboard.jpg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/08b5dcfc-96ed-4abc-a6bf-a4c3024c5c14/shared+image+%281%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out Daniel Kilimnik of Team Neodyme shows off his successful exploitation https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/be076d42-e8ca-47f3-9c19-986767538ef1/Image.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out A successful attempt against the Canon printer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/da3dd86c-6e71-4633-b805-4f245eafbaf3/image+%284%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out Pwned by Synactiv https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/bb6d1c30-aa0d-44a9-8a7f-e34eceae5d4c/image+%285%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out Demonstrating root level access https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/61806a6a-c468-42e8-a61c-d6eb1fe14c0c/Image+%283%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out ZDI Analysts Neal Brown (left) and Mat Powell observe Bongeun Koo and Evangelos Daravigkas of Team DDOS https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/aa0f843e-1b05-4c9b-aa90-5340d7276b18/Image+%286%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out Nyan cat makes an appearance courtesy of GMO Cybersecurity https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/cba9f6b3-2e6a-483d-a1be-04e331e83915/image+%288%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out The Summoning Team has root access on the Synology https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0830db0d-a535-48c2-bf67-f148716a9f4f/Image+%287%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out ZDI Analysts Vincent Lee and Mat Powell observe the attempt from Sina Kheirkhah https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2f9b9176-3e9b-4780-9dd9-ab66a0b2d3ba/shared+image+%282%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out Stephen Fewer has root on the Home Assistant Green https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b7b486d7-4bf4-46ff-878f-fc7489746ae9/Image+%289%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out Team ANHTUD’s winning entry https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/89578b01-cbf5-463d-b534-b36780e66474/Media.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out Summoning Team was here - again https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e37700cd-a450-418b-836e-ee1a0c9319ef/image+%2810%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out uid=0 means dmdung has root on the Sonos speaker https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ea44afd9-4e0d-4381-be9a-77237c4dcce4/Image+%2811%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out Configuration issues couldn’t stop Team PetoWorks https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/75fda32f-166e-421d-a4a5-f0d988f9d4ad/image+%2812%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out Who said format string bugs don’t exist anymore? https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3822256e-7ad1-469c-b576-8fc08af4c8e6/Image+%2813%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out Hank Chen provides an enlightening exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b1a946e7-0c5b-431f-a73a-7e00c0c0caf7/image+%2814%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out Fingerprints on the screen can’t hide root access https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9f98436f-ccbd-4776-bfb4-5d510a010aeb/Image+%2815%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out ZDI Analyst Bobby Gould (right) overlooks the work done by the Compass Team https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/bc76bd71-d5f5-4332-b7aa-b469409fcdf3/Image+%2816%29.jpeg Blog - Pwn2Own Ireland 2025: Day One Results - Make it stand out Third time’s a charm https://www.thezdi.com/blog/2025/20/pwn2own-ireland-2025-the-full-schedule monthly 0.5 2025-10-23 https://www.thezdi.com/blog/2025/10/16/pwn2own-automotive-returns-to-tokyo-with-expanded-chargers-and-more monthly 0.5 2025-11-21 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6acb50b2-f18d-4bfd-962e-549a9e8c0a99/Tesla-v2.png Blog - Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/556703d4-6d68-4f5c-8306-9f2dea9cc292/TeslaAddOns.png Blog - Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9fe1037a-b21d-4044-bbec-6a3b2cfea446/ivi.png Blog - Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/713b4825-90ec-4442-86ae-cd8fe028d047/level3-v3.png Blog - Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2bb5af4f-0a05-4697-b8a0-6ebcdb515c84/level2-v3.png Blog - Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1c307643-2487-4423-9125-c0e0fdc8ec73/ocpp.png Blog - Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/24c023e1-4d4c-4adb-a2b8-853b32801cfc/AutoOS.png Blog - Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/77ed1d1d-b823-4bb6-8a62-607471885a46/VicOne+Logo_1-primary-light.png Blog - Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d5225c3a-056b-4fd8-98da-85d8531716eb/Alpitronic_2025_logo.svg.png Blog - Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8c6f6550-ce75-4008-b61e-6b1a8766e766/OCA-1.webp Blog - Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2025/10/14/the-october-2025-security-update-review monthly 0.5 2025-11-11 https://www.thezdi.com/blog/2025/10/6/crafting-a-full-exploit-rce-from-a-crash-in-autodesk-revit-rfa-file-parsing monthly 0.5 2025-10-08 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1be8f2a1-b485-4481-b6f5-911d2246ff68/Picture1.png Blog - Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing - Make it stand out Figure 1 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6011b09f-8041-4ee1-b3f1-51625337757e/Picture2.png Blog - Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing - Make it stand out Figure 2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/61337207-5992-4d33-8b79-65f558e46c53/Picture3.png Blog - Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing - Make it stand out Figure 3 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/426b54c6-e018-40c0-96ad-b6c244f0b13d/Picture4.png Blog - Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing - Make it stand out Figure 4 https://www.thezdi.com/blog/2025/9/23/cve-2025-23298-getting-remote-code-execution-in-nvidia-merlin monthly 0.5 2025-09-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6300bedf-564a-45b1-a064-ac83544351b6/CVE-2025-23298+-+patch+diff.jpg Blog - CVE-2025-23298: Getting Remote Code Execution in NVIDIA Merlin - Make it stand out Figure 1 - The patch adding a custom load function in transformers4rec/torch/trainer.trainer.load_model_trainer_states_from_checkpoint https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/be60857d-2362-4cd2-84e0-ff866b47f3d2/Pasted+image+20250916012314.png Blog - CVE-2025-23298: Getting Remote Code Execution in NVIDIA Merlin - Make it stand out Figure 2 - The patch adding additional validation in transformers4rec/utils/serialization.py https://www.thezdi.com/blog/2025/9/9/the-september-2025-security-update-review monthly 0.5 2025-09-11 https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review monthly 0.5 2025-08-14 https://www.thezdi.com/blog/2025/7/30/pwn2own-returns-to-ireland-with-a-one-million-dollar-whatsapp-target monthly 0.5 2025-10-14 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5c4fcb05-4ac5-4830-a2cd-83fac3b7556e/Phones2.jpg Blog - Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3c5851c2-9639-4317-b9fa-3b8272b8c028/WhatsApp.jpg Blog - Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/731711bf-1419-4a2a-a2b2-81479a093571/SOHO2.jpg Blog - Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f159f282-8bd3-43b6-a5e5-d70f880f196a/SmartHome2.jpg Blog - Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5756d9eb-7cac-47a9-9dbb-18276cad7c2d/Printers4.jpg Blog - Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0e867d87-c6a0-4091-88ee-619234b97f8c/NASDevices2.jpg Blog - Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c0e8d2ad-2895-47b0-81ae-2387b9a8e82f/Cameras.jpg Blog - Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0665dea7-cf6d-417c-b86b-e0b2712f6755/Wearables3.jpg Blog - Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/faee45dc-5dd0-4f52-82b6-bce95cebe143/Meta-Logo.png Blog - Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3305c495-93c7-437a-94f4-49fc550c1992/Synology_logo_standard.png Blog - Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2db40dff-9e7f-48df-bfdb-1ead5f996b29/logo_QNAP_LOGO_standard.png Blog - Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability monthly 0.5 2025-07-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e9018da4-8d79-45f7-b320-1f54fc6258c9/Picture1.png Blog - CVE-2025-20281: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2025/7/14/cve-2025-4919-corruption-via-math-space-in-mozilla-firefox monthly 0.5 2025-07-16 https://www.thezdi.com/blog/2025/7/8/the-july-2025-security-update-review monthly 0.5 2025-07-09 https://www.thezdi.com/blog/2025/6/18/extracting-embedded-multimediacard-emmc-contents-in-system monthly 0.5 2025-06-20 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5aa81c1c-7970-455d-8950-7fbe844f4d05/Picture1.jpg Blog - Extracting Embedded MultiMediaCard (eMMC) contents in-system - Make it stand out Figure 1 - An eMMC chip in BGA153 bodged to a microSD-to-SD adapter. Source: @GetHypoxic onX/ Twitter https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ebcceed1-89b2-4c72-a5f5-77c3b8de9d55/Picture2.jpg Blog - Extracting Embedded MultiMediaCard (eMMC) contents in-system - Make it stand out Figure 2 - An example where we got lucky https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a6e1909e-de20-45bf-a138-180bbec63366/Picture3.jpg Blog - Extracting Embedded MultiMediaCard (eMMC) contents in-system - Make it stand out Figure 3 - An example where we did not get as lucky, but not too bad either https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8e849b94-df8a-4279-951c-462f32f09454/Picture4.jpg Blog - Extracting Embedded MultiMediaCard (eMMC) contents in-system - Make it stand out Figure 4 - The eMMC device is on the other side of the board at the top of this image, and the SoC is at the bottom https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/385e1329-8aed-4438-a999-734f9058de6f/trace.png Blog - Extracting Embedded MultiMediaCard (eMMC) contents in-system - Make it stand out Figure 5 - Sample bursts of slow CLK signals https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5b19a3dd-9204-4f5e-add6-2677ee98f9f1/Picture6.jpg Blog - Extracting Embedded MultiMediaCard (eMMC) contents in-system - Make it stand out Figure 6 - The opposite side, with many capacitors of varying sizes sprinkled around https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/89554d63-fe2d-47b8-8249-8ff705ebcb66/Picture7.png Blog - Extracting Embedded MultiMediaCard (eMMC) contents in-system - Make it stand out Figure 7 - An example of a breakout PCB for TXS0108E https://www.thezdi.com/blog/2025/6/10/the-june-2025-security-update-review monthly 0.5 2025-06-10 https://www.thezdi.com/blog/2025/5/17/pwn2own-berlin-2025-day-three-results monthly 0.5 2025-05-17 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8bab3863-7b2a-455d-95ef-e48870ac473d/Day+3+Leaders.jpg Blog - Pwn2Own Berlin 2025: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/405c3fc6-3d05-49d3-8409-6c4057be04ad/Image+%282%29.png Blog - Pwn2Own Berlin 2025: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/65553d07-c44d-467f-8686-178675466f23/Image+%2881%29.jpeg Blog - Pwn2Own Berlin 2025: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8dd30576-a8ee-49c5-b87f-3382a75246c0/Media+%281%29.jpeg Blog - Pwn2Own Berlin 2025: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9e42f1a2-805b-4556-b3ce-19ed0ca14f45/IMG_6077.jpeg Blog - Pwn2Own Berlin 2025: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ba37bacc-210a-4e4e-9255-99d7a9ede827/Image+%2882%29.jpeg Blog - Pwn2Own Berlin 2025: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1bcede35-6af8-443e-82c9-172943aec1ff/Image+%2883%29.jpeg Blog - Pwn2Own Berlin 2025: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/40b68500-086b-45a2-b999-99ffe9119246/Image+%2884%29.jpeg Blog - Pwn2Own Berlin 2025: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2025/5/16/pwn2own-berlin-2025-day-two-results monthly 0.5 2025-05-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a61a620b-dc95-42a3-84aa-5cef515b7962/Day+2+Leaders.jpg Blog - Pwn2Own Berlin 2025: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1abf7b42-6a1b-44df-ba44-f37e52767d2f/Image+%2877%29.jpeg Blog - Pwn2Own Berlin 2025: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/499bded2-9aeb-4da6-b2bd-dbaee901dedb/IMG_0108.jpg Blog - Pwn2Own Berlin 2025: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0058b6ae-8a6b-4097-80ce-ea2b3d234b8e/Image+%2878%29.jpeg Blog - Pwn2Own Berlin 2025: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8b2fdb28-0745-4cdc-8ec6-c6ef19f4ba5f/Media.jpeg Blog - Pwn2Own Berlin 2025: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/cf23bf5e-1cc9-48a9-8bf5-b75b5c64a02f/Image+preview.png Blog - Pwn2Own Berlin 2025: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5131b9e6-04c0-4545-9c77-acf1efb8e1b0/Image+%2879%29.jpeg Blog - Pwn2Own Berlin 2025: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9121f0a9-4f94-4c0c-af84-a67d67a96c62/Image+%2880%29.jpeg Blog - Pwn2Own Berlin 2025: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/48d74bb0-ba71-43c7-bb47-a646996d6c43/rhel3.jpg Blog - Pwn2Own Berlin 2025: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2025/5/15/pwn2own-berlin-2025-day-one-results monthly 0.5 2025-05-16 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e5822184-0d95-4b1d-a2b2-30559fd5959e/Day+1+Leaders.jpg Blog - Pwn2Own Berlin 2025: Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/bdffccf8-a0fd-4cc9-9455-9cd94caeb4ca/JPEG+image-4195-8F80-D0-0.jpeg Blog - Pwn2Own Berlin 2025: Day One Results - Make it stand out Going from user land to root. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fedfd67b-3c5a-4e38-bef0-797382601499/Image+%2873%29.jpeg Blog - Pwn2Own Berlin 2025: Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fc6202cc-1fcf-452e-8930-a110046dcf5e/theori.jpg Blog - Pwn2Own Berlin 2025: Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b1fb4fe5-45cd-41c4-aa62-696cabaa6d75/Image.png Blog - Pwn2Own Berlin 2025: Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1e6b4315-e25c-445e-8ada-307031bef18a/Image+%281%29.png Blog - Pwn2Own Berlin 2025: Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/dab78094-76d5-4a02-950f-4e320cb6a3b5/Image+%2874%29.jpeg Blog - Pwn2Own Berlin 2025: Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ffc9a2ed-d281-4d2e-a77a-6fb1ddd9c7c7/viettel.jpeg Blog - Pwn2Own Berlin 2025: Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/dd49d797-cd16-4403-b592-5aefca9a2bab/image.png Blog - Pwn2Own Berlin 2025: Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/710e5f62-343f-49a6-9bb0-f7ea603d7bf2/image.jpeg Blog - Pwn2Own Berlin 2025: Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2025/5/14/pwn2own-berlin-the-full-schedule monthly 0.5 2025-05-16 https://www.thezdi.com/blog/2025/5/13/the-may-2025-security-update-review monthly 0.5 2025-05-13 https://www.thezdi.com/blog/2025/5/7/cve-2024-44236-remote-code-execution-vulnerability-in-apple-macos monthly 0.5 2025-05-07 https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review monthly 0.5 2025-04-09 https://www.thezdi.com/blog/2025/3/20/mindshare-using-binary-ninja-api-to-detect-potential-use-after-free-vulnerabilities monthly 0.5 2025-04-01 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/15609c79-0104-4054-8fff-b73b847a5e04/Figure1_Slice_Data_Graph.png Blog - MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities - Make it stand out Figure 1 - Section of Data Graph https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1e4e501f-7b18-4d22-8155-8e25a6165c7b/Table1.png Blog - MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6a3188cf-c0b6-4542-b1e1-f8509e0349bf/Figure2_demo_a.png Blog - MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities - Make it stand out Figure 2 - Connection Between Tracked Allocation Node (Red) and Stack Frame Node (Green) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f1d736ed-190a-4d7c-be80-2d0c4cc5234f/Table2.png Blog - MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/41d37763-a301-462c-9f35-f91ca18042e0/Figure3_demo_b.png Blog - MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities - Make it stand out Figure 3 - Connection Between Tracked Allocation Node (Red) and Dynamic Memory Node (Blue) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/17eab71a-64e0-4ec5-b196-e3238472e6dd/Table3.png Blog - MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a1fd0aee-4688-4102-8be9-5e4330f5aca7/Figure4_Link.png Blog - MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities - Make it stand out Figure 4. Data Flow Graph Developed from Memory Store and Load Operations https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e383bc8f-5412-4d14-8efe-bb36f46acb5f/Figure5_UAF.png Blog - MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities - Make it stand out Figure 5. UAF in get_nic_information https://www.thezdi.com/blog/2025/3/14/building-an-electric-vehicle-simulator-to-research-evses monthly 0.5 2025-03-19 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f016aea6-41f8-4c39-a91a-1437293cbb8c/Picture1.jpg Blog - Building an electric vehicle simulator to research EVSEs - Make it stand out Figure 1 – The EV Simulator at the time of P20 Automotive Tokyo 2025 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/97673eb5-fa37-484e-96b8-fee6006a45e7/Picture2.png Blog - Building an electric vehicle simulator to research EVSEs - Make it stand out Figure 2 – Schematic of components connected to the rotary switch. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c80d05d0-1469-44b5-8e32-325b40ef299b/Picture3.png Blog - Building an electric vehicle simulator to research EVSEs - Make it stand out Figure 3 – The J1772 charge connector as seen from the open end https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c0f98406-75f7-4618-80d3-5209ebcfcae6/Picture4.png Blog - Building an electric vehicle simulator to research EVSEs - Make it stand out Figure 4 – The full schematic of our EV simulator https://www.thezdi.com/blog/2025/3/11/the-march-2025-security-update-review monthly 0.5 2025-03-11 https://www.thezdi.com/blog/2025/3/3/cve-2024-43639 monthly 0.5 2025-03-04 https://www.thezdi.com/blog/2025/2/24/announcing-pwn2own-berlin-2025 monthly 0.5 2025-02-24 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5ad6f0fe-970e-404d-a1ee-36c52ebb4b3b/AI-3.png Blog - Announcing Pwn2Own Berlin and Introducing an AI Category - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/dee689f3-d1ab-442d-b3b5-1eb4a230a0b8/browsers-3.png Blog - Announcing Pwn2Own Berlin and Introducing an AI Category - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fafa4e06-b030-455c-b43a-86c6bc4d13d0/container-2.png Blog - Announcing Pwn2Own Berlin and Introducing an AI Category - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/bce8c7a9-3eda-4dda-95d4-fa74ed6396f6/virtualization.png Blog - Announcing Pwn2Own Berlin and Introducing an AI Category - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b5a1ad63-f71c-4f3b-b944-1c175b5a9283/entapps-3.png Blog - Announcing Pwn2Own Berlin and Introducing an AI Category - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c7abaef2-38bf-4a1e-98b8-6f098bee53b8/servers.png Blog - Announcing Pwn2Own Berlin and Introducing an AI Category - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1f0254a0-9d3d-41e5-87cd-ca2ff0cf4ed9/LPE.png Blog - Announcing Pwn2Own Berlin and Introducing an AI Category - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/86bc96bf-e156-4f5c-a818-990bf7afdff2/tesla-4.png Blog - Announcing Pwn2Own Berlin and Introducing an AI Category - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2025/2/11/the-february-2025-security-update-review monthly 0.5 2025-02-23 https://www.thezdi.com/blog/2025/2/7/looking-back-at-the-trend-zdi-activities-from-2024 monthly 0.5 2025-02-07 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7c95539e-68c0-4e4b-9ed4-bf2c0924493b/DSC00696.JPG Blog - Looking Back at the Trend ZDI Activities from 2024 - Make it stand out Figure 1 - Ken Gannon exploiting the Samsung Galaxy S24 at Pwn2Own Ireland https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/01e8e69d-0220-4f74-9e09-21de06f93e70/2025-ZDI+Numbers.jpg Blog - Looking Back at the Trend ZDI Activities from 2024 - Make it stand out Figure 2 - Published advisories over the lifetime of the program https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e18fdd1f-16af-46e5-877f-4cac74017b21/2025-ZDI+Numbers2.jpg Blog - Looking Back at the Trend ZDI Activities from 2024 - Make it stand out Figure 3 - 0-day disclosures per year https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/48f04390-c9fb-4f30-8d6a-b64ca3555b9e/2025-ZDI+Numbers-v2.jpg Blog - Looking Back at the Trend ZDI Activities from 2024 - Make it stand out Figure 4 - Vendor distribution of published advisories in 2024 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0b7c1760-dc4a-4e82-9a41-dfd50ee67366/2025-ZDI+Numbers4.jpg Blog - Looking Back at the Trend ZDI Activities from 2024 - Make it stand out Figure 5 - CVSS distribution of published advisories in 2024 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4ea3d8e7-1da6-490c-8af8-02a60651e740/2025-ZDI+Numbers5.jpg Blog - Looking Back at the Trend ZDI Activities from 2024 - Make it stand out Figure 6 - Distribution of CVSS scores from 2015-2024 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/95f627e5-46a4-4481-b83a-31b43334e8d6/Picture1.jpg Blog - Looking Back at the Trend ZDI Activities from 2024 - Make it stand out Figure 7 - Top CWEs of published advisories in 2024 https://www.thezdi.com/blog/2025/1/23/pwn2own-automotive-2025-day-three-and-final-results monthly 0.5 2025-01-24 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ddf7ae21-e42c-4ac7-b3a9-e8114a435a05/IMG_8371.jpg Blog - Pwn2Own Automotive 2025 - Day Three and Final Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a981d68e-f709-4ec9-a12f-4fd0cd769688/Image+%2866%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Three and Final Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c5428c7d-adf2-4b01-9490-257986c9bb78/Image+%2867%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Three and Final Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b29a6b72-2015-4f00-a896-29210360e04e/Image+%2868%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Three and Final Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/79953c65-30bb-4332-a30e-f24f34843aa2/Image+%2869%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Three and Final Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8d37ee85-53ad-4401-98de-0ba94491cb65/IMG_5420.jpg Blog - Pwn2Own Automotive 2025 - Day Three and Final Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5450255f-f942-4c9c-861f-f43acc49ea09/Image+%2870%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Three and Final Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8484b93c-25f9-4e34-8777-3c54a8efbfbe/Image+%2871%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Three and Final Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7fdf31a1-47d4-44e7-9df0-a49c282a05d3/Image+%2872%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Three and Final Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/cb7feae5-a7a8-4a5d-a951-fe985b026575/P2O-Tokyo-2025+Master+of+Pwn+Leaderboard.jpg Blog - Pwn2Own Automotive 2025 - Day Three and Final Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2025/1/22/pwn2own-automotive-2025-day-two-results monthly 0.5 2025-01-23 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4d934426-4bdd-463c-8aed-0061e397ec21/P2O-Tokyo-2025+Master+of+Pwn+Leaderboard.jpg Blog - Pwn2Own Automotive 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c7671c3d-cf3b-4b00-b264-5c08e1059b2b/IMG_5405.jpg Blog - Pwn2Own Automotive 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/83800801-39f7-4738-9e08-83e4a2369089/Image+%2852%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5e7068b2-8165-4f25-ad1f-4c8f59abafa8/viettel-cp.jpg Blog - Pwn2Own Automotive 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8d419c72-65bd-46ba-9ce4-6b8608fc2f12/Image+%2853%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/94c3b416-ad75-4018-bd3a-348fd0da4563/Image+%2854%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/438f4962-02b5-453a-aa4e-fc88c15041b7/IMG_5406.jpg Blog - Pwn2Own Automotive 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/af346de5-8a0d-4a54-aa02-6f5be5279938/Image+%2855%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/97b31776-2dcc-4e29-9f7b-746c9ee00e84/Image+%2856%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/04d3a8fe-e257-4d01-8889-492ec695c4ae/IMG_E5407.jpg Blog - Pwn2Own Automotive 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/57f4dad3-43b3-4b77-a969-e09a71a05587/Image+%2857%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4e41afd7-57c0-4253-b325-a579bafc1765/Image+%2858%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/29f20c07-017e-454c-8d38-bb75ffa1af0d/Image+%2859%29.jpeg Blog - Pwn2Own Automotive 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f97c57b7-d419-4e6d-bc51-ceb500bb9daa/P2O-Tokyo-2025+Master+of+Pwn+Leaderboard.jpg Blog - Pwn2Own Automotive 2025 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2025/1/21/pwn2own-automotive-2025-day-one-results monthly 0.5 2025-01-23 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9fec8c8d-1add-4ae9-be2d-5a4f222a37b4/Image+%2843%29.jpeg Blog - Pwn2Own Automotive 2025 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a2bccada-3130-4321-9a93-acc7cb822f7f/Image+%2844%29.jpeg Blog - Pwn2Own Automotive 2025 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/43536f06-84f9-42eb-b6f8-3860156c0d52/Image+%2844%29.jpeg Blog - Pwn2Own Automotive 2025 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/74224220-2f6e-4675-9ec2-9576427ede77/Sina1a.png Blog - Pwn2Own Automotive 2025 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/398b51e9-d946-4239-a1d7-9ddf8362a19f/20250122_131017.JPG Blog - Pwn2Own Automotive 2025 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/650f83ff-654f-4953-b3cc-4526919b265a/Image+%2845%29.jpeg Blog - Pwn2Own Automotive 2025 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c7e80eda-fe87-47e6-beea-4e515a85c067/Image+%2846%29.jpeg Blog - Pwn2Own Automotive 2025 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b5a4544b-04b6-4e23-80d7-6336007e21d7/Image+%2847%29.jpeg Blog - Pwn2Own Automotive 2025 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e866f0ad-a9c7-406e-b522-97d88f318842/Image+%2848%29.jpeg Blog - Pwn2Own Automotive 2025 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/35ae2fce-480e-44af-bbe3-34e6d355eedc/Image+%2849%29.jpeg Blog - Pwn2Own Automotive 2025 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a15646c5-7f48-4902-8c24-5f4f925d7116/Image+%2850%29.jpeg Blog - Pwn2Own Automotive 2025 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8432892a-91b9-450b-9b09-35dea8dcecf5/IMG_5381.jpg Blog - Pwn2Own Automotive 2025 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5c9e2b17-ad9f-4d8c-93e3-5db886eba56d/Image+%2851%29.jpeg Blog - Pwn2Own Automotive 2025 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c1349508-5ab5-4603-ac9a-b5b03887bdb5/P2O-Tokyo-2025+Master+of+Pwn+Leaderboard.jpg Blog - Pwn2Own Automotive 2025 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2025/1/21/pwn2own-automotive-2025-the-full-schedule monthly 0.5 2025-01-21 https://www.thezdi.com/blog/2025/1/16/looking-at-the-attack-surfaces-of-the-pioneer-dmh-wt7600nex-ivi monthly 0.5 2025-01-20 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/baf98dfe-7ca2-44c5-b34f-c820e1ffd089/Picture1.jpg Blog - Looking at the Attack Surfaces of the Pioneer DMH-WT7600NEX IVI - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/01b5e4d7-884f-4bba-922c-eb27284c7e08/Screenshot+2025-01-16+at+10.46.48+PM.png Blog - Looking at the Attack Surfaces of the Pioneer DMH-WT7600NEX IVI - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d6f04dd7-d541-4586-97c1-f6cfd67c6abf/Picture2.jpg Blog - Looking at the Attack Surfaces of the Pioneer DMH-WT7600NEX IVI - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c409d9a0-31cc-4290-b87f-0330b245d067/Picture3.jpg Blog - Looking at the Attack Surfaces of the Pioneer DMH-WT7600NEX IVI - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c9a0a26b-0891-40fa-8711-8c6526370d34/Screenshot+2025-01-16+at+10.45.57+PM.png Blog - Looking at the Attack Surfaces of the Pioneer DMH-WT7600NEX IVI - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2025/1/15/reviewing-the-attack-surface-of-the-autel-maxicharger-part-two monthly 0.5 2025-01-16 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/810bb29c-1cbf-4f6b-b568-70f05c2ffd48/Picture1.png Blog - Reviewing the Attack Surface of the Autel MaxiCharger: Part Two - Make it stand out Figure 1: Autel Charge superuser request https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/18e3ad11-5ddc-4f37-bfd4-609d360fa1dd/Picture2.png Blog - Reviewing the Attack Surface of the Autel MaxiCharger: Part Two - Make it stand out Figure 2: Charger DNS queries https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1889aec2-511a-4a6c-b968-ec288ad67f62/Picture3.png Blog - Reviewing the Attack Surface of the Autel MaxiCharger: Part Two - Make it stand out Figure 3: HTTP traffic https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ce1fcfd8-e90b-4d3b-b6c6-d0f8d2c18ef6/Picture4.png Blog - Reviewing the Attack Surface of the Autel MaxiCharger: Part Two - Make it stand out Figure 4: HTTP POST traffic https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/45f0fbd9-b884-4c0a-bf93-165ddb38108f/Picture5.png Blog - Reviewing the Attack Surface of the Autel MaxiCharger: Part Two - Make it stand out Figure 5: HTTP firmware related traffic https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8b3d880e-1c58-4d25-802b-85f0f777a1a6/Picture6.png Blog - Reviewing the Attack Surface of the Autel MaxiCharger: Part Two - Make it stand out Figure 6: MaxiCharger module versions https://www.thezdi.com/blog/2025/1/15/reviewing-the-attack-surface-of-the-autel-maxicharger-part-one monthly 0.5 2025-01-15 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/00a2e71a-7246-4da7-a5c9-3349d152cab6/Picture1.png Blog - Reviewing the Attack Surface of the Autel MaxiCharger: Part One - Make it stand out Figure 1: Power board https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e252cd69-ea64-4af2-bdb3-7be181f3ffa3/Picture2.png Blog - Reviewing the Attack Surface of the Autel MaxiCharger: Part One - Make it stand out Figure 2: Main board (top) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/64f7903b-e9c1-4a8d-b49b-2caab0579997/Picture3.png Blog - Reviewing the Attack Surface of the Autel MaxiCharger: Part One - Make it stand out Figure 3: Main board (underside) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4bc14af1-5b78-4ede-8036-4bc2715f2314/Picture4.png Blog - Reviewing the Attack Surface of the Autel MaxiCharger: Part One - Make it stand out Figure 4: Secured GD32 device detected https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4459876d-044c-402e-9e9b-366200e45168/Picture5.png Blog - Reviewing the Attack Surface of the Autel MaxiCharger: Part One - Make it stand out Figure 5: 4G mobile communications board https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3bc15ff5-ed31-4e7b-bdc0-b3341ca3e860/Picture6.png Blog - Reviewing the Attack Surface of the Autel MaxiCharger: Part One - Make it stand out Figure 6: Unused USB port https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d98ac585-c27a-4753-aaae-f841ead85326/Picture7.png Blog - Reviewing the Attack Surface of the Autel MaxiCharger: Part One - Make it stand out Figure 7: NFC and LED board (top) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/bf19c92f-3b70-49cf-a1e1-6b31ff6eb893/Picture8.png Blog - Reviewing the Attack Surface of the Autel MaxiCharger: Part One - Make it stand out Figure 8: Multi-protocol contactless transceiver https://www.thezdi.com/blog/2025/1/14/the-january-2025-security-update-review monthly 0.5 2025-01-14 https://www.thezdi.com/blog/2025/1/9/looking-at-the-attack-surfaces-of-the-sony-xav-ax8500-part-2 monthly 0.5 2025-01-10 https://www.thezdi.com/blog/2025/1/8/looking-at-the-attack-surfaces-of-the-sony-xav-ax8500 monthly 0.5 2025-01-09 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/28c2c2c8-555e-46a3-850d-ad57297c4475/Picture1.png Blog - Looking at the Attack Surfaces of the Sony XAV-AX8500 - Make it stand out Figure 1: Main board (top) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/23d66940-eac5-4596-9b07-bdc105e1e413/Picture2.png Blog - Looking at the Attack Surfaces of the Sony XAV-AX8500 - Make it stand out Figure 2: Main board (underside) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0884e505-15f2-4a00-8f06-1b477e0d281a/Picture3.png Blog - Looking at the Attack Surfaces of the Sony XAV-AX8500 - Make it stand out Figure 3: GPS, iData Link and remote control board (top) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/45ce0a87-42b6-46a5-ad92-c4cf71f163ab/Picture4.png Blog - Looking at the Attack Surfaces of the Sony XAV-AX8500 - Make it stand out Figure 4: Power, audio and video board (top) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fc7ce015-cdf5-4902-a348-de0553f965e2/Picture5.jpg Blog - Looking at the Attack Surfaces of the Sony XAV-AX8500 - Make it stand out Figure 5: Power, audio and video board (underside) https://www.thezdi.com/blog/2025/1/8/zdi-threat-hunting-2024-highlights-trends-amp-challenges monthly 0.5 2025-01-08 https://www.thezdi.com/blog/2024/12/16/detailing-the-attack-surfaces-of-the-tesla-wall-connector-ev-charger monthly 0.5 2024-12-17 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/95a0a5b5-3e35-4166-8a81-adfd78a326a5/Picture1.jpg Blog - Detailing the Attack Surfaces of the Tesla Wall Connector EV Charger - Make it stand out Figure 1 - Tesla Wall Connector main PCB top https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4ec56b9b-b6ef-4a8f-a7a4-3be177e9b00b/Picture2.jpg Blog - Detailing the Attack Surfaces of the Tesla Wall Connector EV Charger - Make it stand out Figure 2 - Tesla Wall Connector main PCB bottom https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ae4747b1-4744-40cf-b375-3f6f50e927de/Picture3.jpg Blog - Detailing the Attack Surfaces of the Tesla Wall Connector EV Charger - Make it stand out Figure 3 - Tesla Wall Connector—detail of low-power electronics; both debugging headers installed https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c4802bcc-8050-46c8-991d-0a297d36cc04/Picture4.jpg Blog - Detailing the Attack Surfaces of the Tesla Wall Connector EV Charger - Make it stand out Figure 4 - Tesla Wall Connector—detail of the vias connection https://www.thezdi.com/blog/2024/12/11/solarwinds-access-rights-manager-one-vulnerability-to-lpe-them-all monthly 0.5 2024-12-12 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2f9432a9-bbb2-4426-bb42-c977e5eb9431/Picture1.png Blog - SolarWinds Access Rights Manager: One Vulnerability to LPE Them All - Make it stand out Figure 1 - Part of ARM AD account-related documentation (source) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7487bea6-8550-4b8b-941f-8cc05f5876bc/Picture2.png Blog - SolarWinds Access Rights Manager: One Vulnerability to LPE Them All - Make it stand out Figure 2 - Running CVE-2024-23474 exploit to remove file remotely https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e7af195a-e9ba-49c2-9662-f2f27ee942ad/Picture3.png Blog - SolarWinds Access Rights Manager: One Vulnerability to LPE Them All - Make it stand out Figure 3 - Debugging of CVE-2024-23474 https://www.thezdi.com/blog/2024/12/10/the-december-2024-security-update-review monthly 0.5 2024-12-10 https://www.thezdi.com/blog/2024/12/2/detailing-the-attack-surfaces-of-the-wolfbox-e40-ev-charger monthly 0.5 2024-12-03 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/66eeafbe-13b1-48bc-866b-a6b3a402248f/Picture1.png Blog - Detailing the Attack Surfaces of the WolfBox E40 EV Charger - Make it stand out Figure 1 - Application Start Screen https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/22d7a38d-2da4-46f7-b881-7a6bbb5c1af8/Picture2.jpg Blog - Detailing the Attack Surfaces of the WolfBox E40 EV Charger - Make it stand out Figure 2 - WolfBox power/processing board—top https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9628bc30-e321-4eea-8021-c105fcf164b8/Picture3.jpg Blog - Detailing the Attack Surfaces of the WolfBox E40 EV Charger - Make it stand out Figure 3 - WolfBox power/processing board—bottom https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4f567115-8510-4734-93c2-a04eecbc4bfd/Picture4.jpg Blog - Detailing the Attack Surfaces of the WolfBox E40 EV Charger - Make it stand out Figure 4 - WolfBox NFC board https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/85719bfc-5720-4b4f-b1dc-a198c951739c/Picture5.jpg Blog - Detailing the Attack Surfaces of the WolfBox E40 EV Charger - Make it stand out Figure 5 - A view of the USB-to-UART dongle soldered in place https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/17f089ca-e5fc-4fbb-8516-c86a37f7a95d/Picture6.png Blog - Detailing the Attack Surfaces of the WolfBox E40 EV Charger - Make it stand out Figure 6 - Observed network communications https://www.thezdi.com/blog/2024/11/20/looking-at-the-attack-surfaces-of-the-kenwood-dmx958xr-ivi monthly 0.5 2024-11-21 https://www.thezdi.com/blog/2024/11/18/looking-at-the-internals-of-the-kenwood-dmx958xr-ivi monthly 0.5 2024-11-19 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d61a1a2d-41d5-4618-ad60-2f10374b9795/Picture1.jpg Blog - Looking at the Internals of the Kenwood DMX958XR IVI - Make it stand out Figure 1 - Main board (top) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e1c209b9-d22d-4d11-9a44-7803792d51e4/Picture2.png Blog - Looking at the Internals of the Kenwood DMX958XR IVI - Make it stand out Figure 2 - Main board (underside) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3634b39f-2157-4e9d-9abe-9c7f93423eb7/Picture3.png Blog - Looking at the Internals of the Kenwood DMX958XR IVI - Make it stand out Figure 3 - Board 1 (top). GPS, iDatalink, Sirius XM, microphone, dash cam https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2609f7a1-f9bc-4e58-845d-6672ace1df7d/Picture4.png Blog - Looking at the Internals of the Kenwood DMX958XR IVI - Make it stand out Figure 4 - Board 2 (top). AKM Digital Signal Processor (DSP) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/545066a7-8045-47c3-9e6a-21bcbf66e4d6/Picture5.png Blog - Looking at the Internals of the Kenwood DMX958XR IVI - Make it stand out Figure 5 - Board 2 (underside). Freescale MCU https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3493961f-19ac-4c5f-a09a-8a056ce03f86/Picture6.png Blog - Looking at the Internals of the Kenwood DMX958XR IVI - Make it stand out Figure 6 - Board 3 (top). Camera, speakers, antenna, STM audio processor https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/479d42eb-aba1-447d-8390-61d3f6edb15e/Picture7.png Blog - Looking at the Internals of the Kenwood DMX958XR IVI - Make it stand out Figure 7 - Board 3 (side). Unused 8-pin connector. Purpose unknown https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0e6ed4d3-1689-4692-8331-a7a1440ca8c5/Picture8.png Blog - Looking at the Internals of the Kenwood DMX958XR IVI - Make it stand out Figure 8 - Debug connector https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review monthly 0.5 2024-11-12 https://www.thezdi.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system monthly 0.5 2024-11-07 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d6f79a1c-d7e9-4fd0-b145-cec409a6e16c/IMG_3894.JPG Blog - Multiple Vulnerabilities in the Mazda In-Vehicle Infotainment (IVI) System - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ac488631-eff6-411d-b7be-27bb121c3ee1/IMG_3895.jpg Blog - Multiple Vulnerabilities in the Mazda In-Vehicle Infotainment (IVI) System - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e8927d4d-01bf-46a6-81d5-a274415c68d5/IMG_E4064.JPG Blog - Multiple Vulnerabilities in the Mazda In-Vehicle Infotainment (IVI) System - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/008d1bf6-000c-4b71-9545-337dded74d4a/IMG_E3675.JPG Blog - Multiple Vulnerabilities in the Mazda In-Vehicle Infotainment (IVI) System - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ed197124-dde2-453f-b7cc-966b61a8510a/Picture1.jpg Blog - Multiple Vulnerabilities in the Mazda In-Vehicle Infotainment (IVI) System - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/10/25/pwn2own-ireland-2024-day-four-and-master-of-pwn monthly 0.5 2024-10-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/28acf306-e342-43ea-91b7-1e80769bfcb2/P2O-Ireland+2024+Master+of+Pwn+Leaderboard-Final.jpg Blog - Pwn2Own Ireland 2024: Day Four and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d486cf3f-8f22-4b01-bcb5-1b486be5aa88/shared+image+%288%29.jpeg Blog - Pwn2Own Ireland 2024: Day Four and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/99c84b53-80af-4604-910e-6f0d2517013b/Cluck-SOHO-WIN.jpg Blog - Pwn2Own Ireland 2024: Day Four and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/487078bd-4187-46d4-b727-71cb9d50fec6/shared+image+%289%29.jpeg Blog - Pwn2Own Ireland 2024: Day Four and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/95e859be-0795-4b1f-82b8-d7e85ba4ea12/PHPH-Lexmark-Win.jpg Blog - Pwn2Own Ireland 2024: Day Four and Master of Pwn - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/10/24/pwn2own-ireland-2024-day-three-results monthly 0.5 2024-10-24 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6b9a248e-66df-4eb4-9fc6-3f10d22c9090/Multimedia+%287%29.jpeg Blog - Pwn2Own Ireland 2024: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c554f6de-defa-47b8-b303-ce89cdbacb95/Image+%2839%29.jpeg Blog - Pwn2Own Ireland 2024: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f8b0ba0e-890f-484e-824c-f688da6729f0/PHP-Hooligans-SOHO-win.jpg Blog - Pwn2Own Ireland 2024: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/06ef456f-a8eb-4472-921c-4bdf3bb80ac6/Image+%2840%29.jpeg Blog - Pwn2Own Ireland 2024: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c0d0c10e-782c-4f5d-abda-035bf3dc18ff/viettel-lexmark-win.jpg Blog - Pwn2Own Ireland 2024: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8d891228-af13-409d-86be-0236b1beff43/viettel-canon.jpg Blog - Pwn2Own Ireland 2024: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5e372857-1bad-433d-8a51-a0b932396db0/Image+%2842%29.jpeg Blog - Pwn2Own Ireland 2024: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9318cb76-67eb-4029-844b-4ddf36f559c0/Computest-Win.jpg Blog - Pwn2Own Ireland 2024: Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/10/23/pwn2own-ireland-2024-day-two-results monthly 0.5 2024-10-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/238680d0-4c5e-43f8-89a3-ee00663b061e/P2O-Ireland+2024+Master+of+Pwn+Leaderboard-Day+2.jpg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0ab88077-9a51-459d-9f5f-876fd940b4c9/ANHTUD-Canon-Win.jpg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6359f6c6-a82c-4220-8f9e-a256b04c3ab4/Image+%2828%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fc7e27c8-de36-428a-a886-4aa299dba1f9/Multimedia+%283%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/52e162a8-a215-4730-b0f3-b1a3f29a2fc0/Image+%2830%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/db7d69a4-9aff-4a20-957c-990826a41afe/shared+image+%285%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/18d294d9-3098-4d9d-95d0-e5a7d233cd19/Image+%2833%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0041c71b-d372-4fba-92a1-b0aa926a793b/shared+image+%286%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/91e8ef6e-1c1f-43df-9240-0ad8b840cbdb/Image+%2831%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0dd51edd-99b4-4a96-b80d-c6177215d129/Multimedia+%284%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e3c2ba56-421b-46af-9ba4-7a16277f17c4/Image+%2832%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/770f8192-e14a-40d6-b0ed-12660e75ad5e/Image+%2835%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/15d56e75-8f29-4014-a652-3a5371c7ef58/Image+%2834%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6a21f135-3e28-49b7-977c-2eb81e35c107/Multimedia+%285%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2ed045b9-33db-461c-ada1-eda5dffced2d/Image+%2837%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/593841bb-a8e0-4f14-acac-255a0ce6ac83/shared+image+%287%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5211ac7e-622e-481b-88c2-5a86f35a123f/Multimedia+%286%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d51dec33-fdea-42f5-82c9-38c6bbc5e655/DF854F8E-F121-4C8E-89F1-55734AEC6DAF.+1.jpg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6d93a7c9-f33c-449c-b91e-0743396da8c4/Image+%2838%29.jpeg Blog - Pwn2Own Ireland 2024: Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/10/22/pwn2own-ireland-day-one-the-results monthly 0.5 2024-10-23 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f3fe3c06-0766-490c-a9ba-87043aa6ec07/P2O-Ireland+2024+Master+of+Pwn+Leaderboard-Day+1.jpg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fa8b63d1-ba76-4d6a-b706-d57c98e849d6/Image+%2816%29.jpeg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/11da45b4-22ac-4094-b2e4-3999f6ff4993/Image+%2817%29.jpeg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9d6f4392-252e-473a-ac57-c8766dcfd6e0/Sina-SOHO-Win.jpg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d51decde-7e17-4d04-9e63-447ae22a9023/Image+%2822%29.jpeg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0b67e55f-0c41-4336-bbfa-4b403f7f3a20/PHPH-Canon-Win.jpg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/bee80020-0fd9-471f-a9a5-1728a40b8f6d/Image+%2821%29.jpeg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ca32f88a-e1b4-41c8-8ee6-9018214d1d08/Image+%2820%29.jpeg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c08d63b0-780b-459b-a98f-f665aaef4113/Image+%2818%29.jpeg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/dd0d249f-9185-475a-8156-64af7b85c371/Viettel-Win-Cropped+1.png Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/184ca7f5-ddc2-4a7c-bae4-5299a3e76737/Multimedia.jpeg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a37cfdd1-1b82-4c0f-ac2d-4981ececf0f9/Image+%2823%29.jpeg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fafa5945-5e6b-43ee-a254-f48f649db1c6/Multimedia+%281%29.jpeg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0f3b86be-3dfe-4fb1-b506-22d22ed28484/shared+image+%283%29.jpeg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/08db6d18-31ce-4038-9ad2-d032333152e5/Multimedia+%282%29.jpeg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5cc3fd1d-30a7-410c-9b96-38863fa2932f/Image+%2824%29.jpeg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3ec372f4-fb4b-4254-850e-d77782597b71/Image+%2826%29.jpeg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/37563791-d366-4401-8f03-953026b141af/Image+%2827%29.jpeg Blog - Pwn2Own Ireland Day One - The Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/10/22/pwn2own-ireland-the-full-schedule monthly 0.5 2024-10-21 https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review monthly 0.5 2024-10-08 https://www.thezdi.com/blog/2024/10/2/from-pwn2own-automotive-more-autel-maxicharger-vulnerabilities monthly 0.5 2024-10-03 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/89c3e938-1a6a-4461-9dcc-6b1b8e676c44/1+-+p2o_2024_autel_b64_overflow.png Blog - From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4b75abc1-a724-4685-afcb-40dfc25a1462/2+-+p2o_2024_autel_b64_overflow_patch.png Blog - From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/79971164-b691-4d88-8d30-445038928a01/3+-+p2o_2024_autel_hex_decoding.png Blog - From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/253a5bd0-9cda-4cff-86f8-ed49466ead60/4+-+p2o_2024_autel_hex_decoding_patch.png Blog - From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/9/25/exploiting-exchange-powershell-after-proxynotshell-part-4-no-argument-constructor monthly 0.5 2024-09-26 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/df1b089f-8fe6-4c43-8cdf-1441d2864235/Picture1.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 4 – No Argument Constructor - Make it stand out Figure 1 - Sample member definition https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d8c2eab6-ea20-4b78-bf9b-68a8c3a15ed9/blog-scheme1-v2.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 4 – No Argument Constructor - Make it stand out Figure 2 - Simplified algorithm for ConvertViaNoArgumentConstructor https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/eea0d8f3-c29f-4391-81a0-0dffff4b168e/Picture3.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 4 – No Argument Constructor - Make it stand out Figure 3 - Sample allowed class https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d459d4cf-0d81-43e3-9139-593499101bb7/blog-scheme2.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 4 – No Argument Constructor - Make it stand out Figure 4 - Deserialization of sample someWhitelistedType class https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/750c45a2-4333-49c5-a128-4daec27603d8/Picture5.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 4 – No Argument Constructor - Make it stand out Figure 5 - Chaining multiple no-argument constructor conversions to reach dangerous member https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f10c33d9-3e5b-41e9-a228-bb1cd7d530e1/Picture6.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 4 – No Argument Constructor - Make it stand out Figure 6 - OrgCertificate member of FederationTrust https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/00c1a881-58d8-408c-9e24-2fb4b95c8353/Picture7.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 4 – No Argument Constructor - Make it stand out Figure 7 - X509Certificate2 constructor https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/00d4e43a-cedd-46d8-a482-e9d4e901035c/Picture8.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 4 – No Argument Constructor - Make it stand out Figure 8 - TransportSystemState member https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3b30de6d-8d0d-47a8-8db2-4bef620a8005/Picture9.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 4 – No Argument Constructor - Make it stand out Figure 9 - GetOverrides - XXE https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/05e65953-3cb2-4a03-a3d3-14f8a547f728/Picture10.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 4 – No Argument Constructor - Make it stand out Figure 10 - IsUNCPath method https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ef2cb3dd-29a5-4e15-83ca-c1b0a3a7e56a/Picture11.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 4 – No Argument Constructor - Make it stand out Figure 11 - MobileMailboxPolicy member of ApprovedApplicationCollection type https://www.thezdi.com/blog/2024/9/23/announcing-pwn2own-automotive-for-2025 monthly 0.5 2025-01-10 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a78ceebc-3714-44db-b78e-9346aabaaacc/Tesla+Table-v2.png Blog - Announcing Pwn2Own Automotive for 2025 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ef317d03-8694-4ef3-bdcc-3c2f7af99dff/Tesla_AddOn-2.png Blog - Announcing Pwn2Own Automotive for 2025 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9fb6075c-0c95-4e29-bb55-6984fc7b90fe/IVI+Table.png Blog - Announcing Pwn2Own Automotive for 2025 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3fe3a053-8693-40bf-8138-e0000c12b6b7/EV+Charger+Table-v2.png Blog - Announcing Pwn2Own Automotive for 2025 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/604ec579-2fc6-4bc0-99f1-bf1a1efc4860/OS+Table.png Blog - Announcing Pwn2Own Automotive for 2025 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5ef33d46-5914-4527-b8df-0c8456256f7b/TM_Logo_Primary_2c_1200x255.png Blog - Announcing Pwn2Own Automotive for 2025 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/69a89c20-afd2-4bfd-94ec-804667452cd0/VicOne+Logo_1-primary-light.png Blog - Announcing Pwn2Own Automotive for 2025 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/9/18/exploiting-exchange-powershell-after-proxynotshell-part-3-dll-loading-chain-for-rce monthly 0.5 2024-09-19 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/17bac43f-b67c-4dc9-a975-9b0c2c493919/Picture1.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE - Make it stand out Figure 1 - Bypassing the extension protection with argument injection https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/21b45402-adc5-428a-89b4-250cb2a90c52/Picture2.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE - Make it stand out Figure 2 - Extracting entire directory structure - bypassing the file removal routine https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2bc9cabd-f67a-4d58-a9f0-b51cf4a4b297/Picture3.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE - Make it stand out Figure 3 - Extracting multiple files with single expand execution https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d4f431bc-5277-4446-9b2d-d60eb063e8dc/Picture4.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE - Make it stand out Figure 4 - CAB file with invalid file name https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/32f1c6f7-48d9-4eb3-adad-caef8b6a6c98/Picture5.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE - Make it stand out Figure 5 - Failed extraction attempt - corrupted CAB file https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3f638c6d-271f-492a-9cf2-1ccc4485b1c2/Picture6.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE - Make it stand out Figure 6 - expand accessing C:\Windows\Logs\DPX\setupact.log file https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/75993915-4ec8-4f43-b080-052e7003a166/Picture7.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE - Make it stand out Figure 7 - GUID leaked in setupact.log https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/200c4a21-1b96-4fb0-8abc-9fb91fd2ca05/Picture8.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE - Make it stand out Figure 8 - Sample SMB share for exploitation https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3d31ae3f-0000-4ed9-bd9a-93e72239268c/Picture9.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE - Make it stand out Figure 9 - Retrieving leaked GUID with XXE https://www.thezdi.com/blog/2024/9/11/exploiting-exchange-powershell-after-proxynotshell-part-2-approvedapplicationcollection monthly 0.5 2024-09-12 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4a8f79be-74ed-4eb6-b555-5fa7a607e602/meme.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 2 - ApprovedApplicationCollection - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6f1342f8-04bb-4b1e-a935-90cfeacbd094/Picture2.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 2 - ApprovedApplicationCollection - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f094805d-20d1-4150-895e-d2757961fbb6/Picture3.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 2 - ApprovedApplicationCollection - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/848852d2-87de-4a10-b538-0dccab795668/Picture4.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 2 - ApprovedApplicationCollection - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/9/10/the-september-2024-security-update-review monthly 0.5 2024-10-08 https://www.thezdi.com/blog/2024/9/4/exploiting-exchange-powershell-after-proxynotshell-part-1-multivaluedproperty monthly 0.5 2024-09-05 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9db6113e-04e2-4682-8428-0241111c9817/mvpscheme-new.png Blog - Exploiting Exchange PowerShell After ProxyNotShell: Part 1 - MultiValuedProperty - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks-archive monthly 0.5 2024-09-04 https://www.thezdi.com/blog/2024/8/27/cve-2024-37079-vmware-vcenter-server-integer-underflow-code-execution-vulnerability monthly 0.5 2024-08-28 https://www.thezdi.com/blog/2024/8/22/from-pwn2own-automotive-taking-over-the-autel-maxicharger monthly 0.5 2024-08-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/069edfc3-e97a-4ab0-9312-fd3c6ba1f7f4/Picture1.jpg Blog - From Pwn2Own Automotive: Taking Over the Autel Maxicharger - Make it stand out Figure 1 - A comparison of the v1.32 and v1.35 firmware versions https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/123f2e13-f35e-416b-af58-0a92b6c7b8de/Picture2.jpg Blog - From Pwn2Own Automotive: Taking Over the Autel Maxicharger - Make it stand out Figure 2 - Comparing v1.32 to v1.35 to show the removal of the back door https://www.thezdi.com/blog/2024/8/14/cve-2024-38213-copy2pwn-exploit-evades-windows-web-protections monthly 0.5 2024-08-21 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a0bf33b9-5251-48ca-844b-3b237b5676c4/Picture1.png Blog - CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protections - Make it stand out Figure 1 – Search query logic that opens a WebDAV share through Windows Explorer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/46bf00a8-6e4b-4312-ae7e-30b0c6edb7dd/Picture2.png Blog - CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protections - Make it stand out Figure 2 – Microsoft Edge prompts users to open the WebDAV share in Windows Explorer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/50321cca-e6cc-448f-af6a-84cfa5708a87/Picture3.png Blog - CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protections - Make it stand out Figure 3 – The Windows Explorer window is crafted to only display poc.lnk.zip https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/51e7f8e8-9e59-493b-8436-fe2d675b3d7e/Picture4.png Blog - CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protections - Make it stand out Figure 4 – ZoneId=3 is applied to files that originate from an untrusted source https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/268e104b-dfc7-4f77-aeae-81e8eae67d75/Picture5.png Blog - CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protections - Make it stand out Figure 5 – A security prompt shown due to the presence of the Mark-of-the-Web https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8ec7cd59-a472-4c43-8110-5d3ed7e8b9ab/Picture6.png Blog - CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protections - Make it stand out Figure 6 – A Windows Defender SmartScreen prompt https://www.thezdi.com/blog/2024/8/13/the-august-2024-security-update-review monthly 0.5 2024-08-13 https://www.thezdi.com/blog/2024/8/1/introducing-the-vanguard-awards monthly 0.5 2024-08-12 https://www.thezdi.com/blog/2024/7/31/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-3 monthly 0.5 2024-10-30 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3050bd47-ddb7-4c1b-8757-bdc99895e821/Screenshot+2024-07-31+at+9.38.39%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 3 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e9112104-5c1c-4501-a7fc-86064384e909/Screenshot+2024-07-31+at+7.26.14%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 3 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d0320748-26af-413f-801e-e58984ca65fa/Screenshot+2024-07-31+at+7.26.25%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 3 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b3f986e0-f669-4424-99fb-706f2f301723/Screenshot+2024-07-31+at+7.27.31%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 3 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2f8f2ac3-c9bb-4fc2-a2da-7abbca28649d/Screenshot+2024-07-31+at+7.27.42%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 3 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0f5e79ec-b1ed-4822-9370-37e407350269/Screenshot+2024-07-31+at+7.27.56%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 3 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2 monthly 0.5 2024-07-31 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6c9bbae3-2d74-449c-b883-0a4812f99022/Screenshot+2024-07-30+at+3.48.57%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a040212b-83f4-41a9-831f-ed5befb08b6a/Screenshot+2024-07-30+at+3.49.22%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/cfef1b02-9bf3-4071-bcc6-db9479b14e92/Screenshot+2024-07-30+at+3.49.51%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7a9bac03-adeb-494e-907e-a07783f5f0c0/Screenshot+2024-07-30+at+3.50.05%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f9f55a09-d483-4589-b35a-066ec863befd/Screenshot+2024-07-30+at+3.50.25%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3da69ebd-7fb4-4d5e-8f37-4cf92d551f14/Screenshot+2024-07-30+at+3.50.41%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/335591d3-fc23-4cb1-8f4e-591be1239477/Screenshot+2024-07-30+at+3.50.56%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f4692ac9-45d1-4a04-8b6c-d4206d94cdc0/Screenshot+2024-07-30+at+3.51.24%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1 monthly 0.5 2024-07-30 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ab0222c2-7060-4291-a1bf-9cc424e512a8/Screenshot+2024-07-29+at+8.04.37%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c3ba62ba-7454-4d2b-809b-eeb771de39c6/Screenshot+2024-07-29+at+8.11.16%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/27f6758c-e9a0-4084-871b-f74a6de90f75/Screenshot+2024-07-29+at+8.04.50%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2c5ea64f-0e02-4b27-961d-1986d3e14e35/Screenshot+2024-07-29+at+8.08.29%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/62ae365c-16cd-4a25-a805-2331ee62135d/Screenshot+2024-07-29+at+8.08.47%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8ecc294a-2055-4f6a-b72d-691a73581fe7/Picture6.jpg Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9d8976dc-4900-4a70-ac57-a1ac04cc0ce7/Screenshot+2024-07-29+at+8.09.01%E2%80%AFPM.png Blog - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/7/25/multiple-vulnerabilities-in-the-deep-sea-electronics-dse855 monthly 0.5 2024-07-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ec4448d8-5cf1-4061-a3c2-82655134d726/Picture1.jpg Blog - Multiple Vulnerabilities in the Deep Sea Electronics DSE855 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6ace249f-58de-4a81-a1f0-b4fa3ad01786/Picture2.jpg Blog - Multiple Vulnerabilities in the Deep Sea Electronics DSE855 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/be29573b-b428-4154-a908-61a0f7d0f0c1/Picture3.jpg Blog - Multiple Vulnerabilities in the Deep Sea Electronics DSE855 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5b455867-12fa-48fe-a96d-d30d66cfa9c6/Picture4.png Blog - Multiple Vulnerabilities in the Deep Sea Electronics DSE855 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/7/16/announcing-pwn2own-ireland-2024 monthly 0.5 2024-07-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/80567d6d-6763-48a1-b55e-40141a44712e/Phones.jpg Blog - Announcing Pwn2Own Ireland – Bringing Pwn2Own (and WhatsApp) to the Emerald Isle - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/cc8d9283-3471-40ba-aa27-93afece0c06f/whatsapp.jpg Blog - Announcing Pwn2Own Ireland – Bringing Pwn2Own (and WhatsApp) to the Emerald Isle - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/daf16759-3edf-4e3b-8e88-402816123658/soho3.jpg Blog - Announcing Pwn2Own Ireland – Bringing Pwn2Own (and WhatsApp) to the Emerald Isle - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1fe3b307-f63b-411a-bd09-47425def132c/Cameras2.jpg Blog - Announcing Pwn2Own Ireland – Bringing Pwn2Own (and WhatsApp) to the Emerald Isle - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/91e9cf7a-2b53-4c65-b718-56bd2b59a882/SmartHubs.jpg Blog - Announcing Pwn2Own Ireland – Bringing Pwn2Own (and WhatsApp) to the Emerald Isle - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/caf3979d-b8bd-423e-b01d-7278309efc14/Printers.jpg Blog - Announcing Pwn2Own Ireland – Bringing Pwn2Own (and WhatsApp) to the Emerald Isle - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/eb6c9f9a-bb7d-42e7-a442-c29931d429ee/Speakers.jpg Blog - Announcing Pwn2Own Ireland – Bringing Pwn2Own (and WhatsApp) to the Emerald Isle - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/85a3c090-9b86-4d49-a684-94819749f6ee/NAS+Devices.jpg Blog - Announcing Pwn2Own Ireland – Bringing Pwn2Own (and WhatsApp) to the Emerald Isle - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5d04986c-243e-4a56-9e57-f4e0170fd893/SMallMeta_Lockup_PositivePrimary_RGB+copy.png Blog - Announcing Pwn2Own Ireland – Bringing Pwn2Own (and WhatsApp) to the Emerald Isle - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f220ab4f-a0ab-4f82-8203-823a872cad74/Synology_logo_Standard.png Blog - Announcing Pwn2Own Ireland – Bringing Pwn2Own (and WhatsApp) to the Emerald Isle - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/7/15/uncoordinated-vulnerability-disclosure-the-continuing-issues-with-cvd monthly 0.5 2024-07-15 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4ec67857-95fb-4abb-bca1-3d6ef7f80245/Haifei+Li+Tweet.png Blog - Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD - Make it stand out Figure 1 - Tweet from Haifei Li - https://x.com/HaifeiLi/status/1810743597127582135 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/83c1eb3e-cecc-4172-bcf4-57e6203385d0/testanull+Tweet.png Blog - Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD - Make it stand out Figure 2 - Tweets from Kẻ soi mói - https://x.com/testanull/status/1810837531770134709 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4325f557-bb06-4a68-b60c-9a0594ede4ec/Chompy+Tweet.png Blog - Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD - Make it stand out Figure 3 - Tweet from Valentina Palmiotti - https://x.com/chompie1337/status/1800691497949614135 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c1447773-d550-48bb-b629-b05cf231a5d1/Setting-the-standard-for-vulnerability-response-TS.jpg Blog - Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD - Make it stand out Figure 4 – Microsoft’s view of the vulnerability lifecycle https://www.thezdi.com/blog/2024/7/9/the-july-2024-security-update-review monthly 0.5 2024-07-26 https://www.thezdi.com/blog/2024/7/1/getting-unauthenticated-remote-code-execution-on-the-logsign-unified-secops-platform monthly 0.5 2024-07-01 https://www.thezdi.com/blog/2024/6/11/the-june-2024-security-update-review monthly 0.5 2024-06-12 https://www.thezdi.com/blog/2024/5/29/cve-2024-30043-abusing-url-parsing-confusion-to-exploit-xxe-on-sharepoint-server-and-cloud monthly 0.5 2024-05-30 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c9bb8f01-d783-446d-87e4-94a637c8488b/XmlSecureResolver.png Blog - CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud - Make it stand out Figure 1 XmlSecureResolver initialization https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/26fdf097-fb42-4206-8d1c-42eec51f1ad3/exception.png Blog - CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud - Make it stand out Figure 2 Exception thrown during XXE->SSRF https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d140adc4-1604-4afb-97cb-7cc0241823a0/resolverExample.png Blog - CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud - Make it stand out Figure 3 Simplified sample restrictions applied by XmlSecureResolver https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b1a9e76f-da7a-45a3-ab66-ef581d9e05b8/spxmldatasource.png Blog - CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud - Make it stand out Figure 4 SPXmlDataSource - handling of malformed URL https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5599f5ab-4934-4854-8450-b197b9f2e0c0/exploitation.png Blog - CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud - Make it stand out Figure 5 SharePoint XXE - entire exploitation scenario https://www.thezdi.com/blog/2024/5/23/mindshare-decapping-chips-for-electromagnetic-fault-injection-emfi monthly 0.5 2024-07-24 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c800eb1a-fe7f-47c9-93fe-4d6a1fedba7b/Picture1.jpg Blog - MindShaRE: Decapping Chips for Electromagnetic Fault Injection (EMFI) - Make it stand out Figure 1 - The ChipSHOUTER-PicoEMP https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f279d25f-9a31-4b90-a57f-a546d8fdbae9/Picture2.jpg Blog - MindShaRE: Decapping Chips for Electromagnetic Fault Injection (EMFI) - Make it stand out Figure 2 - Example of tools used https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fca9ae6b-1614-42ec-ad3e-20e934cb7c83/Picture3.jpg Blog - MindShaRE: Decapping Chips for Electromagnetic Fault Injection (EMFI) - Make it stand out Figure 3 - Applying sulfuric acid https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1a4275b0-1e64-4a3e-b3df-e974ebdc8286/Picture4.jpg Blog - MindShaRE: Decapping Chips for Electromagnetic Fault Injection (EMFI) - Make it stand out Figure 4 - Time lapse of decapping process https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/015720ba-ef66-47b1-9493-851283da9d88/Picture5.jpg Blog - MindShaRE: Decapping Chips for Electromagnetic Fault Injection (EMFI) - Make it stand out Figure 5 - End result of decapping https://www.thezdi.com/blog/2024/5/14/the-may-2024-security-update-review monthly 0.5 2024-05-16 https://www.thezdi.com/blog/2024/5/9/cve-2024-21115-an-oracle-virtualbox-lpe-used-to-win-pwn2own monthly 0.5 2024-05-09 https://www.thezdi.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome monthly 0.5 2024-05-02 https://www.thezdi.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability monthly 0.5 2024-04-23 https://www.thezdi.com/blog/2024/4/9/the-april-2024-security-updates-review monthly 0.5 2024-04-09 https://www.thezdi.com/blog/2024/3/21/pwn2own-vancouver-2024-day-two-results monthly 0.5 2024-03-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/62d691ea-3247-4f49-8d17-9b7374a6a238/P2O+Van2024+Leaderboard+Vertical-Final.jpg Blog - Pwn2Own Vancouver 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2f3b0f01-00aa-4eb8-a0a7-19edbb9ba05c/Image+%287%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/89634da2-8a87-4720-9b10-cc44e19128d5/starlabs-wmware.png Blog - Pwn2Own Vancouver 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/13551898-f933-46be-b978-6f184daa2c60/Image+%288%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ccda38e7-0b7a-49a6-ac94-1b7409ecca46/Image+%2810%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e9f80283-3818-46bf-834f-2d2082b2cde0/Image+%2811%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/95488682-0613-4b54-83f2-cd1136dc7b89/Selected+photo+%282%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f132036b-937c-4b88-a5a0-f7c08e4bb4c5/Image+%2812%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0083adaa-543d-4e3e-b7db-d902ad49a9b2/Image+%2813%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/73b564ca-5ed0-4b14-9228-5685cda508c1/Selected+photo+%283%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3375d1a2-37e7-4123-873e-47a094989f5a/Image+%2814%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/43c59232-bc5d-4e16-953e-a3c94d6a16d9/Selected+photo+%284%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/3/20/pwn2own-vancouver-2024-day-one-results monthly 0.5 2024-03-21 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f0745f2d-ea4b-4660-8976-c444986b538b/Day+One+Corrected.jpg Blog - Pwn2Own Vancouver 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/14c5eed6-14c5-4c2d-a711-777ac7d8ca14/MicrosoftTeams-image+%286%29.png Blog - Pwn2Own Vancouver 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e2644192-624c-4fbe-b36b-7d438fd261a2/Image.jpeg Blog - Pwn2Own Vancouver 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7dc7447e-6f85-4d3a-a101-a15ebb072b50/Image+%281%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/992a1571-da20-45fd-81ba-d0833676a613/theori-vmware-win11.png Blog - Pwn2Own Vancouver 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/89f33f3f-6e1a-4c3b-8987-92cef9a7286b/Selected+photo.jpeg Blog - Pwn2Own Vancouver 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/03ac4218-2dba-40ff-ab04-1c558b5ae109/Wybrane+zdje%CC%A8cie.jpeg Blog - Pwn2Own Vancouver 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0adf47dc-0ffc-4b8e-8766-97a35be51d6d/Image+%283%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e7972320-e211-4667-b328-0c1e3c6ae2a3/Selected+photo+%281%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5453a23c-4e7b-4272-9a09-108ad3de3b84/Dodano+1+zdje%CC%A8cie.jpeg Blog - Pwn2Own Vancouver 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/20e9e89a-dd3b-4166-ae9e-b47c4bedc8fe/Image+%282%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/bcb3e6cc-990a-4456-ac2e-9e923b332a50/Image+%285%29.jpeg Blog - Pwn2Own Vancouver 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/3/19/pwn2own-vancouver-2024-the-full-schedule monthly 0.5 2024-03-20 https://www.thezdi.com/blog/2024/3/12/the-march-2024-security-update-review monthly 0.5 2024-03-15 https://www.thezdi.com/blog/2024/3/6/cve-2023-36049-microsoft-net-crlf-injection-arbitrary-file-writedeletion-vulnerability monthly 0.5 2024-03-06 https://www.thezdi.com/blog/2024/2/13/the-february-2024-security-update-review monthly 0.5 2024-02-14 https://www.thezdi.com/blog/2024/2/5/cve-2023-46263-ivanti-avalanche-arbitrary-file-upload-vulnerability monthly 0.5 2024-02-06 https://www.thezdi.com/blog/2024/1/25/pwn2own-automotive-2024-day-three-results monthly 0.5 2024-09-23 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/40849ee5-a0b3-48f9-84f0-7fc1d2e85e61/IMG_4161.jpg Blog - Pwn2Own Automotive 2024 - Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/745dcc83-4353-4321-83bb-c7e6ac8e4cfc/Image.jpeg Blog - Pwn2Own Automotive 2024 - Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6027083e-e866-440b-80a5-42bc117105bc/Image+%281%29.jpeg Blog - Pwn2Own Automotive 2024 - Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e54fd8e2-97df-4d2f-a72c-ea2c9c66eea7/leaderboardfinal.png Blog - Pwn2Own Automotive 2024 - Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/1/24/pwn2own-automotive-2024-day-two-results monthly 0.5 2024-01-31 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c4c3631b-11ad-4a7d-a08d-95d1fb7120dd/3440B620-C67A-4CD7-9988-2FF8C4525122..jpg Blog - Pwn2Own Automotive 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/705afceb-e710-4814-bf5b-c24bab59d8ff/Dodano+1+zdje%CC%A8cie.jpeg Blog - Pwn2Own Automotive 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2538ec09-69b2-4fcd-aadc-403d04ca2b2d/IMG_3438.png Blog - Pwn2Own Automotive 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c1ede94f-9758-4244-b1a8-0e84b1365a27/MicrosoftTeams-image.png Blog - Pwn2Own Automotive 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/32e17f1c-f301-4ded-b26a-0f74dfb5db8e/IMG_3440.jpeg Blog - Pwn2Own Automotive 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/dfef3287-4ef3-4416-b5dd-b21226669928/IMG_3441.jpeg Blog - Pwn2Own Automotive 2024 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/1/24/pwn2own-automotive-2024-day-one-results monthly 0.5 2024-02-01 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/447edb56-d704-43ea-83b4-97d7d54a9862/IMG_4144.jpg Blog - Pwn2Own Automotive 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/12c092d6-87dc-4271-9313-6b07ae6c3e13/Dodano+1+zdje%CC%A8cie.jpeg Blog - Pwn2Own Automotive 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/da068438-294a-416d-9dd4-9a5d119e4b63/Image+%281%29.jpeg Blog - Pwn2Own Automotive 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/81875241-181e-4a25-8303-50073dc6a9c8/Dodano+1+zdje%CC%A8cie+%281%29.jpeg Blog - Pwn2Own Automotive 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/81a10ab7-9d52-4e3c-b08f-213373f9a3b8/Image.jpeg Blog - Pwn2Own Automotive 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2ad0a5ff-fcc1-4c42-8697-4752604282c1/C2259821-104A-492C-9EB6-42AA6684BCDF..jpg Blog - Pwn2Own Automotive 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3876eb6f-f267-497b-9b84-e879fa42638a/image.png Blog - Pwn2Own Automotive 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4f56cf87-9841-44b2-aae1-11ad7d2471c7/IMG_3431.jpeg Blog - Pwn2Own Automotive 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8cc0ebfd-b048-4328-bcfd-340346fc0cb2/Dodano+1+zdje%CC%A8cie+%282%29.jpeg Blog - Pwn2Own Automotive 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/efafeeee-b755-4754-91c8-a2e918501cdd/IMG_3432.jpeg Blog - Pwn2Own Automotive 2024 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/1/23/pwn2own-automotive-2024-the-full-schedule monthly 0.5 2024-01-23 https://www.thezdi.com/blog/2024/1/16/pwn2own-vancouver-2024-bring-cloud-nativecontainer-security-to-pwn2own monthly 0.5 2024-03-01 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9f3bbb31-59ef-46f5-b166-046a6dbfbf20/Browsers.png Blog - Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1a6fc7f6-8ab9-45f4-bfb4-73da8f18efbc/CloudContainer.png Blog - Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f22879cb-7d45-48ce-aa7b-3d7836042e2b/Virtualization.png Blog - Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ae59a6f5-aee5-4223-9e94-4810e92270fa/EntApps.png Blog - Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/10509e8a-9ef2-4cc4-b1cd-cb99312fa3ea/Servers.png Blog - Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1d44921a-c12e-445e-8be0-4e33581801ba/EoP.png Blog - Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b3a37340-0738-44d9-8a53-b8b6ac6792a5/EntComms2.png Blog - Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/18decf08-756a-4bb4-b35e-4178f4d4ee02/Automotive.png Blog - Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2024/1/9/the-january-2024-security-update-review monthly 0.5 2024-01-09 https://www.thezdi.com/blog/2024/1/4/looking-back-at-the-zdi-activities-from-2023 monthly 0.5 2024-01-04 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/feca941a-d696-481b-bc81-148e37c842da/SynacktivTesla.png Blog - Looking Back at the ZDI Activities from 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/74a6db86-087f-4c32-9723-8b784a810ba9/Slide2.jpeg Blog - Looking Back at the ZDI Activities from 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2ae5c67a-ad85-4b8e-895a-6c2a7f913fc3/Slide3.jpeg Blog - Looking Back at the ZDI Activities from 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/69e862af-ae9a-4077-a863-785c1214d57e/vendors.jpg Blog - Looking Back at the ZDI Activities from 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/431f99be-ce09-4eb4-9fd9-0e1ca2b59417/Slide4.jpeg Blog - Looking Back at the ZDI Activities from 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d0570391-fff6-4df7-8513-4a794e555f27/Slide5.jpeg Blog - Looking Back at the ZDI Activities from 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/12/12/the-december-2023-security-update-review monthly 0.5 2023-12-13 https://www.thezdi.com/blog/2023/12/5/attack-surface-of-the-ubiquiti-connect-ev-station monthly 0.5 2023-12-05 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6a8ea5e7-e427-4752-bad4-a712100691d3/1-Ubiquity-EV-Station-Qualcomm-Overview-IMG_3334.JPG Blog - Attack Surface of the Ubiquiti Connect EV Station - Make it stand out Figure 1 - Overview image of the main PCB of the Ubiquiti EV Station https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0b9b3d35-28f3-44a3-91a1-0f63dd030266/2-Ubiquity-EV-Station-Qualcomm-Detail-IMG_3362.JPG Blog - Attack Surface of the Ubiquiti Connect EV Station - Make it stand out Figure 2 - Detail image of the EV Station Qualcomm APQ8053 SoC, Samsung KMQX60013A-B419 DRAM / NAND and UART Debug Port https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a569b4b5-ae2b-47da-b7e7-1387dd5fc1b7/Fig3-Straight-Ubiquity-EV-Station-Realtek-Detail-IMG_3359.png Blog - Attack Surface of the Ubiquiti Connect EV Station - Make it stand out Figure 3 - Detail image of the EV Station Realtek RTL8153-BI Ethernet controller https://www.thezdi.com/blog/2023/11/28/a-detailed-look-at-pwn2own-automotive-ev-charger-hardware monthly 0.5 2023-11-29 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/90a704e5-c84d-4b60-96fb-0781706abd41/Autel-Maxi-IMG_7467.png Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 1 - The Autel Maxi metrology board hosts the ST Micro STM32F407ZGT6 and Renergy RN830(B). https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/50756b89-cb42-429d-94ba-033bfde135f9/Autel-Maxi-IMG_7466.png Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 2 - The Autel Maxi mobile communication PCB hosts the Quectel EC25-AFX. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d1c29348-76b1-48ab-949d-6a25c120cb5f/Autel-Maxi-IMG_7464.png Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 3 - The Autel Maxi CPU PCB hosts the GigaDevices GD32F407, an Espressif ESP32-WROOM, a Winbond flash storage chip, and a Barrot BR8051A01 Bluetooth radio. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b05d9c21-1437-481d-9b70-a8dabb988ee2/Autel-Maxi-IMG_7465.png Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 4 -The reverse side of the Autel Maxi CPU board contains the Barrot BR8051A01 Bluetooth radio. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/57f4a670-1f64-4917-b0e1-2d94b0c54f36/Autel-Barrot-BT.jpeg Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 5 - A detailed look at the Barrot BR8051A01 Bluetooth radio. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d82e13d8-7918-46a6-8c81-9588e48984bb/ChargePoint-Home-Flex-CPU-Board-Side-0.png Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 6 – ChargePoint Home Flex CPU board side 1, with Atmel ARM CPU, WiFi radio, and Bluetooth LE radio. P3 serial port labels have been added to the image. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/213e7321-1b65-4ae5-b80f-b05edf0b7092/ChargePoint-Home-Flex-CPU-Board-Side-1.png Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 7 – ChargePoint Home Flex CPU board, side 2. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ba8568a2-f580-480c-9a37-ac2e8d96cea7/ChargePoint-Home-Flex-Metrology-Board-Side-0.png Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 8 – ChargePoint Home Flex metrology board side 1, with MSP430 microcontroller. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1f102a55-0ff7-4b2f-8f50-2e12fa5884a8/ChargePoint-Home-Flex-Metrology-Board-Side-1.png Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 9 - ChargePoint Home Flex metrology board side 2. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/07fc18ce-9add-42ea-be33-306cfdebe9fe/Emporia-IMG_3307.JPG Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 10 - Emporia Smart Home EV Charger employs a single board design. The ESP32 module is to the left, and the MSP430 is in the center. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d97b71f8-390a-44a3-8dc3-cee50e9101bc/Emporia-IMG_3324.jpg Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 11 - Emporia Smart Home EV Charger detail image of the TI MSP430F6736A used for metrology. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9c911a53-2589-41ec-afd2-e4d4cc225941/Juicebox-IMG_3365.jpg Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 12 - Enel X Way Juicebox 40 EV Charger main PCB hosts both application and metrology. The Silicon Labs WGM160PX22KGA3 is shown in the lower right of this figure, and the Atmel ATmega328P is shown in the middle. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/dce997fc-633c-44dd-a77c-170726457bb9/Juicebox-IMG_3368.JPG Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 13 - Enel X Way Juicebox 40 EV Charger main PCB is shown with the Atmel M90E36A metrology processor shown to the right. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/cf56d34d-8bca-4250-8cb2-c85f8e6e3b59/Juicebox-IMG_3371.jpg Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 14 - Enel X Way Juicebox 40 EV Charger detail view of Silicon Labs WGM160PX22KGA3. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a1661fca-c5f9-4414-93e5-05512c94fd46/Phoenix-Contact-Charx-3100-CPU-Board-Side-0.png Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 15 - Phoenix Contact CPU Board Side 1. This CPU board contains the NXP MCIMX6G2CVM05AB - i.MX 6UltraLite Processor, the Micron MT41K256M16TW-107 IT:P - 4gb DDR3 memory module, and the Micron MTFC8GAKAJCN-4M IT - 64 Gbit MMC NAND flash. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c6b835d5-d352-48f4-8b7e-6493f9e8a937/Phoenix-Contact-Charx-3100-CPU-Board-Side-1.png Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 16 - Phoenix Contact CPU Board Side 2. This side of the CPU board has two Ethernet controller chips and the Infineon OPTIGATM TPM SLB 9670 TPM2.0 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/94c146e0-2516-453f-a8bc-cf9a19db2400/Phoenix-Contact-Charx-3100-Metrology-Board-Side-0.png Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 17 - Phoenix Contact Metrology Board Side 1. The metrology board hosts circuitry for power metering. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3a3e97c1-ba1c-495c-b633-713f7edb8fce/Phoenix-Contact-Charx-3100-Metrology-Board-Side-1.png Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 18 - Phoenix Contact Metrology Board Side 2. The metrology board hosts a STM32F303 Arm microcontroller and communicates with the CPU board over the inter-board bus connector shown on the left side of the board in this figure. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9cd85cc8-126e-4aab-a6d1-e79c5c2f10dd/Ubiquity-EV-Station-Qualcomm-Overview-IMG_3334.JPG Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 19 - Ubiquity EV Station CPU board. The Ubiquity EV Station is a highly integrated device based around a Qualcomm APQ8053 SoC. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/dfb6a4b9-fe97-4b1d-bfb6-8aa86660ea8f/Ubiquity-EV-Station-Qualcomm-Detail-IMG_3362.JPG Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 20 - Ubiquity EV Station CPU board, showing details of the Qualcomm APQ8053 SoC and Samsung KMQX60013A-B419 combination flash storage and RAM device. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3f7716c0-42c6-4521-83a1-ac801760ead5/Straight-Ubiquity-EV-Station-Realtek-Detail-IMG_3359.png Blog - A Detailed Look at Pwn2Own Automotive EV Charger Hardware - Make it stand out Figure 21 - Ubiquity EV Station detail image of Realtek RTL8153-BI Ethernet controller. https://www.thezdi.com/blog/2023/11/14/the-november-2023-security-update-review monthly 0.5 2023-11-14 https://www.thezdi.com/blog/2023/11/8/how-to-modifying-ev-chargers-for-benchtop-experiments monthly 0.5 2023-11-09 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d3e5b63e-ab4b-4fcc-ac81-e7312ed08b4b/Picture1.png Blog - How To: Modifying EV Chargers for Benchtop Experiments - Make it stand out Figure 1 - Typical EV charger residential input cable plug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2e70aff1-48ca-4e9f-8962-3d0912c8bf47/Picture2.jpg Blog - How To: Modifying EV Chargers for Benchtop Experiments - Make it stand out Figure 2 - Typical EV charger output cable plug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/be7b3cbf-b2b6-4e10-9d90-3444bcd06051/Picture3.jpg Blog - How To: Modifying EV Chargers for Benchtop Experiments - Make it stand out Figure 3 - Output cable terminals found on the Ubiquity charger https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/125b7a21-dcad-4a73-8afe-bd4f27cdf3b7/Picture4.jpg Blog - How To: Modifying EV Chargers for Benchtop Experiments - Make it stand out Figure 4 - Output cable terminals found on the Juicebox charger https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/19639cff-07a5-47d9-8f9f-b17757ef1f6b/Picture5.jpg Blog - How To: Modifying EV Chargers for Benchtop Experiments - Make it stand out Figure 5 - Output cable terminals found on the Autel charger https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/304c0317-51c8-4985-bf17-d8d29cf239d8/Picture6a.jpg Blog - How To: Modifying EV Chargers for Benchtop Experiments - Make it stand out Figure 6 - Example of an AC to AC step-up/step-down transformer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/16b83efb-8467-42db-be4a-d1b3fccf6e02/Picture7.jpg Blog - How To: Modifying EV Chargers for Benchtop Experiments - Make it stand out Figure 7 - Example of a new input cable prepared for attachment https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/bae4d62d-3274-4edf-bdd1-16d651f74527/Picture8.jpg Blog - How To: Modifying EV Chargers for Benchtop Experiments - Make it stand out Figure 8 - Input cable attachment terminals in an Autel charger https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c3f73f0f-8a58-4e86-8e0c-157db45ef469/Picture9.jpg Blog - How To: Modifying EV Chargers for Benchtop Experiments - Make it stand out Figure 9 - Input cable attached to the 230V port on the transformer https://www.thezdi.com/blog/2023/11/1/unpatched-powerful-ssrf-in-exchange-owa-getting-response-through-attachments monthly 0.5 2023-12-08 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a5e7dbe3-3c49-4588-ade1-67d56ed91406/addattachment.png Blog - Unpatched Powerful SSRF in Exchange OWA – Getting Response Through Attachments - Make it stand out Figure 1 — Inserting an attachment through the GUI https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3707021b-7ec7-4d27-a848-93cfbbebf1bd/exploit.png Blog - Unpatched Powerful SSRF in Exchange OWA – Getting Response Through Attachments - Make it stand out Figure 2 — SSRF Exploit – retrieving the response from internal Tomcat server https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/95f05a59-c3fd-4816-98f4-9e8a7443bef2/attachment.png Blog - Unpatched Powerful SSRF in Exchange OWA – Getting Response Through Attachments - Make it stand out Figure 3 — SSRF response stored in the attachment https://www.thezdi.com/blog/2023/10/27/pwn2own-toronto-2023-day-four-results monthly 0.5 2023-11-03 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9b0abde4-8028-4274-863f-bd2c68e7efb9/Master+of+Pwn+Leaderboard.jpg Blog - Pwn2Own Toronto 2023 - Day Four Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1413154c-3b93-48f6-a57a-87fa609a65bd/InterruptSonos.jpeg Blog - Pwn2Own Toronto 2023 - Day Four Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a39185e6-db31-4b59-a9e6-5b40bb0c3044/Screenshot+2023-10-27+at+8.45.18+AM.png Blog - Pwn2Own Toronto 2023 - Day Four Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/10/26/pwn2own-toronto-2023-day-three-results monthly 0.5 2023-11-03 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5300ac04-70e2-41ac-82a9-9a8491fab018/ClarotySOHO.JPG Blog - Pwn2Own Toronto 2023 - Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2dd0784e-0056-494e-ae54-35f2e40fbcb7/STEALIEN+Wyze.jpeg Blog - Pwn2Own Toronto 2023 - Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/20abf08a-72cd-4ee6-a866-b8ce7e8209b4/RafalWyze.png Blog - Pwn2Own Toronto 2023 - Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f572af76-84bd-478a-88a7-5049a78c244c/OrcaS23.png Blog - Pwn2Own Toronto 2023 - Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/da7968d2-c0eb-49e7-a1ae-537f0e4b82e3/SynacktivWyze2.JPG Blog - Pwn2Own Toronto 2023 - Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/77032053-5ccb-4507-b21f-0170cc000174/DSC_1252.JPG Blog - Pwn2Own Toronto 2023 - Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/10/25/pwn2own-toronto-2023-day-two-results monthly 0.5 2023-10-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f2ce289c-adc7-4481-8c49-8a0142f64ce5/ViettelSonos.jpeg Blog - Pwn2Own Toronto 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/857c828c-ad22-4832-9b53-8a9a3ee530bd/Anastasio.jpeg Blog - Pwn2Own Toronto 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5e5ca59a-2dd6-4e75-9e29-d6897ac02197/BugscaleSynology.png Blog - Pwn2Own Toronto 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/28cf67b2-b000-4216-9e23-25ebdd4738ec/ViettelHP.png Blog - Pwn2Own Toronto 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/74ed037d-275e-45b8-ad21-9eafa57749da/SAFASynology.png Blog - Pwn2Own Toronto 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3afbd985-ba96-47c7-9391-3ae139576684/OrcaSOHO.png Blog - Pwn2Own Toronto 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4745b177-a5c7-49c8-abcc-9172d1c99741/VNG-QNAP.jpeg Blog - Pwn2Own Toronto 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b62ad73c-4253-441c-8fe0-237fd0a86dd9/Sincology.jpg Blog - Pwn2Own Toronto 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4f12f42c-84e1-478f-96ef-34b06f32ec9c/SonarWyze.png Blog - Pwn2Own Toronto 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1d89cc79-2252-4a7c-8c73-dace289d4e4e/SEFCOM_Wyze.png Blog - Pwn2Own Toronto 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/246e7d4d-e08c-45cf-82f5-9b09ba7f6165/Interrupt_Galaxy.png Blog - Pwn2Own Toronto 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e1c0081e-a59b-445c-a3f2-b27235c1cc36/ToChimS23.jpeg Blog - Pwn2Own Toronto 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/bf92d645-8272-47b3-86a0-78e9062da83c/ANHTUD.jpeg Blog - Pwn2Own Toronto 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/10/24/pwn2own-toronto-2023-day-one-results monthly 0.5 2023-10-24 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/bba1f4a8-8678-4c3c-aee7-42af7922316f/PentestLimitedNASCloseup.png Blog - Pwn2Own Toronto 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/84b228aa-ba38-4b49-a5b4-6c83625445d7/TeamViettelXiaomiCloseup.png Blog - Pwn2Own Toronto 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/cf7e0a13-d4b4-4852-92a6-10359c4e004e/SynacktivSynology.png Blog - Pwn2Own Toronto 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9d211812-b953-40f2-b563-20e113d6fd57/QNAP.png Blog - Pwn2Own Toronto 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7cde967f-beda-4be1-be51-dafcf9e886f8/AnonymousCanon.png Blog - Pwn2Own Toronto 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9f269f44-efa3-4e17-8613-4ee91de36f79/PentestS23.jpeg Blog - Pwn2Own Toronto 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/32036d3e-b894-4ec7-9d81-fb008c85b023/ViettelQNAP.jpeg Blog - Pwn2Own Toronto 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6b4b983c-386b-452c-acd5-26cd7639c752/STARLabsQNAP.jpeg Blog - Pwn2Own Toronto 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4d8e35c3-8b81-40b2-8006-abe9145316bf/NCCXiaomi.jpeg Blog - Pwn2Own Toronto 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/abfa463d-a36d-4111-8155-6b187378a9ab/STARSamsung.jpeg Blog - Pwn2Own Toronto 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/10/23/pwn2own-toronto-2023-the-schedule monthly 0.5 2023-10-26 https://www.thezdi.com/blog/2023/10/17/cve-2023-38600-story-of-an-innocent-apple-safari-copywithin-gone-way-outside monthly 0.5 2023-10-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/911290a9-3539-4c34-bd9c-4dd577b3329b/7-patch.png Blog - CVE-2023-38600: Story of an innocent Apple Safari copyWithin gone (way) outside - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/10/10/the-october-2023-security-update-review monthly 0.5 2023-10-10 https://www.thezdi.com/blog/2023/10/5/looking-at-the-attack-surface-of-the-sony-xav-ax5500-head-unit monthly 0.5 2023-11-03 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/be869f9c-a7c7-4d62-a282-1c376f6409c7/Picture1.png Blog - Looking at the Attack Surface of the Sony XAV-AX5500 Head Unit - Make it stand out Figure 1 - Side A of the PCB board featuring the wireless module and the ARM CPU https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c13938c5-e73f-4dd8-a0a7-4edac23aa55f/Picture2.png Blog - Looking at the Attack Surface of the Sony XAV-AX5500 Head Unit - Make it stand out Figure 2 - Side B of the PCB board featuring the wireless module and the ARM CPU https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c70c94d0-4cb8-460e-b34f-d41e93bb96bd/Picture3.png Blog - Looking at the Attack Surface of the Sony XAV-AX5500 Head Unit - Make it stand out Figure 3 - Side A of the PCB showing the MXT499T-T Adaptive Touchscreen Controller and other components https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/40d93dfb-6b70-413c-ae15-3174d6be768f/Picture4.png Blog - Looking at the Attack Surface of the Sony XAV-AX5500 Head Unit - Make it stand out Figure 4 - Side B of the PCB showing the MXT499T-T Adaptive Touchscreen Controller and other components https://www.thezdi.com/blog/2023/9/21/finding-deserialization-bugs-in-the-solarwind-platform monthly 0.5 2023-09-27 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/cc95e220-68b2-4f8b-af96-d355aaa0676a/amqp-1.png Blog - Finding Deserialization Bugs in the SolarWinds Platform - Make it stand out Figure 1 - Routing-Key in AMQP message https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/607626ca-6fbe-4c67-b7b2-88e5fda9e2e1/amqp-2.png Blog - Finding Deserialization Bugs in the SolarWinds Platform - Make it stand out Figure 2 - Deserialization Type control through AMQP properties https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d2927010-6dc5-466d-9d96-6211e08f3eec/verb-1.png Blog - Finding Deserialization Bugs in the SolarWinds Platform - Make it stand out Figure 3 - Arguments for Orion.AgentManagement.Agent.Deploy https://www.thezdi.com/blog/2023/9/12/the-september-2023-security-update-review monthly 0.5 2023-09-15 https://www.thezdi.com/blog/2023/9/7/looking-at-the-chargepoint-home-flex-threat-landscape monthly 0.5 2023-09-07 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/07d56feb-ca9d-424b-a2cf-6866ea5a36a6/Picture1.png Blog - Looking at the ChargePoint Home Flex Threat Landscape - Make it stand out Figure 1 - Front side of the CPH-50 CPU Board https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/990a1d4d-f849-4bac-bb36-c192a140afe2/Picture2.png Blog - Looking at the ChargePoint Home Flex Threat Landscape - Make it stand out Figure 2 - Back side of the CPH-50 CPU Board https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2281bebf-9208-440e-ba72-13754f02c955/Picture3.png Blog - Looking at the ChargePoint Home Flex Threat Landscape - Make it stand out Figure 3 - Front side of the ChargePoint Home Flex metrology Board https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/da84e1a2-046f-4996-b4cf-e7719ca1f81a/Picture4.png Blog - Looking at the ChargePoint Home Flex Threat Landscape - Make it stand out Figure 4 - Back side of the ChargePoint Home Flex metrology Board https://www.thezdi.com/blog/2023/8/28/revealing-the-targets-and-rules-for-the-first-pwn2own-automotive monthly 0.5 2023-08-29 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6c89c9bf-3e2d-4fda-90fa-0d07e048bf69/Tesla-3.png Blog - Revealing the Targets and Rules for the First Pwn2Own Automotive - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ef317d03-8694-4ef3-bdcc-3c2f7af99dff/Tesla_AddOn-2.png Blog - Revealing the Targets and Rules for the First Pwn2Own Automotive - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c2c0e030-1994-4324-a54e-264b809a4901/IVI.png Blog - Revealing the Targets and Rules for the First Pwn2Own Automotive - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b8c781da-6ca0-4656-87fa-79409290667e/EVChargers.png Blog - Revealing the Targets and Rules for the First Pwn2Own Automotive - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d63720e0-9553-41fb-a1fe-d1d1a1ab0353/OSes.png Blog - Revealing the Targets and Rules for the First Pwn2Own Automotive - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5ef33d46-5914-4527-b8df-0c8456256f7b/TM_Logo_Primary_2c_1200x255.png Blog - Revealing the Targets and Rules for the First Pwn2Own Automotive - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/69a89c20-afd2-4bfd-94ec-804667452cd0/VicOne+Logo_1-primary-light.png Blog - Revealing the Targets and Rules for the First Pwn2Own Automotive - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/8/22/cve-2023-35150-arbitrary-code-injection-in-xwikiorg-xwiki monthly 0.5 2023-08-23 https://www.thezdi.com/blog/2023/8/8/the-august-2023-security-update-review monthly 0.5 2023-09-08 https://www.thezdi.com/blog/2023/8/1/exploiting-a-flaw-in-bitmap-handling-in-windows-user-mode-printer-drivers monthly 0.5 2023-08-02 https://www.thezdi.com/blog/2023/7/19/cve-2023-36934-progress-software-moveit-transfer-sql-injection-remote-code-execution-vulnerability monthly 0.5 2023-07-20 https://www.thezdi.com/blog/2023/7/12/the-soho-smashup-returns-for-pwn2own-toronto-2023 monthly 0.5 2023-09-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fb444046-397f-42d6-abda-10071cf82245/Phones_v3.jpg Blog - The SOHO Smashup Returns for Pwn2Own Toronto 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/31ada749-cfd3-4c9e-a499-edfbcb4b9bae/SOHO-GoogleAdd.jpg Blog - The SOHO Smashup Returns for Pwn2Own Toronto 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f12c30d0-0910-42e0-bd75-a9c18bcd88fa/Cameras-2.jpg Blog - The SOHO Smashup Returns for Pwn2Own Toronto 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/513d66d4-b74e-4804-8553-54bb19415be5/SmartHub_v1.jpg Blog - The SOHO Smashup Returns for Pwn2Own Toronto 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2cb9391c-32d5-4a06-9da6-e4f85e8c2248/Printers_V2.jpg Blog - The SOHO Smashup Returns for Pwn2Own Toronto 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/14fe0aab-ffc1-4341-b89b-7d1eb2893730/Speakers_v1.jpg Blog - The SOHO Smashup Returns for Pwn2Own Toronto 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6a7cf4c2-a649-40df-80c8-6ef29da26b9b/nas_v1.jpg Blog - The SOHO Smashup Returns for Pwn2Own Toronto 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/14cbd29b-8ea5-4c05-9f99-7b77383d6917/GoogleDevices.jpg Blog - The SOHO Smashup Returns for Pwn2Own Toronto 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/83d78ebc-c557-4b9b-9912-825cbb9e552e/Synology_logo_Standard.png Blog - The SOHO Smashup Returns for Pwn2Own Toronto 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/25aeb9dc-7a9d-4bad-9d3f-6e5bcab892b1/Google-logo.png Blog - The SOHO Smashup Returns for Pwn2Own Toronto 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/7/10/the-july-2023-security-update-review monthly 0.5 2023-07-11 https://www.thezdi.com/blog/2023/6/29/cve-2023-20864-remote-code-execution-in-vmware-aria-operations-for-logs monthly 0.5 2023-07-17 https://www.thezdi.com/blog/2023/6/21/cve-2022-31696-an-analysis-of-a-vmware-esxi-tcp-socket-keepalive-type-confusion-lpe monthly 0.5 2023-06-30 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2091f124-ff9f-4729-ad9c-3ac874203098/Fig1-setsockopt_diff.png Blog - CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE - Make it stand out Figure 1 - FreeBSD 8.2 code (left) vs ESXi 6.7 19195723 IDA Pro decompiled code (right) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/16e77878-4486-4d2f-9d58-ae3f4af8ad1f/Fig2-bug.png Blog - CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE - Make it stand out Figure 2 - Protocol PCB type casted without validation https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/71810624-37f3-44d3-a31e-5d4a5395ed17/Fig3-type_confusion.png Blog - CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE - Make it stand out Figure 3 - The Kernel Data Structures for TCP and UDP Protocol Control Blocks as seen in FreeBSD https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/89b10c67-3c2b-42a4-af77-b1139fc1699d/Fig4-psod.png Blog - CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE - Make it stand out Figure 4 - ESXi PSOD on TCP Timers code when running the PoC https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fc7f9784-fce3-4d52-8cd7-54b3c434147a/Fig5-malloc_chunk.png Blog - CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE - Make it stand out Figure 5 - Chunk header of Doug Lea's Malloc https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/86ce28df-45df-464e-a798-d58d22cba08c/Fig6-adjacent_chunks.png Blog - CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE - Make it stand out Figure 6 - State of heap memory during type confusion https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/15cda10f-20f2-44d8-91e1-375db0e56662/Fig7-tcp_timer_callout.png Blog - CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE - Make it stand out Figure 7 - TCP timers and Callout data structures https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3b90b47f-f1ac-4e5d-823d-089307d17798/Screenshot+2023-06-21+at+7.21.53+PM.png Blog - CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7703516b-cf56-4b4b-a112-3101b2f7f0ef/Fig8-patch_diff.png Blog - CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE - Make it stand out Figure 8 - Vulnerable code (left) vs Fixed code (right) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ba622c9e-37cb-4842-bcc3-5e543a35cc60/Fig9-linux_patch.png Blog - CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE - Make it stand out Figure 9 - Linux patch for CVE-2012-6657 https://www.thezdi.com/blog/2023/6/13/the-june-2023-security-update-review monthly 0.5 2023-06-13 https://www.thezdi.com/blog/2023/6/7/adventures-in-disclosure-when-reporting-bugs-goes-wrong monthly 0.5 2023-06-08 https://www.thezdi.com/blog/2023/5/31/cve-2023-24941-microsoft-network-file-system-remote-code-execution monthly 0.5 2023-06-01 https://www.thezdi.com/blog/2023/5/24/exploiting-the-sonos-one-speaker-three-different-ways-a-pwn2own-toronto-highlight monthly 0.5 2023-05-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e18c8db7-b739-468e-8d19-d303b37e6ee0/Picture1.png Blog - Exploiting the Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/78b715f2-0053-42d2-beea-077fadd0e607/Picture2.png Blog - Exploiting the Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0e4d032c-72aa-41f9-a7b9-e51c22f3f917/Picture3.png Blog - Exploiting the Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/54fc0fca-36a3-4b20-8298-4dd73d1cea1a/Picture4.png Blog - Exploiting the Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/5/17/cve-2023-2086920870-exploiting-vmware-workstation-at-pwn2own-vancouver monthly 0.5 2023-05-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/317a86cd-6022-4701-978b-44550bdd807c/STARVMWareClose.png Blog - CVE-2023-20869/20870: Exploiting VMware Workstation at Pwn2Own Vancouver - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/5/8/the-may-2023-security-update-review monthly 0.5 2023-06-09 https://www.thezdi.com/blog/2023/5/1/cve-2023-28231-rce-in-the-microsoft-windows-dhcpv6-service monthly 0.5 2023-05-02 https://www.thezdi.com/blog/2023/4/21/tp-link-wan-side-vulnerability-cve-2023-1389-added-to-the-mirai-botnet-arsenal monthly 0.5 2023-04-24 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/66df2b77-1302-4f4f-8fe6-a322a9972731/mirai-post-request.jpg Blog - TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d2685859-9cce-4ec7-be49-c0680e6d161b/mirai-payload-downloads.jpg Blog - TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e7cf1fc0-eaf1-4374-8237-1812ae176bda/mirai-payload-download-install.jpg Blog - TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5e4e8ab4-8fef-4c1e-adc4-f64022702607/NetworkTrace.png Blog - TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/28c75f36-bf56-43bc-b1f3-29703635c597/mirai-xor-config-plaintext.jpg Blog - TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/34ffa0b3-cd10-4a7b-afad-c1af901ab190/mirai-source-code-attack-config.jpg Blog - TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f3f5e702-c457-40af-a9a8-2e9f156a5591/mirai-attack-strings-config.jpg Blog - TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/03fe2c5b-4a62-4ed4-bf17-9ce83435c088/mirai-http-config.jpg Blog - TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a7cbf484-39b7-4363-8eee-9cf0fd1890e8/mirai-source-code-config.jpg Blog - TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/4/19/cve-2022-29844-a-classic-buffer-overflow-on-the-western-digital-my-cloud-pro-series-pr4100 monthly 0.5 2023-04-20 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/acd77d14-b829-4934-866c-68e87db92478/env_setup_1.png Blog - CVE-2022-29844: A Classic Buffer Overflow on the Western Digital My Cloud Pro Series PR4100 - Make it stand out Figure 1 - Network Services Panel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/cbe7d0b7-43f9-45b6-a4d6-d6be05c5dda5/env_setup_2.png Blog - CVE-2022-29844: A Classic Buffer Overflow on the Western Digital My Cloud Pro Series PR4100 - Make it stand out Figure 2 - Control panel dialog for setting up FTP shares https://www.thezdi.com/blog/2023/4/11/the-april-2023-security-update-review monthly 0.5 2023-04-11 https://www.thezdi.com/blog/2023/4/5/bash-privileged-mode-vulnerabilities-in-parallels-desktop-and-cdpath-handling-in-macos monthly 0.5 2023-04-06 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0919946b-b4ba-4cfb-b706-1b3bdbec3265/1.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1dab36f2-819f-4ec8-b9c2-655e7b3b4e80/2.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1378f429-8739-4020-88f2-11777f2062b0/3.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ad646b65-a9e3-4228-976d-401e2a268a46/4.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/cd2e1341-b938-44fe-a813-1d9d9a4bc988/5.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1be189b1-8b30-43dd-a67f-0fbcfc0eb607/6.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/08f38ad8-d6f6-4ee0-bfdc-da1108c0f9d1/7.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a664e84f-4338-4705-8e7c-598c2dbca825/8.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/007125fd-81c0-4dfa-b60f-25de5f99cee4/Fig1.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Figure 1 - Patch diff of prl_update_helper executable https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fad996b8-d870-4ec6-9241-0a95f8c305c7/9.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3098e06c-a7ec-4cb2-81c6-1dd19b330638/Screen+Shot+2023-04-03+at+12.16.30+PM.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/adfdd7de-1b69-4c87-b2b6-4636be40a485/Screen+Shot+2023-04-03+at+12.10.47+PM.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4917db97-7d32-4a6d-bace-734afe4bc1c0/Screen+Shot+2023-04-03+at+12.11.33+PM.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c35bcf28-96b9-4778-854f-c4e075e16e7f/Screen+Shot+2023-04-03+at+12.12.17+PM.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d4041e3c-1f26-4115-aa85-4415e1fa12bc/10.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2fd5d05c-9c68-40e8-ba6f-e14c52d0a3f0/11.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/dc6d12d5-0a61-4652-ab2d-d96cb385d665/Fig2.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Figure 2 - Missing privileged mode check when handling CDPATH https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/99b7b679-5c52-4bce-8137-479677fa0354/Fig3.png Blog - Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS - Make it stand out Figure 3 - Missing privileged mode check when handling GLOBIGNORE https://www.thezdi.com/blog/2023/3/24/pwn2own-vancouver-2023-day monthly 0.5 2023-04-12 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e11696db-0334-4f95-a0f7-23ef8d064dec/Leader1.png Blog - Pwn2Own Vancouver 2023 - Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9adb3ec8-79f4-4d0f-8aa9-a1891a001c45/TeamSynacktiv.png Blog - Pwn2Own Vancouver 2023 - Day Three Results - Make it stand out Team Synacktiv: Eloi Benoist-Vanderbeken, David Berard, Vincent Dehors, Tanguy Dubroca, Thomas Bouzerar, and Thomas Imbert. They also receive a $25,000 bonus and Platinum status in 2024. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2c65ee86-8af5-4baa-b6ff-389fa68cc0f3/KyleUbuntuClose.png Blog - Pwn2Own Vancouver 2023 - Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c24d571e-e4ab-45e3-b43a-ac2367c881a6/SynacktivWin11.png Blog - Pwn2Own Vancouver 2023 - Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/317a86cd-6022-4701-978b-44550bdd807c/STARVMWareClose.png Blog - Pwn2Own Vancouver 2023 - Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/3/23/pwn2own-vancouver-2023-day-two-results monthly 0.5 2023-04-12 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3899032e-469d-4b1a-830c-a4109f4b5fb4/SynacktivOracle.png Blog - Pwn2Own Vancouver 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/feca941a-d696-481b-bc81-148e37c842da/SynacktivTesla.png Blog - Pwn2Own Vancouver 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9526441c-3e0a-46d2-8cff-f57bd2d03d71/ViettelOracle.png Blog - Pwn2Own Vancouver 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/77f3cf4a-c742-4179-b0f6-ec8766d64337/SynacktivUbuntu.png Blog - Pwn2Own Vancouver 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/3/22/pwn2own-vancouver-2023-day-one-results monthly 0.5 2023-03-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ef244948-5e68-480b-a0b6-86eb7e4991f1/AdobeReader.gif Blog - Pwn2Own Vancouver 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5e5749a6-c442-4929-8a00-1c07c9b156b4/SharePoint.png Blog - Pwn2Own Vancouver 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f3332ebf-e7da-4510-9dd5-5d6ade90cc1a/Oracle.png Blog - Pwn2Own Vancouver 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a9bd1336-8a7f-448b-8945-44ba4aaf0849/Model3.png Blog - Pwn2Own Vancouver 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7dcc53e6-4ad2-437a-b854-05a226249d63/TeslaCloseUp.png Blog - Pwn2Own Vancouver 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/bf3fc79a-5137-4873-b6bc-a9323aeb945a/Ubuntu.png Blog - Pwn2Own Vancouver 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0960d31f-0242-4bbf-878f-409305cc63f5/MarcinWin11.png Blog - Pwn2Own Vancouver 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/28ab3754-c1c3-4278-90f2-6746dc84d3f6/IMG_9598_MOV_AdobeExpress.gif Blog - Pwn2Own Vancouver 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/3/21/pwn2own-vancouver-schedule-2023 monthly 0.5 2023-03-22 https://www.thezdi.com/blog/2023/3/14/the-march-2023-security-update-review monthly 0.5 2023-03-14 https://www.thezdi.com/blog/2023/2/27/cve-2022-38108-rce-in-solarwinds-network-performance-monitor monthly 0.5 2023-03-02 https://www.thezdi.com/blog/2023/2/16/pwn2own-miami-2023-day-three-results monthly 0.5 2023-03-28 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/909db401-7ced-4337-8a55-02621e830043/P2O_WIN_1.jpg Blog - Pwn2Own Miami 2023 – Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c077d752-c2da-46f7-a0bd-a8eebd92e65f/MicrosoftTeams-image+%289%29.png Blog - Pwn2Own Miami 2023 – Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/61210a73-cf69-44b6-8b60-cfde917c0b39/MicrosoftTeams-image+%287%29.png Blog - Pwn2Own Miami 2023 – Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/76427a7a-2315-4882-8668-c6814cf617a3/MicrosoftTeams-image+%288%29.png Blog - Pwn2Own Miami 2023 – Day Three Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/2/15/pwn2own-miami-2023-day-two-results monthly 0.5 2023-02-15 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/383a604f-4eb7-484f-b801-038a91869d74/MicrosoftTeams-image+%283%29.png Blog - Pwn2Own Miami 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/63383411-799d-4b85-ac8f-0f0cd095a763/MicrosoftTeams-image+%284%29.png Blog - Pwn2Own Miami 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/24b53b8c-e60a-48ef-8ecd-70662f49962f/MicrosoftTeams-image.png Blog - Pwn2Own Miami 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a7ba6c79-758b-4223-9adf-0f6f62a13718/MicrosoftTeams-image+%284%29.png Blog - Pwn2Own Miami 2023 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/2/14/the-february-2023-security-update-overview monthly 0.5 2023-02-14 https://www.thezdi.com/blog/2023/2/14/pwn2own-miami-2023-day-one-results monthly 0.5 2023-02-15 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/65485485-e8b7-4cfc-bcc0-fddb7fcc62ea/Fo71s29XgAAV28x.jpeg Blog - Pwn2Own Miami 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e513e840-4970-457b-add7-f677f0bfb8bf/MicrosoftTeams-image.png Blog - Pwn2Own Miami 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c088401e-5da0-43fb-b2ae-ae631c0bb325/MicrosoftTeams-image+%282%29.png Blog - Pwn2Own Miami 2023 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/2/13/pwn2own-miami-2023-the-full-schedule monthly 0.5 2023-02-15 https://www.thezdi.com/blog/2023/2/6/pwn2owning-two-hosts-at-the-same-time-abusing-inductive-automation-ignitions-custom-deserialization monthly 0.5 2023-02-08 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9731cdf0-880d-4f50-9fbc-e884b88fce52/databinfiles.png Blog - Pwn2Owning Two Hosts at the Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization - Make it stand out Figure 1 - Example of the data.bin files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8843b40f-d88a-4cb9-8f73-8700627714a6/databincontent.png Blog - Pwn2Owning Two Hosts at the Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization - Make it stand out Figure 2 - Fragment of the exemplary data.bin file https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/75698006-c939-4584-b611-6b2060b0160e/deserialization-flow.png Blog - Pwn2Owning Two Hosts at the Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization - Make it stand out Figure 3 - Sample deserialization flow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e1c19dc1-27f8-4a97-b4cb-d9f2d473a16e/samplehandlers.png Blog - Pwn2Owning Two Hosts at the Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization - Make it stand out Figure 4 - Sample deserialization handlers https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/49f5cc55-fe8c-491c-8a82-4a36c0089238/object-deserialization-flow.png Blog - Pwn2Owning Two Hosts at the Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization - Make it stand out Figure 5 - High-level description of the deserialization flow for the ObjectDeserializationHandler handler https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5bc69c1c-5525-4907-81ea-1464304ed08d/project-structure.png Blog - Pwn2Owning Two Hosts at the Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization - Make it stand out Figure 6 - Example of the malicious project structure https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/53be476e-2ef7-4d3b-86a4-c8c3a97039f8/rce-client-error.png Blog - Pwn2Owning Two Hosts at the Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization - Make it stand out Figure 7 - Remote Code Execution on the client - ClassCastException https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4a4070ec-b1f0-4f74-8adb-5bbceb2a41d0/rce-client-clean.png Blog - Pwn2Owning Two Hosts at the Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization - Make it stand out Figure 8 - Remote Code Execution on the client without exception https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3526bbcb-6928-4b85-ad1a-3db71b755b35/revshell.png Blog - Pwn2Owning Two Hosts at the Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization - Make it stand out Figure 9 - Remote Code Execution on the server - reverse shell https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e0d411be-ec99-4a86-a995-bbce683271dd/Picture10.png Blog - Pwn2Owning Two Hosts at the Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization - Make it stand out Figure 10 - Remote Exploitation - Project Import functionality https://www.thezdi.com/blog/2023/1/24/pwn2own-automotive-bringing-researchers-and-auto-manufacturers-together monthly 0.5 2023-01-26 https://www.thezdi.com/blog/2023/1/23/activation-context-cache-poisoning-exploiting-csrss-for-privilege-escalation monthly 0.5 2023-12-07 https://www.thezdi.com/blog/2023/1/18/cve-2022-35690-unauthenticated-rce-in-adobe-coldfusion monthly 0.5 2023-01-19 https://www.thezdi.com/blog/2023/1/11/announcing-pwn2own-vancouver-for-2023 monthly 0.5 2023-02-07 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/05cd0da5-5dad-4e72-8571-3c1bcf34499c/Virtualization.png Blog - Announcing Pwn2Own Vancouver for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b0ebad0d-c29d-436b-ad15-2dd24bce74a5/Browsers.png Blog - Announcing Pwn2Own Vancouver for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7dce1999-0b90-44eb-9eea-9ad5db64703c/EntApps2.png Blog - Announcing Pwn2Own Vancouver for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5a814a93-dc65-4285-a541-c247cfb84db2/Servers.png Blog - Announcing Pwn2Own Vancouver for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5793decb-da94-4488-bd58-5a2681d1bdb8/LocalEoP2.png Blog - Announcing Pwn2Own Vancouver for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d5d236b6-0dc6-48e6-b300-0f651be4e57c/EntComms.png Blog - Announcing Pwn2Own Vancouver for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/bb27426e-643b-40bd-9cfe-5446152d5e8e/Tesla_Tier1.png Blog - Announcing Pwn2Own Vancouver for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ba4f5aac-53af-41de-98ac-f52587ef6ce1/Tesla_AddOn-2.png Blog - Announcing Pwn2Own Vancouver for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0c5b5a8f-e82d-4aeb-9429-e9921ab288b9/Tesla_Tier2.png Blog - Announcing Pwn2Own Vancouver for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/98292f73-91dd-4fb0-9871-398746234f81/Tier3-03.png Blog - Announcing Pwn2Own Vancouver for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ea6f6ff2-3c09-4a17-bab9-d9ebe86c6f81/1000px-Vmware.svg.png Blog - Announcing Pwn2Own Vancouver for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2023/1/10/the-january-2023-security-update-review monthly 0.5 2023-01-10 https://www.thezdi.com/blog/2023/1/4/looking-back-at-the-bugs-of-2022 monthly 0.5 2023-01-05 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ce4f871e-ef45-4e83-b163-35197ffa49b1/Figure2.jpg Blog - Looking Back at the Bugs of 2022 - Make it stand out Figure 1 - Published ZDI Advisories Year-Over-Year https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2c426707-76c4-402b-b692-e4452863c4a6/Figure3.jpg Blog - Looking Back at the Bugs of 2022 - Make it stand out Figure 2 - 0-day Disclosures Since 2005 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6ec866c5-c928-40f4-9dd4-fb47db608e1a/Figure1.jpg Blog - Looking Back at the Bugs of 2022 - Make it stand out Figure 3 - Published advisories per vendor for 2022 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3e3c0a19-5c1e-4a1b-96b2-2e2bb11ed3b5/Figure4.jpg Blog - Looking Back at the Bugs of 2022 - Make it stand out Figure 4 - CVSS 3.0 Scores for Published Advisories in 2022 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a6e28f6d-e90a-4427-a2fd-22848209df7f/Figure5.jpg Blog - Looking Back at the Bugs of 2022 - Make it stand out Figure 5 - Top 10 CWEs from 2022 Published Advisories https://www.thezdi.com/blog/2022/12/15/behind-the-scenes-of-pwn2own-toronto-2022 monthly 0.5 2022-12-15 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f9c56634-0313-4450-8bce-1b0702d51316/MicrosoftTeams-image+%281%29.png Blog - Behind the Scenes of Pwn2Own Toronto 2022 - Make it stand out Targets awaiting configuration https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/49dd4863-339d-4142-8c9c-bf7226962e82/MicrosoftTeams-image+%286%29.png Blog - Behind the Scenes of Pwn2Own Toronto 2022 - Make it stand out All eyes on the primary stage https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1b4da19c-14cc-4499-acd0-05690737c759/Screen+Shot+2022-12-15+at+11.09.16+AM.png Blog - Behind the Scenes of Pwn2Own Toronto 2022 - Make it stand out Ready to be on the clock https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c4648faf-190d-416e-b8e1-afbcb5fd98ad/MicrosoftTeams-image+%284%29.png Blog - Behind the Scenes of Pwn2Own Toronto 2022 - Make it stand out Disclosing bugs after a successful attempt https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1010e842-0fad-4b5e-8123-2654ab2d2f18/MicrosoftTeams-image+%285%29.png Blog - Behind the Scenes of Pwn2Own Toronto 2022 - Make it stand out The Master of Pwn trophy all lit up https://www.thezdi.com/blog/2022/12/13/the-december-2022-security-update-review monthly 0.5 2022-12-14 https://www.thezdi.com/blog/2022/12/9/pwn2own-toronto-2022-day-four-results-and-master-of-pwn monthly 0.5 2022-12-09 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/18beb0fe-3bd6-49d8-8ec9-e919e18b2ce9/MasterOfPwn.jpg Blog - Pwn2Own Toronto 2022 - Day Four Results and Master of Pwn - Make it stand out Final Master of Pwn standings https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0ad01170-b2b1-4f35-953d-3387d49876c1/MicrosoftTeams-image.png Blog - Pwn2Own Toronto 2022 - Day Four Results and Master of Pwn - Make it stand out NCC demonstrates their code execution by dropping their logo on the LCD screen https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/733b3ff3-7932-4e02-b3bd-59ca8c81a60a/MicrosoftTeams-image+%281%29.png Blog - Pwn2Own Toronto 2022 - Day Four Results and Master of Pwn - Make it stand out The Synacktiv ninjas leave the mark on a Canon printer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/596c269f-1928-4d8d-a982-adc5063990ae/MicrosoftTeams-image+%282%29.png Blog - Pwn2Own Toronto 2022 - Day Four Results and Master of Pwn - Make it stand out Chris Anastasio shows off his reverse shell https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5a35b455-e9d9-44b1-ae8d-bf8bdce23d8e/MicrosoftTeams-image+%284%29.png Blog - Pwn2Own Toronto 2022 - Day Four Results and Master of Pwn - Make it stand out ANHTUD shows off the heap-based overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/da9a051e-5b7d-4cfa-b2cb-6675c4c3477e/MicrosoftTeams-image+%283%29.jpeg Blog - Pwn2Own Toronto 2022 - Day Four Results and Master of Pwn - Make it stand out Even a collision can’t stop DEVCORE from becoming Master of Pwn https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8500c9e3-48d1-414c-ad8f-bca29db346ef/MicrosoftTeams-image+%285%29.png Blog - Pwn2Own Toronto 2022 - Day Four Results and Master of Pwn - Make it stand out uid=0 means Sonar took control of this Synology router https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/208e217b-087d-4897-ae08-37dca10e8f3d/MicrosoftTeams-image+%286%29.png Blog - Pwn2Own Toronto 2022 - Day Four Results and Master of Pwn - Make it stand out The namnp team was not surprised with this result https://www.thezdi.com/blog/2022/12/8/pwn2own-toronto-2022-day-three-results monthly 0.5 2023-04-12 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9cb1646a-2251-41a9-b0d4-e323313f7854/STARLabs-Canon.jpg Blog - Pwn2Own Toronto 2022 - Day Three Results - Make it stand out SOHO Smashed! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/140e2967-5fdf-4a24-a8a0-34b7e42e2b0b/BunBo.jpg Blog - Pwn2Own Toronto 2022 - Day Three Results - Make it stand out Anyone else getting a hankering for noodles? https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/74ee766f-4186-4c5e-99ba-317e3ce3e07d/MicrosoftTeams-image+%2822%29.png Blog - Pwn2Own Toronto 2022 - Day Three Results - Make it stand out Taking over the Sonos! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/50771b86-bba9-4478-b2f7-07b8e51cb97f/Viettel-SOHO2.jpg Blog - Pwn2Own Toronto 2022 - Day Three Results - Make it stand out Celebrating the pwn with a little bubbly!! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1534e1ed-3dea-41e8-b575-2bea50f5baca/MicrosoftTeams-image+%2823%29.png Blog - Pwn2Own Toronto 2022 - Day Three Results - Make it stand out 5 Bug Exploit! https://www.thezdi.com/blog/2022/12/7/pwn2own-toronto-2022-day-two-results monthly 0.5 2022-12-09 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/23f30b76-7526-4a32-a45b-60683a6713e5/MicrosoftTeams-image+%2811%29.png Blog - Pwn2Own Toronto 2022 - Day Two Results - Make it stand out We are not camera shy here at Pwn2Own! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f2e5ad04-ff58-494e-a69a-8372b9d84081/MicrosoftTeams-image+%2814%29.png Blog - Pwn2Own Toronto 2022 - Day Two Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3d0366c2-399c-4db7-bfe0-2adf7ca64bef/MicrosoftTeams-image+%2813%29.png Blog - Pwn2Own Toronto 2022 - Day Two Results - Make it stand out Team Viettel (@rskvp93, @_q5ca, @hoangnx99 from @vcslab) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/72930b8d-9220-4aa8-abcb-7d62b343e4a1/MicrosoftTeams-image+%2815%29.png Blog - Pwn2Own Toronto 2022 - Day Two Results - Make it stand out Pwned! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c97345e8-1aaa-4c54-9bdf-b6d1758ef85f/MicrosoftTeams-image+%2816%29.png Blog - Pwn2Own Toronto 2022 - Day Two Results - Make it stand out Lexmark Pwn! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e061270e-ff9b-4c61-8e44-59f2c674ccff/MicrosoftTeams-image+%2817%29.png Blog - Pwn2Own Toronto 2022 - Day Two Results - Make it stand out Sonos Pwned! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1c44dc6b-f2b2-42db-8889-1cc40f04d7ae/SummoningTeam.png Blog - Pwn2Own Toronto 2022 - Day Two Results - Make it stand out Collision! But still earns some coin! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/734b14e7-6f65-4520-87f4-6c9eeea0287c/Viettel2.jpg Blog - Pwn2Own Toronto 2022 - Day Two Results - Make it stand out New branding for the screen! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4a6cca6b-beb3-46e0-814b-3034fe495a68/MicrosoftTeams-image+%2819%29.png Blog - Pwn2Own Toronto 2022 - Day Two Results - Make it stand out Lexmark printer pwned again! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/06a2f614-e3d6-464c-8340-45ece83c6681/Devcore2.jpg Blog - Pwn2Own Toronto 2022 - Day Two Results - Make it stand out A touch of style but unfortunately a collision! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b15ddcaf-c5f6-4c62-aafc-c82c1f613f60/Devcore3.jpg Blog - Pwn2Own Toronto 2022 - Day Two Results - Make it stand out Full win for DEVCORE! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9256ff15-6b9f-430b-87e7-8a4dfd36cfcc/InterruptLabs.png Blog - Pwn2Own Toronto 2022 - Day Two Results - Make it stand out Another poor Galaxy S22 pwned! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ccaedb9c-5759-4081-8a4e-3fe4a0c5b123/MicrosoftTeams-image+%2821%29.png Blog - Pwn2Own Toronto 2022 - Day Two Results - Make it stand out 1+1 = $7.5K! https://www.thezdi.com/blog/2022/12/5/pwn2own-toronto-2022-day-one-results monthly 0.5 2023-02-01 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/44b9ffab-96f2-43b9-864c-22933cc1bfad/MicrosoftTeams-image+%283%29.png Blog - Pwn2Own Toronto 2022 - Day One Results - Make it stand out Qrious Secure targeting the WAN interface of TP-Link AX1800 in the Router category https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2116f410-9599-4f22-926a-d1fd695afe4c/pexels-pixabay-163036.jpg Blog - Pwn2Own Toronto 2022 - Day One Results - Make it stand out Some soothing tunes from some famous plumbers! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/859b17f4-20ce-436b-941a-b01dfb3acbda/MicrosoftTeams-image+%284%29.png Blog - Pwn2Own Toronto 2022 - Day One Results - Make it stand out Command injection attack against the WAN interface of a Synology RT6600ax. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/738803e0-7cdd-4a47-b176-1a3c77151c79/MicrosoftTeams-image+%285%29.png Blog - Pwn2Own Toronto 2022 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ea879b77-7c77-4507-8f2b-0b549c3c3759/StarLabs.png Blog - Pwn2Own Toronto 2022 - Day One Results - Make it stand out Great taste in music! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/24301c72-e449-44c3-85de-adbf83f11475/CHIM.png Blog - Pwn2Own Toronto 2022 - Day One Results - Make it stand out Gotta love that calc! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/18d4e45f-9127-495e-a127-550166b27f0c/DevCore.jpg Blog - Pwn2Own Toronto 2022 - Day One Results - Make it stand out Pretty sure it’s obvious who Pwned this! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/51f02756-020d-47ad-8c32-8a1704507c88/Claroty.png Blog - Pwn2Own Toronto 2022 - Day One Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/309f9676-f623-4611-92a5-cd4f87222d80/Viettel.jpg Blog - Pwn2Own Toronto 2022 - Day One Results - Make it stand out Pwning in style! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c522e344-8217-417a-854d-c773b7a415e0/Sefcom.png Blog - Pwn2Own Toronto 2022 - Day One Results - Make it stand out A collision, but still good stuff! https://www.thezdi.com/blog/2022/12/5/pwn2own-toronto-2022-the-schedule monthly 0.5 2022-12-09 https://www.thezdi.com/blog/2022/11/30/pwn2own-returns-to-miami-beach-for-2023 monthly 0.5 2023-02-07 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/58fff0ba-7d6e-42d6-85cc-2c95cb5a0a97/UPC-UA-Server1.png Blog - Pwn2Own Returns to Miami Beach for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/873d7a79-5df8-4be7-8274-f1456b010e4d/Tables-OPC-UC-Client2.jpg Blog - Pwn2Own Returns to Miami Beach for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/de2cba66-252d-442e-a3ef-6a231cdbde89/Tables-DataGateway.jpg Blog - Pwn2Own Returns to Miami Beach for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/16f4a0fc-0e8f-4642-ad84-ea91592a8b31/Tables-Edge.jpg Blog - Pwn2Own Returns to Miami Beach for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3665548a-8ecf-4bf9-ad98-2f5757f849c2/TRM_9125_txOne_Logo_FullColour.png Blog - Pwn2Own Returns to Miami Beach for 2023 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2022/11/22/cve-2022-40300-sql-injection-in-manageengine-privileged-access-management monthly 0.5 2023-05-05 https://www.thezdi.com/blog/2022/11/14/control-your-types-or-get-pwned-remote-code-execution-in-exchange-powershell-backend monthly 0.5 2022-11-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e78b295f-4003-4fda-b888-999479ad3fe9/1+services-authentication.png Blog - Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend - Make it stand out Figure 1 - Legacy authentication in Exchange services, source: https://learn.microsoft.com/ https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/39abe93d-084f-4e0b-8867-695111310a5f/2+debugger-exception.png Blog - Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend - Make it stand out Figure 2 - Deserialization leading to the retrieval of the XamlReader Type https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d662ac97-30bb-4fa6-abe9-1e3af92a571d/3+debugger-memberset.png Blog - Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend - Make it stand out Figure 3 - PSMemberSet retrieved for the System.ServiceProcess.ServiceController type https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ca8aedc4-873c-4ca1-99e2-85d4318ba82e/4+debugger-xamlreader.png Blog - Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend - Make it stand out Figure 4 - Retrieved XamlReader type https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/47df0040-ce79-4197-a5de-b105a1e8b610/5+debugger-convertTo.png Blog - Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend - Make it stand out Figure 5 - Debugging of the ConvertTo method - resultType https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/349280ce-dba3-4952-9d07-a4f58683c246/6+debugger-convertTo-2.png Blog - Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend - Make it stand out Figure 6 - Debugging of the ConvertTo method - valueToConvert https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/54ae6aed-897d-4179-b5d8-affb0e505b26/7+Picture1.png Blog - Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend - Make it stand out Figure 7 – Debugging the LanguagePrimitives.FigureParseConversion method https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b194bd6f-ca55-4ae5-a19b-b5c19a3e0049/8+debugger-parse.png Blog - Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend - Make it stand out Figure 8 - Execution of the XamlReader.Parse method https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8adba186-5a63-444d-b177-f61bccb62db8/9+rce.png Blog - Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend - Make it stand out Figure 9 - Remote Code Execution through the Exchange PowerShell backend https://www.thezdi.com/blog/2022/11/8/the-november-2022-security-update-review monthly 0.5 2022-11-09 https://www.thezdi.com/blog/2022/10/28/vulnerabilities-in-apache-batik-default-security-controls-ssrf-and-rce-through-remote-class-loading monthly 0.5 2022-10-31 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/aa62a43a-a03f-461b-8b38-251aa6a3940a/pocJar.png Blog - Vulnerabilities in Apache Batik Default Security Controls – SSRF and RCE Through Remote Class Loading - Make it stand out Figure 1 - Code Execution through remote JAR loading https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/97e58c9a-fc54-4527-adb2-8b69076df930/pocEcma.png Blog - Vulnerabilities in Apache Batik Default Security Controls – SSRF and RCE Through Remote Class Loading - Make it stand out Figure 2 - Code Execution through ECMAScript https://www.thezdi.com/blog/2022/10/19/cve-2022-3236-sophos-firewall-user-portal-and-web-admin-code-injection monthly 0.5 2022-10-19 https://www.thezdi.com/blog/2022/10/11/the-october-2022-security-update-review monthly 0.5 2022-10-11 https://www.thezdi.com/blog/2022/9/19/mindshare-analyzing-bsd-kernels-with-binary-ninja monthly 0.5 2022-09-21 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/045cf7e8-18fe-48b9-8199-d4936fd20261/Fig1.png Blog - MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja - Make it stand out Figure 1 - Patch for sys_getcontext() information disclosure. Vulnerable code appears on the right. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/324465b0-33f8-44e9-8728-35e6d30f6af7/Fig2.png Blog - MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja - Make it stand out Figure 2 - sys_getcontext() invoking copyout(kaddr, uaddr, len) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e416b5d4-0a05-4bef-b96c-7ae539765916/Fig3.png Blog - MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja - Make it stand out Figure 3 - LLIL_STORE operation in freebsd32_sigtimedwait() https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/17dfb298-c545-4b84-87e0-5e00aeadfd2f/Fig4.png Blog - MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja - Make it stand out Figure 4 - Clearing stack memory using bzero() https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/94f72314-f262-4754-835d-92ada43709c9/Fig5.png Blog - MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja - Make it stand out Figure 5 - memcpy() optimized to REP instruction https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/584df43a-426f-4d1e-a2eb-23f2da6ed91d/Fig6.png Blog - MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja - Make it stand out Figure 6 - REP instruction translation in MLIL https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0e3e0569-0474-4d40-b1b7-79040e537611/Fig7.png Blog - MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja - Make it stand out Figure 7 - An example memset() optimization from NetBSD https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8d670668-4a02-44d1-9bb3-a09d947dfd08/Fig8.png Blog - MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja - Make it stand out Figure 8 - Dynamic memory allocation in sys_statfs() https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f9020687-3f6d-4549-abfd-36fda43d3708/Fig9.png Blog - MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja - Make it stand out Figure 9 - Graph demonstrating dominators and post dominators https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/83d86b5d-90da-4ff4-971d-5f757920f35f/Fig10.png Blog - MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja - Make it stand out Figure 10 - Dominators of basic block calling copyout() https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/25c124fd-3de1-4b2c-8ee5-3d33266feca4/Fig11.png Blog - MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja - Make it stand out Figure 11 - Post dominators of function entry block in do_sys_waitid() https://www.thezdi.com/blog/2022/9/13/the-september-2022-security-update-review monthly 0.5 2022-10-10 https://www.thezdi.com/blog/2022/9/7/riding-the-inforail-to-exploit-ivanti-avalanche-part-2 monthly 0.5 2022-09-08 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/45838668-88a2-4f0d-874c-2fee06277f98/1-JwtTokenUtility_calls.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche – Part 2 - Make it stand out Figure 1 - Example invocations of JwtTokenUtility non-default constructor https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/113aaf6c-6eb3-4126-8622-4f3210cad687/2-FileRead.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche – Part 2 - Make it stand out Figure 2 - Example scenario for the Arbitrary File Read exploitation https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/04e6fe8f-a3fe-4c5d-9bea-35d1e9b04ad2/3-FileReadExploitation_1.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche – Part 2 - Make it stand out Figure 3 - Exploitation of the Arbitrary File Read scenario https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/61b94b0e-c08a-47b6-9084-db83c31a91c0/4-FileReadExploitation_2.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche – Part 2 - Make it stand out Figure 4 - Exploitation of the Arbitrary File Read scenario - results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2b479f52-9b3d-4a43-8316-14fc979906de/5-FileWrite.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche – Part 2 - Make it stand out Figure 5 - Example scenario for the Arbitrary File Write scenario https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9ba01749-c0fb-4ff5-ae2b-3316dba4d696/6-FileWriteExploitation_1.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche – Part 2 - Make it stand out Figure 6 - Exploitation of the Arbitrary File Write scenario https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8c0db445-4262-4990-9d03-720330a85bd5/7-FileWriteExploitation_2.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche – Part 2 - Make it stand out Figure 7 - Executing arbitrary code via the webshell https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/25dc46fd-1467-42ac-962c-26665742cef0/8-webshell.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche – Part 2 - Make it stand out Figure 8 - Remote Code Execution with the uploaded webshell https://www.thezdi.com/blog/2022/8/31/cve-2022-34715-more-microsoft-windows-nfs-v4-remote-code-execution monthly 0.5 2022-09-06 https://www.thezdi.com/blog/2022/8/29/announcing-pwn2own-toronto-2022-and-introducing-the-soho-smashup monthly 0.5 2022-11-29 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/df4e6e3d-6d45-4d8e-8195-26fe46fbea61/Tables-Phone.jpg Blog - Announcing Pwn2Own Toronto 2022 and Introducing the SOHO Smashup! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8afc28da-3a42-4305-9cef-e009f356fff2/Tables-Routers.jpg Blog - Announcing Pwn2Own Toronto 2022 and Introducing the SOHO Smashup! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/238dfc98-6960-4c54-8f3e-42eb4e1d9511/Tables-Automation.jpg Blog - Announcing Pwn2Own Toronto 2022 and Introducing the SOHO Smashup! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9dc375b5-08ad-4839-af43-b41c9bc45bbe/Tables-PrinterNo.jpeg Blog - Announcing Pwn2Own Toronto 2022 and Introducing the SOHO Smashup! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1a0d67fc-712f-4678-87f4-ca5b4a9797c3/Tables-LatestSpeaker.jpg Blog - Announcing Pwn2Own Toronto 2022 and Introducing the SOHO Smashup! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d353e8c3-546a-4baa-8df4-7b17a717e08b/Tables-NAS3.jpg Blog - Announcing Pwn2Own Toronto 2022 and Introducing the SOHO Smashup! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/307047c8-2aef-49a7-a0e3-a09b989fe6f0/Tables-Draft-no.jpg Blog - Announcing Pwn2Own Toronto 2022 and Introducing the SOHO Smashup! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/084b8c74-0679-4663-bd14-60e89d895420/Synology_logo_Standard.png Blog - Announcing Pwn2Own Toronto 2022 and Introducing the SOHO Smashup! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/04d4e81d-5d58-4d65-b459-a394e7491718/Google-logo.png Blog - Announcing Pwn2Own Toronto 2022 and Introducing the SOHO Smashup! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2022/8/23/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-2 monthly 0.5 2022-08-24 https://www.thezdi.com/blog/2022/8/17/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-1 monthly 0.5 2022-08-18 https://www.thezdi.com/blog/2022/8/11/new-disclosure-timelines-for-bugs-from-faulty-patches monthly 0.5 2022-08-11 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a423fea7-f7fc-4b6c-8bd8-60e0b7dd8b1d/Twitter+Image+-+Patch+Blog-30_60_90+Days.png Blog - New Disclosure Timelines for Bugs Resulting from Incomplete Patches - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2022/8/9/the-august-2022-security-update-review monthly 0.5 2022-08-10 https://www.thezdi.com/blog/2022/7/25/looking-at-patch-gap-vulnerabilities-in-the-vmware-esxi-tcpip-stack monthly 0.5 2022-07-27 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f3efa8d3-3c26-4199-9cc1-ce3e0956f100/Fig1.png Blog - Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack - Make it stand out Figure 1 - VMkernel module before (left) and after (right) adding FreeBSD type information https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6f9695c2-e9dd-4938-927f-89ccc885bf0e/Fig2.png Blog - Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack - Make it stand out Figure 2 - List of VMkernel debug symbols available in VMware Workbench https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b28e3acc-0c3f-4216-b32d-fa29354eaa77/Fig3.png Blog - Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack - Make it stand out Figure 3 - TCP/IP module before (left) and after (right) adding VMkernel type information https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/15bb5d1e-7230-42ac-ac2d-abeea6596990/Fig4.png Blog - Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack - Make it stand out Figure 4 - ESXi Patch Tracker with VIBs https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/09304e0c-50e1-4c1d-8831-cec6aed77661/Fig5.png Blog - Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack - Make it stand out Figure 5 - Bindiff between ESXi 6.7.0 8169922 and 8941472 https://www.thezdi.com/blog/2022/7/19/riding-the-inforail-to-exploit-ivanti-avalanche monthly 0.5 2022-07-19 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/29c294f3-d61f-4084-af18-b1cfc75110be/services.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche - Make it stand out Figure 1 - Ivanti Avalanche Services https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a329b128-ab60-4efb-afb9-ef5ab83026ee/communication.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche - Make it stand out Figure 2 - Inter-Services communication https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/11261455-4162-463b-87cd-55d3adcd7001/message-struct.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche - Make it stand out Figure 3 - Message Structure https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/aacdccef-f2fa-4297-831f-9145aa2d7730/InfoRailLogs.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche - Make it stand out Figure 4 InfoRail Log Files – Dropping the Unauthenticated Message https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/72e823f9-145e-4db6-a930-c511f48112de/regMessage.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche - Make it stand out Figure 5 - Fragment of an Exemplary Registration Message https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fa30bc67-843a-4445-8b54-947e0c2ac043/statServerExploitation.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche - Make it stand out Figure 6 - StatServer Exploitation - Upload of Web shell https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3dd4a8d2-4bea-4f8b-8a7e-8219403e623e/statServerWebshell.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche - Make it stand out Figure 7 - StatServer Exploitation - Webshell and Command Execution https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b84af0fe-eed6-4dbf-97c4-a77a29fdaf7d/webFileServerJars.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche - Make it stand out Figure 8 - Web File Server - Tomcat JARs https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e0facbae-5ad1-4e0a-8f33-77046007f359/rogueJndi.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche - Make it stand out Figure 9 - Setup of Rogue Jndi https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6d425cc7-23a3-4acf-a4f3-20df93c0f71b/lookupPerformed.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche - Make it stand out Figure 10 - Triggered JNDI Lookup https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/65916c92-6096-4c64-af37-0cf448ae65db/authenticationScheme.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche - Make it stand out Figure 11 - Authentication Scheme https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/103612fa-3d0b-411c-a9bf-d27678da7636/race3.png Blog - Riding the InfoRail to Exploit Ivanti Avalanche - Make it stand out Figure 12 - Race Condition Scheme https://www.thezdi.com/blog/2022/7/13/cve-2022-30136-microsoft-windows-network-file-system-v4-remote-code-execution-vulnerability monthly 0.5 2022-07-14 https://www.thezdi.com/blog/2022/7/12/the-july-2022-security-update-review monthly 0.5 2022-07-12 https://www.thezdi.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack monthly 0.5 2022-06-16 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/96f54948-178f-4f98-b457-1a5164002213/Img1.png Blog - CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack - Make it stand out Figure 1 - The Options Buffer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/47a195b3-3c96-41e3-b761-dcd2c87c5b7c/Img2.png Blog - CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack - Make it stand out Figure 2 - The Big Picture https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a0e3a398-cc73-4ba7-9357-bbb361f6a355/Img3.png Blog - CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack - Make it stand out Figure 3 - Frame 1 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/64b7b695-d650-4a12-87f4-e11de4e7400b/Img4.png Blog - CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack - Make it stand out Figure 4 - Frame 1 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/989766bb-9c3a-4a13-81ba-adf149029779/Img5.png Blog - CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack - Make it stand out Figure 5 - Frame 2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e9a04afe-8984-4f2d-9f89-190dc6706b49/Img6.png Blog - CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack - Make it stand out Figure 6 - Our writable view of sta_input() https://www.thezdi.com/blog/2022/6/14/the-june-2022-security-update-review monthly 0.5 2022-06-14 https://www.thezdi.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow monthly 0.5 2022-06-08 https://www.thezdi.com/blog/2022/6/1/is-exploiting-a-null-pointer-deref-for-lpe-just-a-pipe-dream monthly 0.5 2022-07-11 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1e598060-9d28-40d8-b756-b94c20688a20/fig+1+pipelist.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 1 – Output of the pipelist utility from the Sysinternals tool suite. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3a3c8562-fd97-49c1-b407-3d2a833051a8/fig+2+bdservicehost+pipes.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 2 – List of named pipes used by bdservicehost.exe https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a1a2731b-e7a2-4b5d-8ada-06c48dd40043/fig+3+bitdefender+GUI.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 3 - Bitdefender Total Security GUI https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c552c2c3-c624-40f5-a9f3-26738e9152ea/fig+4+sending.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 4 - Connection from client to our named pipe server https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/97eb28ca-7d61-408e-97db-140e1eebdc98/fig+5+client+connection+closed+.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 5 - Pipe client disconnects after sending data to it https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/da4bc68c-1d37-498a-a3f3-1c404b6407e9/fig+6+process+failure+prompt.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 6 - Bitdefender telling us that we broke something. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/72a4b0af-4fe8-43a9-9e90-d767bec24ffd/fig+7+bdreinit+write+lowpriv+log.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 7 – Process Monitor showing crash dump files being created by BDReinit.exe. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e511933b-1c4a-4747-8b50-7f1fa2b8d473/fig+8+temp+dir+DACL.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 8 - Permissions of the directory storing the dump files. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6b60fc00-b459-4d19-9916-d0a181bc1944/fig+9+crash+dump.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 9 - NULL pointer dereference: CVE-2021-4198 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/161bcae0-b61f-4b03-9260-162085c00135/fig+10+bdreinit+write+system+log.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 10 - Process Monitor showing crash dump files being created by BDReinit.exe, this time running as SYSTEM. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/136f5c29-c79b-4107-b2e5-53d4af682da0/fig+11+bdch_dacl.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 11 - Read and write access for everyone https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e1f0e1e5-7a13-454b-9ae2-e1970ac64d5d/fig+12+Vuln+Scan.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 12 - Kicking off a vulnerability scan https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/242286fc-de4b-43d7-a7b2-1815321710e4/fig+13+setsecurityfile.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4a0c3f9e-6d96-45ca-bd3d-4c306146e8d0/fig+13+bdreinit+SYSTEM.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 13 - BDReinit.exe ACL write after crashing Vulnerability.scan.exe https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/866ee74d-3832-4e5d-98c5-2a44ef981804/fig+14+symlink+creation.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 14 - Creating Symbolic link https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a6507460-d470-4918-8651-f056b4289fd5/fig+15+reparse.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 15 - Redirecting BDReinit.exe DACL write https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d7c39998-bcb0-4e14-b65d-d190e232ed3b/fig+16+load+modified+dll+as+SYSTEM.jpg Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 16 - Svchost.exe Loading modified DLL https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8a539e97-af0b-41da-8efb-b1afe05156d6/MicrosoftTeams-image.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 17 - Putting it all together https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0eed5e39-c499-41ca-b8ca-2b953f46326e/fig+17+delete+reparse.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 18- Log of BDReinit.exe arbitrary file deletion PoC https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c6f47c51-8823-4635-98b4-1b1d1f7e7b6e/fig+18+Temp+folder+everyone+ACL.png Blog - Is exploiting a null pointer deref for LPE just a pipe dream? - Make it stand out Figure 19 - Unrestricted file permissions https://www.thezdi.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results monthly 0.5 2022-05-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a9d0fd0c-4adb-4273-bd96-e6fa9eeecd40/MOP+Leaderboard.png Blog - Pwn2Own Vancouver 2022 - The Results - Make it stand out Current as of May 20, 12:00 Pacific https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e1809e7d-9e47-4098-8ed9-cb826cfb21b5/Teams1.jpg Blog - Pwn2Own Vancouver 2022 - The Results - Make it stand out Hector “p3rr0” Peralta demonstrates a improper configuration bug on Microsoft Teams by launching calc. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e30eace0-cf3e-4ac5-a753-924ae386aa9e/20220518_122926.jpg Blog - Pwn2Own Vancouver 2022 - The Results - Make it stand out Manfred Paul (left) demonstrates his 2 bug vulnerability submission on Mozilla Firefox to ZDI Analysts Hossein Lotfi and Michael DePlante. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c5595cf5-442d-40c1-b748-7a10d2a461fb/TeamOrca.jpg Blog - Pwn2Own Vancouver 2022 - The Results - Make it stand out Team Orca of Sea Security successfully demonstrates their OOBW and UAF on Ubuntu Desktop. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e50313a2-fc09-48f7-9edf-30b8c5bbdc99/20220519_101131+%28002%29.jpg Blog - Pwn2Own Vancouver 2022 - The Results - Make it stand out First attempt of the day at Tesla. From left to right: 2 representatives from Tesla (standing and seated), ZDI Analyst Michael DePlante, Sr. Director of Vulnerability Research (ZDI) Brian Gorenc, David BERARD and Vincent DEHORS of Synacktiv. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/144709d7-0bf3-4a01-be3f-a9212f15456e/Pham.jpg Blog - Pwn2Own Vancouver 2022 - The Results - Make it stand out Local elevation of privilege on Ubuntu Desktop courtesy of Bien Pham. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a0c66d03-e52d-4359-978c-14011b4b0661/TUTELARY.jpg Blog - Pwn2Own Vancouver 2022 - The Results - Make it stand out From left: Yueqi Chen of Team TUTELARY of Northwestern University with ZDI Analysts Tony Fuller and Bobby Gould. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/72114431-2129-443b-972f-5390e92b8fac/vietel.jpg Blog - Pwn2Own Vancouver 2022 - The Results - Make it stand out EOP via Integer Overflow on Windows 11 courtesy of nghiadt12 from Viettel Cyber Security https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/498605c5-6102-448d-8fad-bf6a837c5d2e/brunoattempt.jpg Blog - Pwn2Own Vancouver 2022 - The Results - Make it stand out Bruno PUJOS from REverse Tactics drops an EOP via UAF on Microsoft Windows 11. https://www.thezdi.com/blog/2022/5/17/pwn2own-vancouver-2022-the-schedule monthly 0.5 2022-05-17 https://www.thezdi.com/blog/2022/5/10/the-may-2022-security-update-review monthly 0.5 2022-05-10 https://www.thezdi.com/blog/2022/5/3/what-to-expect-when-exploiting-a-guide-to-pwn2own-participation monthly 0.5 2022-05-04 https://www.thezdi.com/blog/2022/4/14/pwn2own-miami-2022-results monthly 0.5 2022-11-30 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ac09a040-67b8-4a01-8270-9b219531767b/MicrosoftTeams-image+%2819%29.png Blog - Pwn2Own Miami 2022 Results - Make it stand out Daan Keuper (center left) and Thijs Alkemade receive their Master of Pwn jackets and trophy from ZDI’s Dustin Childs (far left) and ZDI Director Brian Gorenc https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/16ea5abc-8c7a-46a6-8047-43faf6b7a1e6/MoP+Standings-24.jpg Blog - Pwn2Own Miami 2022 Results - Make it stand out Final Master of Pwn standings https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ff1dc62a-3d30-4a2f-8bfc-78cc99a00a71/MicrosoftTeams-image.png Blog - Pwn2Own Miami 2022 Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/ff15daeb-de48-4151-bc11-2b6564fd2fc1/MicrosoftTeams-image+%282%29.png Blog - Pwn2Own Miami 2022 Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8d59f8a3-97f3-4e53-ae64-d5671ca632e6/MicrosoftTeams-image+%283%29.png Blog - Pwn2Own Miami 2022 Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e27095db-4f94-4e14-87d6-4223d98d39fe/MicrosoftTeams-image+%284%29.png Blog - Pwn2Own Miami 2022 Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a65cc4b3-e6ce-4fc2-890c-025be187fec3/MicrosoftTeams-image+%285%29.png Blog - Pwn2Own Miami 2022 Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/55740452-1ecf-4250-abfe-62d5fb8444c5/MicrosoftTeams-image+%286%29.png Blog - Pwn2Own Miami 2022 Results - Make it stand out Thijs Alkemade (left) and Daan Keuper from Computest Sector 7 watch their exploit run https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/651dc618-ec27-4102-b03c-a28f69925dc4/MicrosoftTeams-image+%287%29.png Blog - Pwn2Own Miami 2022 Results - Make it stand out ZDI analyst Peter Girnus (left) confers with Sharon Brizinov of the Claroty Research team https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d69f0b92-b550-4563-825b-689863c8acf4/MicrosoftTeams-image+%288%29.png Blog - Pwn2Own Miami 2022 Results - Make it stand out The Incite Team of Chris Anastasio (far left) and Steve Seeley watch their attempt as ZDI analysts Michel DePlante and Joshua Smith observe. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4b1d83fc-ba24-4570-a9d2-50ffdc1770e7/MicrosoftTeams-image+%2811%29.png Blog - Pwn2Own Miami 2022 Results - Make it stand out Piotr Bazydło participates remotely as he discusses his exploit with ZDI analyst Tony Fuller https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6c3b6651-77d6-49d9-ae48-c236691bea75/MicrosoftTeams-image+%2812%29.png Blog - Pwn2Own Miami 2022 Results - Make it stand out Thijs Alkemade (left) and Daan Keuper of Computest Sector 7 review their exploit as ZDI analyst Mat Powell watches the results. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3d4eacdd-46dc-420a-a254-a3aad9609bab/MicrosoftTeams-image+%2813%29.png Blog - Pwn2Own Miami 2022 Results - Make it stand out Radek Domanski (left) and Pedro Ribeiro watch their exploit as ZDI members Tony Fuller, Brian Gorenc, and Bobby Gould observe https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/6c052c3e-6922-404d-8bbc-7de6200e33f6/MicrosoftTeams-image+%2814%29.png Blog - Pwn2Own Miami 2022 Results - Make it stand out Uri Katz (left) and Sharon Brizinov of Claroty Research work with ZDI analysts Michel DePlante and Tony Fuller to prepare their exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e461f048-5291-4954-a4db-eebef1317f8f/MicrosoftTeams-image+%2816%29.png Blog - Pwn2Own Miami 2022 Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/270ea43e-af6a-4641-bca5-36fc91695dad/MicrosoftTeams-image+%2817%29.png Blog - Pwn2Own Miami 2022 Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2022/4/14/p2omiami-2022-schedule monthly 0.5 2022-04-19 https://www.thezdi.com/blog/2022/4/11/the-april-2022-security-update-review monthly 0.5 2022-04-12 https://www.thezdi.com/blog/2022/4/7/cve-2022-26381-gone-by-others-triggering-a-uaf-in-firefox monthly 0.5 2022-04-07 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2f6ea159-bc54-4a50-96b0-162ddc7c845f/crash_point_ida.png Blog - CVE-2022-26381: Gone by others! Triggering a UAF in Firefox - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fabae0c7-e903-4645-9dc4-d922713a92c1/crash-asan_break_down_1.png Blog - CVE-2022-26381: Gone by others! Triggering a UAF in Firefox - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/733e3282-d746-44b7-9830-cc9d4d05be37/crash-asan_break_down_1_src.png Blog - CVE-2022-26381: Gone by others! Triggering a UAF in Firefox - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/41c85341-28c3-4831-9727-cf76688f85fa/object_free_stack_trace.png Blog - CVE-2022-26381: Gone by others! Triggering a UAF in Firefox - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/fee27382-22dc-427c-a05d-5481f37b3517/object_use_stack_trace.png Blog - CVE-2022-26381: Gone by others! Triggering a UAF in Firefox - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7ae991b3-7ab9-42fd-a0ba-c62f32140284/object_addr.png Blog - CVE-2022-26381: Gone by others! Triggering a UAF in Firefox - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4f7b04fb-98da-4376-9e0a-c75c4c3f143f/objects_in_loop.png Blog - CVE-2022-26381: Gone by others! Triggering a UAF in Firefox - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8f790ab5-93f0-4d17-8c4b-3617d3756f05/first_iteration.png Blog - CVE-2022-26381: Gone by others! Triggering a UAF in Firefox - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/941e70a5-f2f8-4976-b663-15674cc8cd85/all_objects_deleted.png Blog - CVE-2022-26381: Gone by others! Triggering a UAF in Firefox - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0dc96e25-5308-4c83-8fac-f912bd90cc0b/second_iteration.png Blog - CVE-2022-26381: Gone by others! Triggering a UAF in Firefox - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/97dea0a1-3f71-4e8d-ba54-d02dd889e215/fix.png Blog - CVE-2022-26381: Gone by others! Triggering a UAF in Firefox - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks monthly 0.5 2024-09-03 https://www.thezdi.com/blog/2022/3/8/the-march-2022-security-update-review monthly 0.5 2022-03-08 https://www.thezdi.com/blog/2022/2/22/clang-checkers-and-codeql-queries-for-detecting-untrusted-pointer-derefs-and-tainted-loop-conditions monthly 0.5 2022-02-23 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f0430f33-eed8-444b-9ca7-5f5cd0c4ed29/Fig1.png Blog - Clang Checkers and CodeQL Queries for Detecting Untrusted Pointer Derefs and Tainted Loop Conditions - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/66fbd0d4-a3cb-46cb-8342-6c292f25f298/Fig2.png Blog - Clang Checkers and CodeQL Queries for Detecting Untrusted Pointer Derefs and Tainted Loop Conditions - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/34afb056-d2f5-4699-a801-9efec4816474/Fig3.png Blog - Clang Checkers and CodeQL Queries for Detecting Untrusted Pointer Derefs and Tainted Loop Conditions - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a67addad-3ed2-4e68-8421-9b886511c31e/Fig4.png Blog - Clang Checkers and CodeQL Queries for Detecting Untrusted Pointer Derefs and Tainted Loop Conditions - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0d36faf1-2988-4479-a0f7-ec792107b229/Fig5.png Blog - Clang Checkers and CodeQL Queries for Detecting Untrusted Pointer Derefs and Tainted Loop Conditions - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a3b90489-4e20-43ed-973e-c2412007e455/Fig6.png Blog - Clang Checkers and CodeQL Queries for Detecting Untrusted Pointer Derefs and Tainted Loop Conditions - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2022/2/14/static-taint-analysis-using-binary-ninja-a-case-study-of-mysql-cluster-vulnerabilities monthly 0.5 2022-02-15 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c18308d2-f241-4fc0-a8d1-1f48074dcad3/Fig1.png Blog - Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e35131e8-5851-4a3d-a588-10b5bef5e210/Fig2.png Blog - Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0cf29020-fbaf-46b0-8606-408c39025cb9/Fig3.png Blog - Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/24afd514-1dc9-4daf-8c00-b018388656ab/Fig4.png Blog - Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4fb7d84c-6236-4f2e-a7ea-0144d3ca07bd/Fig5.png Blog - Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/79aefdb7-9c8e-47de-be1a-0955d8704017/Fig6.png Blog - Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/605ac207-43be-4f80-9265-7d0b914d2e70/Fig7.png Blog - Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3167af65-de8c-45fe-b787-fb379f8ae766/Fig8.png Blog - Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/c4f9de03-9cf6-4581-90b3-42ce9b91771d/Fig9.png Blog - Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0e33f361-d091-4520-bc30-78f12371be8e/Fig10.png Blog - Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/4ec60823-4de5-48a8-85cf-0201ddbf9e75/Fig11.png Blog - Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/37b272f4-9cf9-4c3d-af9e-298c763e3498/Fig12.png Blog - Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2022/2/10/mindshare-when-mysql-cluster-encounters-taint-analysis monthly 0.5 2022-02-10 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/bd64ae32-afe3-4e43-b6e1-b6dfe0872046/Picture1.png Blog - MindShaRE: When MySQL Cluster Encounters Taint Analysis - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b677f5f8-3cd7-49ea-aff4-fe9e76d00379/Picture2.png Blog - MindShaRE: When MySQL Cluster Encounters Taint Analysis - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2022/2/8/the-february-2022-security-update-review monthly 0.5 2022-02-09 https://www.thezdi.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin monthly 0.5 2022-02-01 https://www.thezdi.com/blog/2022/1/25/cve-2021-44790-code-execution-on-apache-via-an-integer-underflow monthly 0.5 2022-01-25 https://www.thezdi.com/blog/2022/1/20/looking-back-at-the-zero-day-initiative-in-2021 monthly 0.5 2022-01-20 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/11fd539f-a4b9-4ff8-93f9-b1c74bdd6d1b/Figure1.jpg Blog - Looking Back at the Zero Day Initiative in 2021 - Make it stand out Figure 1 - Published Advisories Year-Over-Year https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a1e4a40c-6d8f-433b-ab91-c438fb5e5617/Figure2.jpg Blog - Looking Back at the Zero Day Initiative in 2021 - Make it stand out Figure 2 - 0-day Disclosures Since 2005 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/0314c695-85d2-40ee-bbde-cac13778afa6/Figure2-5.jpg Blog - Looking Back at the Zero Day Initiative in 2021 - Make it stand out Figure 3 - Advisories per vendor for 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/308d354b-2fd1-4f56-9bb5-1a83cacf00c7/Figure3.jpg Blog - Looking Back at the Zero Day Initiative in 2021 - Make it stand out Figure 4 - CVSS 3.0 Scores for Published Advisories in 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/577e5af1-aa50-449f-95c1-47b4d326c9a8/Figure4.jpg Blog - Looking Back at the Zero Day Initiative in 2021 - Make it stand out Figure 5 - CVSS Scores from 2015 through 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f373fc4a-d6a9-4db3-9764-e89737d323ad/Figure5.jpg Blog - Looking Back at the Zero Day Initiative in 2021 - Make it stand out Figure 6 - Top 10 CWEs from 2021 Published Advisories https://www.thezdi.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection monthly 0.5 2022-01-31 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/cc686458-204f-45bc-9dc1-7fbf0ebed1f6/Picture1.png Blog - CVE-2022-21661: Exposing Database Info via WordPress SQL Injection - Make it stand out Figure 6 - PoC output https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/68aaf5e8-9bd7-439e-9456-05c08998a670/Picture2.jpg Blog - CVE-2022-21661: Exposing Database Info via WordPress SQL Injection - Make it stand out Figure 7 - The clean_query method of wordpress/wp-includes/class-wp-tax-query.php https://www.thezdi.com/blog/2022/1/12/pwn2own-vancouver-2022-luanch monthly 0.5 2022-01-13 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/b4578266-7e6d-4955-afc1-b15894290e6d/Virtualization.png Blog - Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/55e2511f-b2cf-4466-87eb-ea0661c4d21a/Browsers-2.png Blog - Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/040d7f6e-e266-416e-8ca4-af8e8cbe36a8/EnterpriseApps.png Blog - Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/08a8965e-d2e1-4152-8439-e9399d16d188/Servers-2.png Blog - Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/946e56bd-027f-4f74-8e8e-7e4d112675c0/EoP.png Blog - Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/87674ad7-4000-48c0-9882-58212903d793/EnterpriseComms.png Blog - Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/783b5822-ea70-4a01-ab21-1f8c6507957a/Tesla_Tier1.png Blog - Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8fe8dbaa-1860-4904-b8a7-4256e4c47a14/Tesla_AddOn-2.png Blog - Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/af365911-89a4-47d3-93f5-8357d624a86b/Tesla_Tier2.png Blog - Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/07e8a2f0-c172-4b56-b975-2596c82d5b13/Tesla_Tier3-2.png Blog - Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/5ea1abef-eb89-4431-b5dc-88de27042f22/Zoom+-+Blue.png Blog - Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/e908aa0e-a728-48e8-b5df-ce04bbd078e7/Microsoft-Logo-700x394.png Blog - Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3448f998-4a81-4343-b994-ada8f32a6611/1000px-Vmware.svg.png Blog - Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2022/1/11/the-january-2022-security-update-review monthly 0.5 2022-01-26 https://www.thezdi.com/blog/2022/1/5/the-top-5-bugs-submitted-in-2021 monthly 0.5 2022-01-06 https://www.thezdi.com/blog/2021/12/17/cve-2021-45105-denial-of-service-via-uncontrolled-recursion-in-log4j-strsubstitutor monthly 0.5 2021-12-18 https://www.thezdi.com/blog/2021/12/15/exploitation-of-cve-2021-21220-from-incorrect-jit-behavior-to-rce monthly 0.5 2021-12-16 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/adff2ccd-61fa-4698-9998-d997f8f574e6/Picture1.png Blog - Exploitation of CVE-2021-21220 – From Incorrect JIT Behavior to RCE - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/db517807-7390-4707-b7b0-2948374982ac/Picture2.png Blog - Exploitation of CVE-2021-21220 – From Incorrect JIT Behavior to RCE - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2021/12/14/the-december-2021-security-update-review monthly 0.5 2022-01-10 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f3da246c-55a1-4de2-934d-7e1097385030/Figure1-log4j.png Blog - The December 2021 Security Update Review - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2021/12/8/understanding-the-root-cause-of-cve-2021-21220-a-chrome-bug-from-pwn2own-2021 monthly 0.5 2021-12-13 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/31cb14ed-8d0d-4aa6-9dff-2d9bc1c93582/Screen+Shot+2021-12-09+at+10.55.14+AM.png Blog - Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/860fc043-806d-4444-8a1d-2dd9346e8b95/Picture1.png Blog - Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9c0678b8-0186-4d4f-9044-f9266de2fa16/Picture2.png Blog - Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f21c0199-b547-4061-a7bb-3b0483c0169a/Picture3.png Blog - Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/dedf15be-c171-453a-81f1-c2e48bf4eb21/Picture4.png Blog - Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8146cb21-9980-4df9-9874-f16b2a8e4ba4/Picture5-2.png Blog - Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8dc63ef0-9377-46d3-a008-0d887cf5b461/Picture6.png Blog - Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/900f5117-8fb7-4b7b-b02a-cd761e8ee606/Screen+Shot+2021-12-08+at+7.38.08+PM.png Blog - Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/87c7396e-3b78-46bd-af01-ef6f79455395/Picture7.png Blog - Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/57ab2b13-3b7c-4ad7-8f72-0a28ddcf0d5f/Picture8.png Blog - Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/11af59af-b957-41ed-8c2f-a20da1ca2aee/Picture9.png Blog - Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/69d12de5-c342-47b7-b324-1be59cf7787d/Screen+Shot+2021-12-08+at+7.43.19+PM.png Blog - Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/62b9060a-8eb9-4eed-a4c2-f00ef03c025b/Screen+Shot+2021-12-08+at+7.45.18+PM.png Blog - Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2021/12/6/two-birds-with-one-stone-an-introduction-to-v8-and-jit-exploitation monthly 0.5 2021-12-13 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/acbc2b6f-feb8-4f8c-84c0-40fbae1e294d/Picture1.png Blog - Two Birds with One Stone: An Introduction to V8 and JIT Exploitation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d41de51e-94d3-43e8-b723-606c697fd10f/Picture2.png Blog - Two Birds with One Stone: An Introduction to V8 and JIT Exploitation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/a084fedc-6d02-483c-930e-4cc111fcd8a3/Picture3.png Blog - Two Birds with One Stone: An Introduction to V8 and JIT Exploitation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1e306aa0-d86e-44b7-a0a1-a233218e655c/Picture4.png Blog - Two Birds with One Stone: An Introduction to V8 and JIT Exploitation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/bac0de32-e154-4e77-8458-5fa136e42cb7/Screen+Shot+2021-12-07+at+11.09.25+AM.png Blog - Two Birds with One Stone: An Introduction to V8 and JIT Exploitation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/8d30162c-7504-41d0-82e2-c750aac42e51/Picture6.png Blog - Two Birds with One Stone: An Introduction to V8 and JIT Exploitation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d0cf830a-fb5b-4ff4-9fae-ff60d3b34ad0/Picture7.png Blog - Two Birds with One Stone: An Introduction to V8 and JIT Exploitation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2d01a503-2c36-4a35-a051-1fe67a6c1b2c/Picture8.png Blog - Two Birds with One Stone: An Introduction to V8 and JIT Exploitation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/7cec7239-a1fc-42ff-bda0-c614fb3d7ed2/Picture9.png Blog - Two Birds with One Stone: An Introduction to V8 and JIT Exploitation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2021/11/17/mindshare-using-io-ninja-to-analyze-npfs monthly 0.5 2021-11-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/740bf4d0-0feb-4dea-98b0-e8d587b7b5f2/Figure1.png Blog - MindShaRE: Using IO Ninja to Analyze NPFS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/435e7cd7-79bf-4b05-af84-b7404f618de0/Figure2.png Blog - MindShaRE: Using IO Ninja to Analyze NPFS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/f0bbc10a-1c61-493b-844d-cb81c30e0c4d/Figure3.png Blog - MindShaRE: Using IO Ninja to Analyze NPFS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3c050dfc-9604-46f7-8979-8951e5705558/Figure4.png Blog - MindShaRE: Using IO Ninja to Analyze NPFS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/71d90449-f38e-4b69-a504-635b04a32588/Figure5.png Blog - MindShaRE: Using IO Ninja to Analyze NPFS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/122b2cde-cf26-4215-8725-2e3e160d4720/Figure6.png Blog - MindShaRE: Using IO Ninja to Analyze NPFS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2663692d-f9d1-42bf-aed9-2b3cb6b89c27/Figure7.png Blog - MindShaRE: Using IO Ninja to Analyze NPFS - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2021/11/9/the-november-2021-security-update-review monthly 0.5 2021-12-13 https://www.thezdi.com/blog/2021/11/1/pwn2ownaustin monthly 0.5 2022-04-21 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3781856e-21ef-4062-b3af-b02fff6863a7/MoP+Standings-9.jpg Blog - Pwn2Own Austin 2021 - Schedule and Live Results - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2021/10/22/our-ics-themed-pwn2own-contest-returns-to-miami-in-2022 monthly 0.5 2022-02-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1634929561569-DPXBT8G3HY8D6RMV4KFR/ControlServer.png Blog - Our ICS-Themed Pwn2Own Contest Returns to Miami in 2022 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1634929962328-F4BW7HFO4TSZAQODEC5I/OPC+UA.png Blog - Our ICS-Themed Pwn2Own Contest Returns to Miami in 2022 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1634930758692-RR5OVZRCPVYJ3Q46AZ8B/Data+Gateway-b.png Blog - Our ICS-Themed Pwn2Own Contest Returns to Miami in 2022 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1634930823041-N9X3UUQRH3NBLNTXC77R/HMI.png Blog - Our ICS-Themed Pwn2Own Contest Returns to Miami in 2022 - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2021/10/20/cve-2021-28632-amp-cve-2021-39840-bypassing-locks-in-adobe-reader monthly 0.5 2021-10-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1634757904926-TQZYC3XTA5J5F4T7XC2V/img01.jpg Blog - CVE-2021-28632 & CVE-2021-39840: Bypassing Locks in Adobe Reader - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1634757959467-CYUJIBLGCRO72KLMAIW2/img02.jpg Blog - CVE-2021-28632 & CVE-2021-39840: Bypassing Locks in Adobe Reader - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1634758038342-NUN3D1TP0KZIZISWWU7D/img03.jpg Blog - CVE-2021-28632 & CVE-2021-39840: Bypassing Locks in Adobe Reader - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1634758156890-GZU7H1VBCFI1SJ14S2H8/img04.jpg Blog - CVE-2021-28632 & CVE-2021-39840: Bypassing Locks in Adobe Reader - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1634758278522-O6LP9HFY8NIALVSR1OCF/img05.jpg Blog - CVE-2021-28632 & CVE-2021-39840: Bypassing Locks in Adobe Reader - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2021/10/14/adding-a-beta-nas-device-to-pwn2own-austin monthly 0.5 2021-10-14 https://www.thezdi.com/blog/2021/10/12/the-october-2021-security-update-review monthly 0.5 2021-10-12 https://www.thezdi.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation monthly 0.5 2021-10-06 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633462745098-9AMJK7YGB2033R5XHSO9/Picture2.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633462796382-DGBEQENQ2SCII58FCQV8/Picture3.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633462826535-XXYZY1IU6KJOFC38QJMC/Picture4.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633462926706-2NL10DXILWF3LF75MK5G/Picture5.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633462986227-RSGAZOEWQRX3RO5J8N56/Picture6.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633463025356-3AARD9XCJHWD2EFX4ISG/Picture7.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633463080582-DTIRY5UJ3T2X7K9VIXDF/Picture8.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633463115480-3K7WEWSZPSTBSR5SL5MC/Picture9.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633463151084-L7PVWAI1NRUHZC7PM1LM/Picture10.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633463188588-F2I980TKBBLYF9ECENQ1/Picture11.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633463238564-AG0LM36AG47H8LODQH64/Picture12.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633463285116-360SJE5K7T1CN8P809X9/Picture13.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633463334924-AWPAIC4WOPWLS9HWB3SC/Picture14.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633463381586-C8Q34SOFGHDTWNH36MEJ/Picture15.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633463417210-KAZLEI96WYQY24UNP3BG/Picture16.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633463742578-FGD1W9MX6YM6LUX50WPG/Picture17.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633463779089-D4UALZF5T7DWR9CTJPS1/Picture18.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633463846297-GHSETHESK0HTOZ69EDYE/Picture19.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1633463882636-D4GFWPDUPNYQL0HXW1J9/Picture20.png Blog - CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2021/9/21/cve-2021-26084-details-on-the-recently-exploited-atlassian-confluence-ognl-injection-bug monthly 0.5 2021-09-22 https://www.thezdi.com/blog/2021/9/14/the-september-2021-security-update-review-kpgpb monthly 0.5 2021-09-14 https://www.thezdi.com/blog/2021/9/9/analysis-of-a-parallels-desktop-stack-clash-vulnerability-and-variant-hunting-using-binary-ninja monthly 0.5 2021-09-09 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1631128912879-8ZE6PCHSAM9S07Z9S6WV/Fig1.png Blog - Analysis of a Parallels Desktop Stack Clash Vulnerability and Variant Hunting using Binary Ninja - Make it stand out Figure 1 - Variable size TG_PAGED_REQUEST structure in guest memory https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1631128947555-C87JDPRLNIYCWIZL4GDK/Fig2.png Blog - Analysis of a Parallels Desktop Stack Clash Vulnerability and Variant Hunting using Binary Ninja - Make it stand out Figure 2 - Variable size TG_PAGED_BUFFER structure in TG_PAGED_REQUEST https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1631129061519-5HROTMB31B8VTLM8ZN6H/Fig3.png Blog - Analysis of a Parallels Desktop Stack Clash Vulnerability and Variant Hunting using Binary Ninja - Make it stand out Figure 3 - Normal stack operation (left) vs stack jumping due to large allocation (right) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1631129128778-ZAREXLPGKMTQJYA35XIS/Fig4.png Blog - Analysis of a Parallels Desktop Stack Clash Vulnerability and Variant Hunting using Binary Ninja - Make it stand out Figure 4 - Vulnerability in TG_REQUEST_INVSHARING handling https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1631129189098-A672BNQW6725KQTBCZQQ/Fig5.png Blog - Analysis of a Parallels Desktop Stack Clash Vulnerability and Variant Hunting using Binary Ninja - Make it stand out Figure 5 - Sample code with stack clash mitigation https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1631129325087-DO9GS0FLEXH5MSHFNY1S/Fig6.png Blog - Analysis of a Parallels Desktop Stack Clash Vulnerability and Variant Hunting using Binary Ninja - Make it stand out Figure 6 - LC_VERSION_MIN_MACOSX information of prl_vm_app https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1631129388852-2V1EG1VIFN7D6TMUDAIM/Fig7.png Blog - Analysis of a Parallels Desktop Stack Clash Vulnerability and Variant Hunting using Binary Ninja - Make it stand out Figure 7 - Backward compatibility with 10.13 disables ___chkstk_darwin() (right) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1631129456634-7HWSNYU8EYAZR7V1LB4G/Fig8.png Blog - Analysis of a Parallels Desktop Stack Clash Vulnerability and Variant Hunting using Binary Ninja - Make it stand out Figure 8 - Fig 8. Apple Clang calls ___chkstk_darwin (left) vs GCC mitigation inlined (right) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1631129513603-7Z6FRRRU4AUW8N2KYW1Y/Fig9.png Blog - Analysis of a Parallels Desktop Stack Clash Vulnerability and Variant Hunting using Binary Ninja - Make it stand out Figure 9 - Fig 9. Known stack offset (left) vs Undetermined value after alloca() (right) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1631129869315-BMBZFB8O1TLC8W9RPU00/Fig10.png Blog - Analysis of a Parallels Desktop Stack Clash Vulnerability and Variant Hunting using Binary Ninja - Make it stand out Figure 10 - Pwn2Own bug and its variants found using Binary Ninja https://www.thezdi.com/blog/2021/9/2/cve-2021-2429-a-heap-based-buffer-overflow-bug-in-the-mysql-innodb-memcached-plugin monthly 0.5 2021-09-02 https://www.thezdi.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server monthly 0.5 2021-08-30 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1629917172715-K3VVV119DI5SFPDEQM2G/Picture1.png Blog - ProxyToken: An Authentication Bypass in Microsoft Exchange Server - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1629917271871-VNLS3PTRWXWB6X2DZ1GH/Picture2.png Blog - ProxyToken: An Authentication Bypass in Microsoft Exchange Server - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1629917306935-E19576QKU0EY1N7T2KCA/Picture3.png Blog - ProxyToken: An Authentication Bypass in Microsoft Exchange Server - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1629917386888-TIIWTNJAJSFUTB9UE42P/Picture4.png Blog - ProxyToken: An Authentication Bypass in Microsoft Exchange Server - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1629917418341-D2S571HAY9VJORJ9KPL4/Picture5.png Blog - ProxyToken: An Authentication Bypass in Microsoft Exchange Server - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell monthly 0.5 2021-08-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1629232909681-8RGNOTKKHA8ZOFLTO37C/upload_478912a7f6e2273a32eb713e9bce6e25.png Blog - From Pwn2Own 2021: A New Attack Surface on Microsoft Exchange - ProxyShell! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1629232959531-LAR8BRMOITOANJQCIEMY/upload_904b9bf84f3227a749234404c6062591.png Blog - From Pwn2Own 2021: A New Attack Surface on Microsoft Exchange - ProxyShell! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1629233363364-MYW0BCWFPUWCKH0O2KAU/Msft.png Blog - From Pwn2Own 2021: A New Attack Surface on Microsoft Exchange - ProxyShell! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1629233400917-LR0MDTNZQQ77UGPRN8H3/upload_7c2d5577bfa74e8024f562bc3154f40c.png Blog - From Pwn2Own 2021: A New Attack Surface on Microsoft Exchange - ProxyShell! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2021/8/11/pwn2own-austin-2021-phones-printers-nas-and-more monthly 0.5 2021-10-14 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1628710298766-9OMBT86DQ7UGUAZ723LO/Phone_Table.png Blog - Pwn2Own Austin 2021: Phones, Printers, NAS, and more! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1628710351325-SXV82JMG9VQJPH0FHSSJ/Printer_Table.png Blog - Pwn2Own Austin 2021: Phones, Printers, NAS, and more! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1634243219703-W2TYB1GLPDCKSEVSV9FA/NAS_Table2.png Blog - Pwn2Own Austin 2021: Phones, Printers, NAS, and more! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1628710599944-HPJF5CG4VRXIYI4OBE09/Drive_Table.png Blog - Pwn2Own Austin 2021: Phones, Printers, NAS, and more! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1631894818056-6NAFYWZN3HWCDXMK31K8/Speaker_Table-2.png Blog - Pwn2Own Austin 2021: Phones, Printers, NAS, and more! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1631895007056-LVB7G16ZSGRX3T4SLM2Z/Router_Table-2.png Blog - Pwn2Own Austin 2021: Phones, Printers, NAS, and more! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1628710705557-J7A535F7THN6RPOFJVD0/TV_Table.png Blog - Pwn2Own Austin 2021: Phones, Printers, NAS, and more! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1628710787635-AXXHT8S8TE762I506YRT/WesternDigital_Logo_1L_B%5B1%5D.jpg Blog - Pwn2Own Austin 2021: Phones, Printers, NAS, and more! - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2021/8/10/the-august-2021-security-update-review monthly 0.5 2021-08-10 https://www.thezdi.com/blog/2021/7/26/cve-2021-27077-selecting-bitmaps-into-mismatched-device-contexts monthly 0.5 2021-07-29 https://www.thezdi.com/blog/2021/7/19/cve-2021-31969-underflowing-in-the-clouds monthly 0.5 2021-07-21 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1626721101104-MCFQGU69227I6XP711QP/1-if-else.png Blog - CVE-2021-31969: Underflowing in the Clouds - Make it stand out Figure 1 - The HsmFltProcessHSMControl Function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1626721144423-MGP6LJGLCBASDRZ6Q89U/2-HsmFltProcessUpdatePlaceholder_call.png Blog - CVE-2021-31969: Underflowing in the Clouds - Make it stand out Figure 2 - Call to HsmFltProcessUpdatePlaceholder https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1626721835396-J3Y6Y315XB85EMUM2EO5/3-HsmpRpReadBuffer.png Blog - CVE-2021-31969: Underflowing in the Clouds - Make it stand out Figure 3 - Calling HsmpRpiDecompressBuffer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1626721961122-6Y137V4GWQBP5YQA8P2A/4-HsmpRpiDecompressBuffer.png Blog - CVE-2021-31969: Underflowing in the Clouds - Make it stand out Figure 4 - Showing the integer underflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1626722042763-KZFCHLORSZGM3R1OK0U9/5-fix.png Blog - CVE-2021-31969: Underflowing in the Clouds - Make it stand out Figure 5 - Patch from Microsoft https://www.thezdi.com/blog/2021/7/13/the-july-2021-security-update-review monthly 0.5 2021-07-13 https://www.thezdi.com/blog/2021/7/7/cve-2021-28474-sharepoint-remote-code-execution-via-server-side-control-interpretation-conflict monthly 0.5 2021-07-08 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625694904813-Q3SYL1HIWQP0F2C7830N/Picture1.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625694953683-Q818C5AH23YPOIGHOC18/Picture2.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625695343391-TF6UVSUDKI50Y8O117LP/Picture3.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625695376944-J19M2ETD7SPUNMFZPGN6/Picture4.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625695407807-3MTXQL8ENVMR198VR4S8/Picture5.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625695443419-0MU60NQVRR2OH0VICLHR/Picture6.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625695486365-QQLSB1WBXBD9KPZPXVZ5/Picture7.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625695554812-D2H97CJQ2SD938HOCL16/Picture8.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625695576646-MUU2P074ML4BTKQ3H836/Picture9.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625695613130-DHXN0HC6H791EPHVJD18/Picture10.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625695698183-TEK0TQ26EGJHEYG9G87Y/Picture11.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625695773742-K7OCNJ26ZPXNQZN2PDH4/Picture12.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625695815538-LPCE5DZF5OVHACOQYTB1/Picture13.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625695895096-73QPA37M7DLRJGG6LWSR/Picture14.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625695980082-V68AYANWW11MTI902PSO/Picture15.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1625696014674-T04G6HONTKR4SI7T2COS/Picture16.png Blog - CVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation Conflict - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2021/6/30/cve-2021-26892-an-authorization-bypass-on-the-microsoft-windows-efi-system-partition monthly 0.5 2021-06-30 https://www.thezdi.com/blog/2021/6/23/cve-2021-1497-cisco-hyperflex-hx-auth-handling-remote-command-execution monthly 0.5 2021-06-23 https://www.thezdi.com/blog/2021/6/15/zdi-21-502-an-information-disclosure-bug-in-isc-bind-server monthly 0.5 2021-06-16 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1623782138947-F2YP5L5YDNUD2HR3RYGC/wireshark.png Blog - ZDI-21-502: An Information Disclosure Bug in ISC BIND server - Make it stand out Figure 1 - Wireshark view of the crafted SPNEGO request https://www.thezdi.com/blog/2021/6/8/the-june-2021-security-update-review monthly 0.5 2021-06-08 https://www.thezdi.com/blog/2021/6/1/cve-2021-31181-microsoft-sharepoint-webpart-interpretation-conflict-remote-code-execution-vulnerability monthly 0.5 2021-06-02 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1622577658548-BLLK7I188BL1S3SWKE0K/Picture1.png Blog - CVE-2021-31181: Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1622577692205-KJ2UWT0ASZ4GAD4QSB75/Picture2.png Blog - CVE-2021-31181: Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1622647043255-92OV3E50SQWGUFFZW7NG/Picture3.png Blog - CVE-2021-31181: Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1622647075183-1BDO35X0KXP6WW3G4R97/Picture4.png Blog - CVE-2021-31181: Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1622647101741-GQF51XD5EAHSLLECCMQ6/Picture5.png Blog - CVE-2021-31181: Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1622647129600-GCXACD19ANSWIFNT2HLC/Picture6.png Blog - CVE-2021-31181: Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1622647173192-3EMUHECD1YJ8D4RNIBIA/Picture7.png Blog - CVE-2021-31181: Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1622647414958-ADHC1O6UPX7Z4E5M2N1C/Picture9.png Blog - CVE-2021-31181: Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1622647486617-LPTJPYFFNZ0FXGHHPMIL/Picture10.png Blog - CVE-2021-31181: Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1622647600592-7F94G5WDW29MRN0QWJQ5/Picture11.png Blog - CVE-2021-31181: Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1622647642882-0PMXBOEX179K0QMJUV7P/Picture12.png Blog - CVE-2021-31181: Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1622647714196-5HBV5XW0CCO39VZN8DCH/Picture13.png Blog - CVE-2021-31181: Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1622647795235-II08MKI9BWA5YYZC19R7/Picture14.png Blog - CVE-2021-31181: Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1622647831445-C154VTU0N7DNODPBFFPH/Picture15.png Blog - CVE-2021-31181: Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.thezdi.com/blog/2021/5/26/cve-2021-31440-an-incorrect-bounds-calculation-in-the-linux-kernel-ebpf-verifier monthly 0.5 2021-05-27 https://www.thezdi.com/blog/2021/5/24/cve-2021-22909-digging-into-a-ubiquiti-firmware-update-bug monthly 0.5 2021-05-25 https://www.thezdi.com/blog/2021/5/17/cve-2021-31166-a-wormable-code-execution-bug-in-httpsys monthly 0.5 2021-05-26 https://www.thezdi.com/blog/2021/5/11/the-may-2021-security-update-review monthly 0.5 2021-05-12 https://www.thezdi.com/blog/2021/5/3/cve-2021-26900-privilege-escalation-via-a-use-after-free-vulnerability-in-win32k monthly 0.5 2021-05-04 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1620062020432-POW2191N501K7MY0PK1J/Table-1.png Blog - CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1620067596705-95BBAS12YQKGNJGALQFX/Table-2.png Blog - CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1620067658069-VYEZVQ0P2YKUUYG5HGAW/Table-3.png Blog - CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1620067840513-0BGS73COMU8VL69F6ET6/Chart1.jpg Blog - CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1620068295541-68AWEJPEC2TNPPR4QLJD/Chart2.jpg Blog - CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1620068331722-QWH88OT40V0YEZNK30ZN/Chart3.jpg Blog - CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1620068563905-R7ZWF7CEA6GRMT1GS8YZ/Chart4.jpg Blog - CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1620068601079-RAHKDOKTCWF06NWBWNW0/Chart5.jpg Blog - CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k https://www.thezdi.com/blog/2021/4/26/parallels-desktop-rdpmc-hypercall-interface-and-vulnerabilities monthly 0.5 2021-04-29 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1619548634799-UI7A5EY0JZJ8MZRPK4ZX/fig1.png Blog - Parallels Desktop RDPMC Hypercall Interface and Vulnerabilities Figure 1 - Compressed VMM Mach-O executable https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1619548785240-3F4OL9ORCV20G9YL0J6R/fig2.png Blog - Parallels Desktop RDPMC Hypercall Interface and Vulnerabilities Figure 2 - Search for OTGHandleGenericCommand https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1619548830307-1LTD2UNGR0123RPLZJUV/fig3.png Blog - Parallels Desktop RDPMC Hypercall Interface and Vulnerabilities Figure 3 - UEFI firmware invoking hypercall https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1619548988976-ZQN2KY8LCBR3SGD8DP96/fig4.png Blog - Parallels Desktop RDPMC Hypercall Interface and Vulnerabilities Figure 4 - UEFI GetVariable() service https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1619549011409-JGNLQNRF8Y675PERDGXG/fig5.png Blog - Parallels Desktop RDPMC Hypercall Interface and Vulnerabilities Figure 5 - VMM request structure https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1619549162768-BLYU9WIAATXFEM3KK2GM/Table1.jpg Blog - Parallels Desktop RDPMC Hypercall Interface and Vulnerabilities Table 1 - Mapping Variable services to VMM operations https://www.thezdi.com/blog/2021/4/22/cve-2021-20226-a-reference-counting-bug-in-the-linux-kernel-iouring-subsystem monthly 0.5 2021-04-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1619107238209-YBRE5GXE7VL5A1RXZWW7/picture1.png Blog - CVE-2021-20226: A Reference-Counting Bug in the Linux Kernel io_uring Subsystem Figure 1 - The Exploit Timeline https://www.thezdi.com/blog/2021/4/13/the-april-2021-security-update-review monthly 0.5 2021-04-13 https://www.thezdi.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results monthly 0.5 2021-04-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1617821881179-E8HSV6F2L0OIPV3O0QW9/image-asset.gif Blog - Pwn2Own 2021 - Schedule and Live Results Zero clicks needed to pop calc https://www.thezdi.com/blog/2021/3/25/cve-2021-25646-getting-code-execution-on-apache-druid monthly 0.5 2021-03-29 https://www.thezdi.com/blog/2021/3/17/cve-2021-27076-a-replay-style-deserialization-attack-against-sharepoint monthly 0.5 2021-03-17 https://www.thezdi.com/blog/2021/3/11/the-battle-between-white-box-and-black-box-bug-hunting-in-wireless-routers monthly 0.5 2021-03-12 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1615482828533-54FAGOS5YC1Q5TERHQZ3/Fig+1.png Blog - The Battle Between White Box and Black Box Bug Hunting in Wireless Routers Decompiled code view of the NETGEAR R7450 firmware in Ghidra from submitter’s report. https://www.thezdi.com/blog/2021/3/9/the-march-2021-security-update-review monthly 0.5 2021-03-10 https://www.thezdi.com/blog/2021/3/1/cve-2020-3992-amp-cve-2021-21974-pre-auth-remote-code-execution-in-vmware-esxi monthly 0.5 2021-03-09 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1615315548690-4CWIUP7FDMJB15EUNVFS/layout3.PNG Blog - CVE-2020-3992 & CVE-2021-21974: Pre-Auth Remote Code Execution in VMware ESXi https://www.thezdi.com/blog/2021/2/24/cve-2020-8625-a-fifteen-year-old-rce-bug-returns-in-isc-bind-server monthly 0.5 2021-06-11 https://www.thezdi.com/blog/2021/2/17/zdi-21-171-getting-information-disclosure-in-adobe-reader-through-the-id-tag monthly 0.5 2021-02-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1613663849630-1TAJGO9OO5GU81VMZGRQ/Figure1-trailerSample.png Blog - ZDI-21-171: Getting Information Disclosure in Adobe Reader Through the ID Tag Figure 1 - Example PDF Trailer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1613666528057-19M2KTTMWFS0260J7KOC/Figure2--adobeFileTrailerRef.png Blog - ZDI-21-171: Getting Information Disclosure in Adobe Reader Through the ID Tag Figure 2 - Adobe’s File Trailer documentation https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1613666580906-01BDGZEYUNUZQ078I4NZ/Figure2.5-trailer.png Blog - ZDI-21-171: Getting Information Disclosure in Adobe Reader Through the ID Tag Figure 3 - Proof of Concept PDF Trailer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1613666656625-JPY6H03F43P5TQFAEYMQ/Figure3-fileID-Structure.png Blog - ZDI-21-171: Getting Information Disclosure in Adobe Reader Through the ID Tag Figure 4 - Trailer ID Structure https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1613666760646-WXRYRVDFODW1KBQSP2MQ/Figure4-pseudo.png Blog - ZDI-21-171: Getting Information Disclosure in Adobe Reader Through the ID Tag Figure 5 - Pseudocode to retrieve File ID https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1613668618553-GICM8J5PW03WJFMAR46U/Figure5-callGetFileID-edit.jpg Blog - ZDI-21-171: Getting Information Disclosure in Adobe Reader Through the ID Tag Figure 6 - A look at the stack and the returned value https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1613666876169-YLAGBYEXPZFFVEJJ0FRW/Figure6-stack-structure.png Blog - ZDI-21-171: Getting Information Disclosure in Adobe Reader Through the ID Tag Figure 7 - Returned stack structure https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1613668778506-PAXI6396QEXJQMHSSK09/Figure7-memcpy-edit.jpg Blog - ZDI-21-171: Getting Information Disclosure in Adobe Reader Through the ID Tag Figure 8 - This memcpy leads to an out-of-bounds read https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1613667032357-SS9W9AIGWX47WFC98WCW/Figure8-validation.png Blog - ZDI-21-171: Getting Information Disclosure in Adobe Reader Through the ID Tag Figure 9 - Annots.api base address successfully leaked https://www.thezdi.com/blog/2021/2/11/three-more-bugs-in-orions-belt monthly 0.5 2021-02-11 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1613059334302-5RGY6DXHW7S77XDND2QL/Picture1.png Blog - Three More Bugs in Orion’s Belt https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1613059695231-8INHADYFC9WD9SII6FVD/Picture2.png Blog - Three More Bugs in Orion’s Belt https://www.thezdi.com/blog/2021/2/9/the-february-2022-security-update-review monthly 0.5 2021-07-02 https://www.thezdi.com/blog/2021/1/27/zdi-can-12671-windows-kernel-dosprivilege-escalation-via-a-null-pointer-deref monthly 0.5 2021-01-28 https://www.thezdi.com/blog/2021/1/25/announcing-pwn2own-vancouver-2021 monthly 0.5 2022-06-16 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611619505203-MJZ8FAD6UXV9GM4GPEW3/Virtualization3.png Blog - Announcing Pwn2Own Vancouver 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611618370293-NF7UQZUBSN7W6WNZDN9S/Browsers.png Blog - Announcing Pwn2Own Vancouver 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611618491466-PM1DR234CV2B9NYJ074H/Enterprise+Apps.png Blog - Announcing Pwn2Own Vancouver 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611618623870-X03JJ76UI0C3FH27UCLO/Servers.png Blog - Announcing Pwn2Own Vancouver 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611619119010-6E7WFA88CB72WPD7F10Z/EoP.png Blog - Announcing Pwn2Own Vancouver 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611619341427-V5OUV6EXKD77FMQR6TOK/Enterprise+Communication.png Blog - Announcing Pwn2Own Vancouver 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611675509355-HLENV5IN1A0PKEJN2X3B/Tesla+Tier+1-2.png Blog - Announcing Pwn2Own Vancouver 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611622869479-8K6VXR9T2MG3QJN0IJO2/Tesla+AddOn.png Blog - Announcing Pwn2Own Vancouver 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611622912329-PUS36P9682AUO6WWEK25/Tesla+Tier+2.png Blog - Announcing Pwn2Own Vancouver 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611623088520-EN0HGDRCWQ93ZWXNWC93/Tesla+Tier+3-2.png Blog - Announcing Pwn2Own Vancouver 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611623208392-CZZRFR53MWY45RHML40B/Zoom+-+Blue.png Blog - Announcing Pwn2Own Vancouver 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1615831876007-A5FMYZ1HW9FTC6I6ALFW/Adobe_Corporate_Horizontal_Lockup_Red_HEX.png Blog - Announcing Pwn2Own Vancouver 2021 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611623288650-1794X9KPTQ2ACIMJRNG1/1000px-Vmware.svg.png Blog - Announcing Pwn2Own Vancouver 2021 https://www.thezdi.com/blog/2021/1/20/three-bugs-in-orions-belt-chaining-multiple-bugs-for-unauthenticated-rce-in-the-solarwinds-orion-platform monthly 0.5 2021-01-21 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611177045100-3ZZTQN2OWGODL2FUYFPQ/Picture1.png Blog - Three Bugs in Orion’s Belt: Chaining Multiple bugs for Unauthenticated RCE in the SolarWinds Orion Platform https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611177081975-FH7JO74VS884YXKPUK11/Picture2.png Blog - Three Bugs in Orion’s Belt: Chaining Multiple bugs for Unauthenticated RCE in the SolarWinds Orion Platform https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611177229896-XE0NHT1RU00BHUD4F582/Picture3.png Blog - Three Bugs in Orion’s Belt: Chaining Multiple bugs for Unauthenticated RCE in the SolarWinds Orion Platform https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1611177304299-N7U4V4DW0WH7CQO24A7X/Picture4.png Blog - Three Bugs in Orion’s Belt: Chaining Multiple bugs for Unauthenticated RCE in the SolarWinds Orion Platform https://www.thezdi.com/blog/2021/1/18/zdi-20-1440-an-incorrect-calculation-bug-in-the-linux-kernel-ebpf-verifier monthly 0.5 2021-01-19 https://www.thezdi.com/blog/2021/1/14/looking-back-at-the-zero-day-initiative-in-2020 monthly 0.5 2021-01-14 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1610484315706-XOEOTSISCIAVIBVXM5KO/2020-Advisories-YoY.jpg Blog - Looking Back at the Zero Day Initiative in 2020 Figure 1 - Published Advisories Year-Over-Year https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1610484356199-J9UA0GKZE9P7NE5YT34S/2020-0days-YoY.jpg Blog - Looking Back at the Zero Day Initiative in 2020 Figure 2 - 0-day Disclosures Since 2005 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1610484394378-9MYE3AAO22F5YRHIZNV4/2020-Vendors.jpg Blog - Looking Back at the Zero Day Initiative in 2020 Figure 3 - Advisories per vendor for 2020 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1610484431441-UD5YGEIH471HW9KF9R56/2020-CVSS.jpg Blog - Looking Back at the Zero Day Initiative in 2020 Figure 4 - CVSS 3 Scores for 2020 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1610484466041-Z361E8C4X5QKOSCEUJWM/2020-CVSS-YoY.jpg Blog - Looking Back at the Zero Day Initiative in 2020 Figure 5 - CVSS Scores from 2015 Through 2020 https://www.thezdi.com/blog/2021/1/12/the-january-2021-security-update-review monthly 0.5 2021-01-13 https://www.thezdi.com/blog/2021/1/6/mindshare-analysis-of-vmware-workstation-and-esxi-using-debug-symbols-from-flings monthly 0.5 2021-05-06 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1609960282277-515NZA0ZL1C3LGS7I1PQ/Fig1.png Blog - MindShaRE: Analysis of VMware Workstation and ESXi Using Debug Symbols from Flings Figure 1 - vmware-vmx after porting symbols using BinDiff https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1609960399843-OTCAPHRJNWAY5I5QAVFX/Fig2.png Blog - MindShaRE: Analysis of VMware Workstation and ESXi Using Debug Symbols from Flings Figure 2 - vmware-vmx after porting function prototypes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1609960582759-ZSBD2AQ3R5909CLDVBCO/Fig3.png Blog - MindShaRE: Analysis of VMware Workstation and ESXi Using Debug Symbols from Flings Figure 3 - Block of inlined code belonging to AddOutputDecl() https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1609960640557-4KQG08RNIP3JL0OYLDRK/Fig4.png Blog - MindShaRE: Analysis of VMware Workstation and ESXi Using Debug Symbols from Flings Figure 4 - Vulnerabilities in StateFFP_TranslateSM4() https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1609961068503-I3KT2ZR025SB0FKEVHIS/Fig5.png Blog - MindShaRE: Analysis of VMware Workstation and ESXi Using Debug Symbols from Flings Figure 5 - Symbols ported to ESXi x86 from ESXi ARM using BinDiff https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1609961151144-QWPEHEZYVUIPPFJIHQ05/Fig6.png Blog - MindShaRE: Analysis of VMware Workstation and ESXi Using Debug Symbols from Flings Figure 6 - Embedded vmmblob loader code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1609961172653-37YC6UCQQTV6UVHV81V1/Fig7.png Blog - MindShaRE: Analysis of VMware Workstation and ESXi Using Debug Symbols from Flings Figure 7 - Embedded vmmmods VMM code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1609961260827-LN5M9Q1Y8URTUEBJZ5IQ/Fig8.png Blog - MindShaRE: Analysis of VMware Workstation and ESXi Using Debug Symbols from Flings Figure 8 - PhysMem_Get - vmx (left) vs VMM (right) https://www.thezdi.com/blog/2020/12/21/cve-2020-7468-turning-imprisonment-to-advantage-in-the-freebsd-ftpd-chroot-jail monthly 0.5 2020-12-21 https://www.thezdi.com/blog/2020/12/16/the-top-5-bug-submissions-of-2020 monthly 0.5 2020-12-16 https://www.thezdi.com/blog/2020/12/9/cve-2020-27897-apple-macos-kernel-oob-write-privilege-escalation-vulnerability monthly 0.5 2020-12-10 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1607618380276-8167A7KINX464NP9NDFX/64C8C4E9-6629-4ADD-8333-0AC07BDB93EB.png Blog - CVE-2020-27897: Apple macOS Kernel OOB Write Privilege Escalation Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1607618422162-M433IDEGEZP6KPKIDBP4/42434E8E-8004-42BC-AACF-A6BDE634229C.png Blog - CVE-2020-27897: Apple macOS Kernel OOB Write Privilege Escalation Vulnerability https://www.thezdi.com/blog/2020/12/8/the-december-2020-security-update-review monthly 0.5 2020-12-09 https://www.thezdi.com/blog/2020/11/24/detailing-saltstack-salt-command-injection-vulnerabilities monthly 0.5 2020-11-24 https://www.thezdi.com/blog/2020/11/10/the-november-2020-security-update-review monthly 0.5 2020-11-13 https://www.thezdi.com/blog/2020/11/8/pwn2own-tokyo-live-from-toronto-day-three-results-and-master-of-pwn monthly 0.5 2020-11-08 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604851344549-QX06Q32G604HXGBIBEAW/1+Attempt1.png Blog - Pwn2Own Tokyo (Live from Toronto) – Day Three Results and Master of Pwn Figure 1 - Demonstrating the root shell on the Western Digital NAS https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604851385117-IXAXCQ6C1V27O67AUXWS/2+Attempt+2.png Blog - Pwn2Own Tokyo (Live from Toronto) – Day Three Results and Master of Pwn Figure 2 - Team Bugscale could not get their exploit to work in the time allotted https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604851492453-CZ2YHE1X2IL8TV1K7ZAS/3+Attempt+3+.png Blog - Pwn2Own Tokyo (Live from Toronto) – Day Three Results and Master of Pwn Figure 3 - Gaurav Baruah watches his demonstration gain a root shell https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604851532088-BKENPAPHHNGXTWA1J4NL/4+attempt+4.png Blog - Pwn2Own Tokyo (Live from Toronto) – Day Three Results and Master of Pwn Figure 4 - Disclosing sensitive files from a Sony smart TV https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604851586018-JEU6FA98WWZXM7NBYQVI/5+Attempt+5.png Blog - Pwn2Own Tokyo (Live from Toronto) – Day Three Results and Master of Pwn Figure 5 - The STARLabs team observes the ZDI Bug Extraction Crew demonstrate their root shell on the Synology NAS https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604851629539-0P9J4JE85IF92WEQ74HB/MoP+Standings-Day+3.jpg Blog - Pwn2Own Tokyo (Live from Toronto) – Day Three Results and Master of Pwn https://www.thezdi.com/blog/2020/11/7/pwn2own-tokyo-live-from-toronto-day-two-results monthly 0.5 2020-11-07 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604758280389-3XMK1KYWWUTLGPO58IKZ/1-Attempt1.png Blog - Pwn2Own Tokyo (Live from Toronto) - Day Two Results Figure 1 - Showing the shell gained on the TP-Link router https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604758315672-WBGAMYBYBV186D783Q00/2-Attempt2.png Blog - Pwn2Own Tokyo (Live from Toronto) - Day Two Results Figure 2 - Team Bugscale watches their exploit succeed https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604758356361-VVJLKWX0U0FC3G9Z7ZAJ/3-Attempt3.png Blog - Pwn2Own Tokyo (Live from Toronto) - Day Two Results Figure 3 - 84c0 observes his exploit get a shell on the NETGEAR Nighthawk WiFi router https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604758412552-TKTSXO6S18ROH0ZMLAV6/4-Attempt4.png Blog - Pwn2Own Tokyo (Live from Toronto) - Day Two Results Figure 4 - Showing the reverse shell from the Samsung Q60T smart TV https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604758454592-LMDDA268RMNGGAR9TYOC/5-Attempt5.png Blog - Pwn2Own Tokyo (Live from Toronto) - Day Two Results Figure 5 - Sam Thomas of Pentest Ltd watches exploit on the Western Digital NAS succeed https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604758501978-2T92E559RNF5HZM9X04R/6-Attempt6.png Blog - Pwn2Own Tokyo (Live from Toronto) - Day Two Results Figure 6 - The successful demonstration from the Synacktiv team included a light show on the router https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604758546606-IWRDXNMJR1MORMYKXPG3/7-Attempt7.png Blog - Pwn2Own Tokyo (Live from Toronto) - Day Two Results Figure 7 - The DEVCORE team notches a win with just 1:24 left in the second attempt https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604758589257-G1QN0OEKAYGPPJNYKLBZ/MoP+Standings-Day+2.jpg Blog - Pwn2Own Tokyo (Live from Toronto) - Day Two Results https://www.thezdi.com/blog/2020/11/6/pwn2own-tokyo-live-from-toronto-day-one-results monthly 0.5 2020-11-06 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604673890168-O0RQFDP19I498UYBNLKW/1-Attempt1.png Blog - Pwn2Own Tokyo (Live from Toronto) - Day One Results Figure 1 - The STARLabs team wasted no time in demonstrating their exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604673932287-C9SSQS2QRS1B8RNHH1L8/2-ScreenShot+Attempt+%232.jpg Blog - Pwn2Own Tokyo (Live from Toronto) - Day One Results Figure 2 - The Trapa Security team showing off their root shell https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604674035973-6P79PGRQ23DMMZWMJ9CJ/3-Attempt3.png Blog - Pwn2Own Tokyo (Live from Toronto) - Day One Results Figure 3 - Team Flashback celebrates another successful exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604674090078-JY5LN7NK68UXNXRLUZ2H/4-Attempt4.png Blog - Pwn2Own Tokyo (Live from Toronto) - Day One Results Figure 4 - 84c0 watches his exploit yield root access on a Western Digital NAS https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604674127960-B3NGB0YX0BHEWRAUOTAT/5-Attempt5.png Blog - Pwn2Own Tokyo (Live from Toronto) - Day One Results Figure 5 - Team Black Coffee was unable to demonstrate their exploit in the time allotted https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604675381076-XXEGDDOOKA9X7DTEGIPC/6-Attempt6.png Blog - Pwn2Own Tokyo (Live from Toronto) - Day One Results Figure 6 - The Viettel Cyber Security team watches their reverse shell succeed on the Samsung TV https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604675422661-5INJQQVLFLDANAFYAACF/7-Attempt7.png Blog - Pwn2Own Tokyo (Live from Toronto) - Day One Results Figure 7 - The Trapa Security team showing root access on the NETGEAR router https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1604675459966-D5IFZBEYUVR0T0VWIX90/MoP+Standings-Day+1.jpg Blog - Pwn2Own Tokyo (Live from Toronto) - Day One Results https://www.thezdi.com/blog/2020/11/4/pwn2own-tokyo-live-from-toronto-schedule-and-live-results monthly 0.5 2020-11-07 https://www.thezdi.com/blog/2020/10/27/cve-2020-16939-windows-group-policy-dacl-overwrite-privilege-escalation monthly 0.5 2020-10-27 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603810732311-IGPZ0ZJUHL2S0BI88S2M/procmon+filters.PNG Blog - CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation Figure 1 - Process Monitor Filter settings https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603810765613-SP1RVP3EXAFLW2JOOHIF/procmon+filters2.PNG Blog - CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation Figure 2 - Process Monitor Highlighting settings https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603810806155-MKEIMW5E8RDZ9NWWZU41/procmon.PNG Blog - CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation Figure 3 - Procmon output Group Policy Update user GPO https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603810884484-Q0PFQ0L3KDMWLE053DA3/DACL_write_identify.PNG Blog - CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation Figure 4 - "SetSecurityFile" operations identified https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603810952020-UGL3C72T576LPJ1928KV/permissions.PNG Blog - CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation Figure 5 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603811002605-USE3Z5WOKP8UEB8G6AZ1/permissions1.PNG Blog - CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation Figure 6 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603811078462-SZYCQUK4WM3D726OZU3G/procmon7.PNG Blog - CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation Figure 7 - Directory Junctions (Reparse Points) are followed by Group Policy Service https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603811122381-R7FQYOVVAKJR4FHXVPDK/procmon8.PNG Blog - CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation Figure 8 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603811175158-XMU8TR58P1EBKTNTNU8U/perms_before.PNG Blog - CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation Figure 9 - DACL Permissions before https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603811226700-APYWQXLCAGYOBIGH86G0/perms_after.png Blog - CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation Figure 10 - DACL Permissions after Group Policy update and directory junction reparse https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603811312348-09Z95NMVXXIFJJ6K4QMI/access_denied.PNG Blog - CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation Figure 11 - Access error caused DACL to write process to be stopped https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603811410909-NZEHR9980RTXRXO9Y0QC/exploit1.PNG Blog - CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation Figure 12 - Low privileged user has insufficient privileges on VMware Tools folder https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603811465250-V6DKQ6A6THRVGOR7XY2E/exploit4.PNG Blog - CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation Figure 13 – Low-privileged user has now full permissions on the “VMware Tools” folder https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603811549868-JNBK63YRODC2Q6343991/exploit5.PNG Blog - CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation Figure 14 - Low privileged user has now full permissions on the “SAM” file https://www.thezdi.com/blog/2020/10/22/detailing-two-vmware-workstation-toctou-vulnerabilities monthly 0.5 2020-10-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1603379153306-VS70WWMA46DWA9XUJRSF/Picture1.png Blog - Detailing Two VMware Workstation TOCTOU Vulnerabilities Figure 1 - Hijacking the ACPI parsing https://www.thezdi.com/blog/2020/10/13/the-october-2020-security-update-review monthly 0.5 2020-10-13 https://www.thezdi.com/blog/2020/10/7/cve-2019-0230-apache-struts-ognl-remote-code-execution monthly 0.5 2020-10-14 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1602081051963-A4VB99UEOM1A9LOXIRIB/Picture1.png Blog - CVE-2019-0230: Apache Struts OGNL Remote Code Execution https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1602081096069-GQNVTQTBEKZDTXD156OK/Picture2.png Blog - CVE-2019-0230: Apache Struts OGNL Remote Code Execution https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1602081139228-8FSIM59UT0W1AX6US6PB/Picture3.png Blog - CVE-2019-0230: Apache Struts OGNL Remote Code Execution https://www.thezdi.com/blog/2020/9/30/the-anatomy-of-a-bug-door-dissecting-two-d-link-router-authentication-bypasses monthly 0.5 2020-10-01 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1601571945595-USFJ2XU2G04K5UKUJ49S/pic2a.png Blog - The Anatomy of a Bug Door: Dissecting Two D-Link Router Authentication Bypasses Figure 1 - Control flow diagram of the vulnerable function for ZDI-20-268 https://www.thezdi.com/blog/2020/9/29/exploiting-other-remote-protocols-in-ibm-websphere monthly 0.5 2020-09-29 https://www.thezdi.com/blog/2020/9/14/cve-2020-9496-rce-in-apache-ofbiz-xmlrpc-via-deserialization-of-untrusted-data monthly 0.5 2020-09-16 https://www.thezdi.com/blog/2020/9/9/performing-sql-backflips-to-achieve-code-execution-on-schneider-electrics-ecostruxure-operator-terminal-expert-at-pwn2own-miami-2020 monthly 0.5 2020-09-10 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1599666687056-6AC8BUE04KC9A2Z7TB22/1.png Blog - Performing SQL Backflips to Achieve Code Execution on Schneider Electric’s EcoStruxure Operator Terminal Expert at Pwn2Own Miami 2020 Figure 1 - Designing a water-flow control with EcoStruxure Control Terminal Expert. Image taken from Schneider’s tutorial https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1599666745391-M1TZY5CYOC0N1I6T1NZP/2.png Blog - Performing SQL Backflips to Achieve Code Execution on Schneider Electric’s EcoStruxure Operator Terminal Expert at Pwn2Own Miami 2020 Figure 2 - Project directory https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1599666975702-IAF0AWJEMZHJ497896J6/3.png Blog - Performing SQL Backflips to Achieve Code Execution on Schneider Electric’s EcoStruxure Operator Terminal Expert at Pwn2Own Miami 2020 Figure 3 - Driver is a component that helps the HMI to communicate with the required control equipment (PLCs). There are many different drivers for every vendor and their specific equipment (ecosystem, protocol stack, etc). https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1599667144428-OPQ0QDSQ6IKPON2J6L6D/4.png Blog - Performing SQL Backflips to Achieve Code Execution on Schneider Electric’s EcoStruxure Operator Terminal Expert at Pwn2Own Miami 2020 Figure 4 - DriverConfig.db contents https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1599667324569-P0HFIFVDPUDIJ47EUBSS/5.png Blog - Performing SQL Backflips to Achieve Code Execution on Schneider Electric’s EcoStruxure Operator Terminal Expert at Pwn2Own Miami 2020 Figure 5 - SQLite3 viewer with the DriverConfig.db database opened. The ModuleName field is the name of the driver DLL that will get loaded and handle the communication between the HMI and the PLC https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1599669660846-SB9ACNKGJ32J7581JBD1/8.png Blog - Performing SQL Backflips to Achieve Code Execution on Schneider Electric’s EcoStruxure Operator Terminal Expert at Pwn2Own Miami 2020 Figure 6 - We changed the ModuleName field to ../../../../claroty.dll and monitored the system using procmon https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1599669979857-MZL6A62N6BC8M7M9XMSS/9.png Blog - Performing SQL Backflips to Achieve Code Execution on Schneider Electric’s EcoStruxure Operator Terminal Expert at Pwn2Own Miami 2020 Figure 7 - Showing the full path of the currently loaded database https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1599670056641-3GZN2GLXRKBCCODU4VSJ/10.png Blog - Performing SQL Backflips to Achieve Code Execution on Schneider Electric’s EcoStruxure Operator Terminal Expert at Pwn2Own Miami 2020 Figure 8 - Database VIEW diagram and our abstract plan to influence the query in real-time https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1599750518524-76YJNC3LYL4RBMVYGYKC/11.png Blog - Performing SQL Backflips to Achieve Code Execution on Schneider Electric’s EcoStruxure Operator Terminal Expert at Pwn2Own Miami 2020 Figure 9 - Specifically crafting the driver database so it will include the path to our DLL in real-time https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1599750563934-9QVF5OQRTPUMG0GV9I02/12.png Blog - Performing SQL Backflips to Achieve Code Execution on Schneider Electric’s EcoStruxure Operator Terminal Expert at Pwn2Own Miami 2020 Figure 10 - Our POC in action - upon opening the project file our code will get executed https://www.thezdi.com/blog/2020/9/8/the-september-2020-security-update-review monthly 0.5 2020-09-09 https://www.thezdi.com/blog/2020/9/2/cve-2020-9715-exploiting-a-use-after-free-in-adobe-reader monthly 0.5 2020-09-03 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1599075119212-ZORWEML98Z3DJ9O19HSO/Table1.jpg Blog - CVE-2020-9715: Exploiting a Use-After-Free in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1599075320759-M4RQM4Z5KGP40OBXAY09/Table2.jpg Blog - CVE-2020-9715: Exploiting a Use-After-Free in Adobe Reader https://www.thezdi.com/blog/2020/9/1/cve-2020-7460-freebsd-kernel-privilege-escalation monthly 0.5 2020-09-01 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1598891206309-0OV13JNMFPNQ4B6FJ06B/1-user-memory.png Blog - CVE-2020-7460: FreeBSD Kernel Privilege Escalation https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1598891264353-Y178S9I2SEFEY2E54WHO/2-kern-memory.png Blog - CVE-2020-7460: FreeBSD Kernel Privilege Escalation https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1598891302091-JGBBAM0TCRJO7TU8UO71/3-heap-overflow.png Blog - CVE-2020-7460: FreeBSD Kernel Privilege Escalation https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1598891421084-BT2E01YHPH5UIYG7Y0QQ/4-trick.png Blog - CVE-2020-7460: FreeBSD Kernel Privilege Escalation https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1598891652910-JRJ95KG8ZY9UTBT5UUKK/5-payload.png Blog - CVE-2020-7460: FreeBSD Kernel Privilege Escalation https://www.thezdi.com/blog/2020/8/25/introducing-cwe-1265-a-new-way-to-understand-vulnerable-reentrant-control-flows monthly 0.5 2020-08-27 https://www.thezdi.com/blog/2020/8/24/cve-2020-10611-achieving-code-execution-on-the-triangle-microworks-scada-data-gateway monthly 0.5 2020-08-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1598284613180-UI9KID0H6CWTZF06WHDN/Day3-7.jpg Blog - CVE-2020-10611: Achieving Code Execution on the Triangle MicroWorks SCADA Data Gateway Figure 1 - Tobias Scharnowski (left) Prepares to Demonstrate the Exploit at Pwn2Own Miami https://www.thezdi.com/blog/2020/8/19/15-years-of-the-zero-day-initiative monthly 0.5 2020-08-20 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1597862217470-MZNL30OOKBWZ17D8B5H8/Old+ZDI+Logo.png Blog - 15 Years of the Zero Day Initiative https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1597925088685-P4UX4Z45MT4ISELZ8ITG/HP_ZeroDay_Logomark-HPBlue2925.png Blog - 15 Years of the Zero Day Initiative https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1597862694487-55UPPIWFQE5MYMB50TLI/MP2O-Icon-extra+small.png Blog - 15 Years of the Zero Day Initiative https://www.thezdi.com/blog/2020/8/11/windows-print-spooler-patch-bypass-re-enables-persistent-backdoor monthly 0.5 2020-08-11 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1597076531472-H3FMWSAJY2MADLOS17PT/Picture1.png Blog - Windows Print Spooler Patch Bypass Re-Enables Persistent Backdoor Figure 3 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1597076563328-D1VUWNX9MEF29IWMZHF2/Picture2.png Blog - Windows Print Spooler Patch Bypass Re-Enables Persistent Backdoor Figure 4 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1597076646844-YX9DD1UPN5GXB7AT2JHN/Picture3.png Blog - Windows Print Spooler Patch Bypass Re-Enables Persistent Backdoor Figure 6 https://www.thezdi.com/blog/2020/8/11/the-august-2020-security-update-review monthly 0.5 2020-09-25 https://www.thezdi.com/blog/2020/7/28/announcing-pwn2own-tokyo-2020-live-from-toronto monthly 0.5 2020-09-21 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1595609182016-NKU0PKLVATKO5VM955XF/Browser.jpg Blog - Announcing Pwn2Own Tokyo 2020 – Live from Toronto! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1595609235452-K9CODNIIUP2TN7SBKZYW/Short+Disctance.jpg Blog - Announcing Pwn2Own Tokyo 2020 – Live from Toronto! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1595609285342-V4L8O58YMDR5LNJSI54K/Wearable.jpg Blog - Announcing Pwn2Own Tokyo 2020 – Live from Toronto! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1595942583607-CLZ8JL4G1O9KU9QCU20E/Home+Automation2.jpg Blog - Announcing Pwn2Own Tokyo 2020 – Live from Toronto! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1595609370940-KRRBIUEDJG83DXKWZZJ3/Televisions.jpg Blog - Announcing Pwn2Own Tokyo 2020 – Live from Toronto! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1595609413578-Y528ZDS07XSMR4M1D4FN/Routers.jpg Blog - Announcing Pwn2Own Tokyo 2020 – Live from Toronto! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1595609444463-WZTHXFNH3Z5IWWB77PYZ/NAS.jpg Blog - Announcing Pwn2Own Tokyo 2020 – Live from Toronto! https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1595614665028-OXU42RIZ4DGCEZL8X9X4/combo-bluerp.png Blog - Announcing Pwn2Own Tokyo 2020 – Live from Toronto! https://www.thezdi.com/blog/2020/7/22/chaining-5-bugs-for-code-execution-on-the-rockwell-factorytalk-hmi-at-pwn2own-miami monthly 0.5 2020-07-23 https://www.thezdi.com/blog/2020/7/20/abusing-java-remote-protocols-in-ibm-websphere monthly 0.5 2020-07-28 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1595344758145-O039I977YF0EXC0YMDGQ/Image1.png Blog - Abusing Java Remote Protocols in IBM WebSphere https://www.thezdi.com/blog/2020/7/14/the-july-2020-security-update-review monthly 0.5 2020-07-21 https://www.thezdi.com/blog/2020/7/8/cve-2020-1300-remote-code-execution-through-microsoft-windows-cab-files monthly 0.5 2020-07-09 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1594239037228-YG7GEP0LMW3ZRRGP4YWU/Image1.png Blog - CVE-2020-1300: Remote Code Execution Through Microsoft Windows CAB Files Figure 1 - Structure of the CFHEADER https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1594239086635-S6K7GAGS4OJJWTMBH6FF/Image2.png Blog - CVE-2020-1300: Remote Code Execution Through Microsoft Windows CAB Files Figure 2 - Format of a CFFILE entry https://www.thezdi.com/blog/2020/6/29/cve-2020-7454-killing-two-systems-with-one-bug-in-libalias monthly 0.5 2020-06-30 https://www.thezdi.com/blog/2020/6/24/zdi-20-709-heap-overflow-in-the-netgear-nighthawk-r6700-router monthly 0.5 2020-06-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593026508772-C5LVNB5322LGLLYB6DX7/01+sub_159E8_execution_flow.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 1 - Execution flow of sub_159E8 function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593026599525-COOZGWHCM38OPNFON2X6/02+vuln_code_pattern.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 2 - Pseudo-code of the vulnerable function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593026639674-21QIQQ6JR7B84FBXII9F/03+import_config_reqest.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 3 - HTTP request to import a configuration file https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593026679095-2CXQHL13JUOZXI8DCCXC/04+nginx_config.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 4 - NGINX configuration https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593026711709-N70PCQOA1USROR77W3B4/05+bypass_uri.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 5 - URI to bypass proxy https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593026755964-DUJ7QBCZJ5SUB1P4RPPJ/06+contentlength_extract.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 6 - Content-Length extraction https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593026798892-MZNYJHVQ875ZWWZLACXZ/07+loop.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 7 - Loop to convert string to integer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593026833234-TV7S4LHRWBV4F07Y7F2F/08+forge_uri.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 8 - URI to forge Content-Length value https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593026874959-IVRONFBMZBRP15AJPNV0/09+integeroverflow.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 9 - Integer Overflow vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593026990668-V759H7PS3S7FJW0ICX99/10+heapoverflow.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 10 - Heap Buffer Overflow Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593027085727-34VKS4RYDF6Z21EDSXEZ/11+memory_alloc_process.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 11 – Sequence of memory allocation operations https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593027129627-MNNC3TB5QR7YFKN4S6W3/12+sub_95AF4_code_pattern.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 12 – Pseudo-code from sub_95AF4() https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593027166586-W1K3KFSWRB1XECW67DQU/13+import_str_table_req.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 13 - Import string table HTTP request https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593027347810-B75PVECCVS4W1S9D1HCZ/14+free.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 14 – Implementation of free() in uClibc https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1593027382327-M9GO6TY4EC3WES3HG1PB/15+malloc.png Blog - ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router Figure 15 - malloc_state struct and fastbin_index macro definition https://www.thezdi.com/blog/2020/6/19/our-cve-story-bringing-our-zdi-community-to-the-cve-community monthly 0.5 2020-06-22 https://www.thezdi.com/blog/2020/6/16/cve-2020-1181-sharepoint-remote-code-execution-through-web-parts monthly 0.5 2020-06-17 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320275119-DS8WPGDYHFC5QQAV89TF/Picture1.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320307452-8IQQ6JWOEM5WWME7MJ61/Picture2.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320350877-XNYJ0IHP4HKAJGEZEGO3/Picture3.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320492838-CGGO26CPT983UDPE3GGK/Picture4.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320522307-XBBX8UC0X8BC1P3YUM1A/Picture5.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320570623-W91H1P4ZPKV1UTFTY0AN/Picture6.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320702431-Y7KQP6CN2DRXJ6YNVLI3/Picture7.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320731351-299D4QFOHQZ6R88P8UYH/Picture8.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320760993-BT3WYW64VQ04QBXT0D4V/Picture9.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320791283-N5Q9ZMUNE4XC5RKNT8JO/Picture10.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320817761-YU9X8IO4X4G7N9Z5JC2E/Picture11.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320845496-Z4M423BA0C4BV6XNQART/Picture12.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320889420-4624Q2LN2PL3UHDBXTFV/Picture13.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320927909-33WI5X2TT3C78LGKZ7H3/Picture14.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320958273-O3WQJ5HD0DP6DPJ4C1B0/Picture15.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592320995894-MDLNVAES5E0J6EP72FM1/Picture16.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1592321031777-VT95XCLA6PPMT4VX44MB/Picture17.png Blog - CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts https://www.thezdi.com/blog/2020/6/10/a-trio-of-bugs-used-to-exploit-inductive-automation-at-pwn2own-miami monthly 0.5 2020-06-11 https://www.thezdi.com/blog/2020/6/9/the-june-2020-security-update-review monthly 0.5 2020-06-16 https://www.thezdi.com/blog/2020/5/27/mindshare-how-to-just-emulate-it-with-qemu monthly 0.5 2020-05-27 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1590595179494-90BADQGUS49J9MC2DV2J/readelf.png Blog - MindShaRE: How to “Just Emulate It With QEMU” Figure 1 – Outputs of the file and readelf commands https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1590595243433-1N47QWWZSYHQ0OCSA0W5/imgdecrypt.png Blog - MindShaRE: How to “Just Emulate It With QEMU” Figure 2 - imgdecrypt https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1590595290187-4OWS81ZEOIOOC5B3HD1T/cross-arch-chroot.png Blog - MindShaRE: How to “Just Emulate It With QEMU” Figure 3 - Using QEMU to perform a cross-architectural chroot https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1590595334420-CGJ9MT1PYWS108UEH55Y/qemu_vm_boot.png Blog - MindShaRE: How to “Just Emulate It With QEMU” Figure 4 - Starting a pre-built Debian image https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1590595372816-ZHWMI9CK9GIBBG5Z2V3B/mount-chroot.png Blog - MindShaRE: How to “Just Emulate It With QEMU” Figure 5 - Busybox https://www.thezdi.com/blog/2020/5/20/cve-2020-8871-privilege-escalation-in-parallels-desktop-via-vga-device monthly 0.5 2020-05-21 https://www.thezdi.com/blog/2020/5/12/the-may-2020-security-update-review monthly 0.5 2020-05-19 https://www.thezdi.com/blog/2020/5/8/details-on-the-oracle-weblogic-vulnerability-being-exploited-in-the-wild monthly 0.5 2020-05-11 https://www.thezdi.com/blog/2020/5/7/how-a-deceptive-assert-caused-a-critical-windows-kernel-vulnerability monthly 0.5 2020-05-07 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588863096156-4BNX0HJ52Q4NQQN3SFXL/Picture1.png Blog - How a Deceptive Assert Caused a Critical Windows Kernel Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588863302619-N58PHRJKQGZWJUMJ226V/Picture2.png Blog - How a Deceptive Assert Caused a Critical Windows Kernel Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588863344291-J2S5HIDZZ3XHWC67S7RF/Picture3.png Blog - How a Deceptive Assert Caused a Critical Windows Kernel Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588863408066-TUF5ZW8XJMT7G4JWN54R/Picture4.png Blog - How a Deceptive Assert Caused a Critical Windows Kernel Vulnerability https://www.thezdi.com/blog/2020/5/4/analyzing-a-trio-of-remote-code-execution-bugs-in-intel-wireless-adapters monthly 0.5 2020-05-05 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588628834452-JM5R4FNERTKBV9IE4Z72/fig1b.png Blog - Analyzing a Trio of Remote Code Execution Bugs in Intel Wireless Adapters Figure 1 - Packet dissection of the malicious 802.11 Frame https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588628151368-5T315YK1RXS2E9DRJKC6/fig2.png Blog - Analyzing a Trio of Remote Code Execution Bugs in Intel Wireless Adapters Figure 2 - Disassembly of the vulnerable function prvhPanClientSaveAssocResp() https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588628186678-M69KPHDWFU62OPSKRJN5/fig3.png Blog - Analyzing a Trio of Remote Code Execution Bugs in Intel Wireless Adapters Figure 3 - Stack buffer var_4C https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588628223612-HVLKL9NON229NF43PCY6/fig4.jpg Blog - Analyzing a Trio of Remote Code Execution Bugs in Intel Wireless Adapters Figure 4 - Packet dissection of the malicious association request sent by the PoC https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588628257705-PIP8I90Q0C6HS4B4I1OA/fig5.png Blog - Analyzing a Trio of Remote Code Execution Bugs in Intel Wireless Adapters Figure 5 - Disassembly snippet of prvPanCnctProcessAssocSupportedChannelList () https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588628304234-W1BN11D2MOUOS1KEYM5J/fig6.png Blog - Analyzing a Trio of Remote Code Execution Bugs in Intel Wireless Adapters Figure 6 - Disassembly of utilRegulatoryClassToChannelList() https://www.thezdi.com/blog/2020/4/28/cve-2020-0932-remote-code-execution-on-microsoft-sharepoint-using-typeconverters monthly 0.5 2020-04-29 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588099930811-216RANLAP6COFFROS1UO/Picture1.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588099958341-5INKRK8TXDP05EC8CIL9/Picture2.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588100071538-MWIWUXXKV6R90I8O79GY/Picture3.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588100112486-MYQTOI00GW2EV25Q2O9A/Picture4.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588100155896-2A755S5ZQDL4Q97UQGWR/Picture5.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588100193134-QCPYHDMUUYXPHFOIL805/Picture6.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588100237350-ZHYD46X5E2QZ07XX65XV/Picture7.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588100292494-VXGQEA4C6MGYO2KZ7KBD/Picture8b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588100342670-LB12L5YGBIYJ7K3I7S92/Picture9b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588100382527-JLGVE0LH2H38VGMJOLXI/Picture10b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588100419206-FH47VM9ORYP2ZBLH6NVW/Alternate11.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588100443095-97GIW6N407BXNLE3NHJJ/Alternate12.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588100473514-A4FICRUQ92HWCWSJ0GTH/Alternate13.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588100528761-VSHDW55UQIW36LE2EHAM/Alternate14.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588100623460-3GSNOLX363O5IXMJJG2O/Picture11b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588103711379-ZMCQ009OB7ZXFRRWF314/Picture12b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588103864325-TV1PTOENTX96BOEZ35VN/Picture13b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588103902622-TWXUTLGQO0NGU836RA69/Picture14b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588103940870-DFRJ5J9H1NONQRTBSNJL/Picture15b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588104195483-J3ABNC65OZSSZ9JDFF2P/Picture16b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588104227560-428ZDQCZO51LOFPN6AUR/Picture17b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588104259001-KHEBK5H0UEBR06NW6TF6/Picture18b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588104287324-4CEXD5NGYNW77JEEJ6VZ/Picture19b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588104447827-E6WADW24WRGPQL9OXX57/Picture20b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588104482247-HM7YMYSQR5WV3MMIB36H/Picture21b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1588104513251-IP36J59G4ZAT7XYK51RZ/Picture22b.png Blog - CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters https://www.thezdi.com/blog/2020/4/20/mindshare-using-lldbinit-to-enhance-the-lldb-debugger monthly 0.5 2020-05-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1587420850206-JX4AR43KSM3NQL7FG04G/Picture1.png Blog - MindShaRE: Using lldbinit to Enhance the LLDB Debugger https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1587420878988-6TMSH2MG1CYDONN80G9E/Picture2.png Blog - MindShaRE: Using lldbinit to Enhance the LLDB Debugger https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1587420937288-ZMM3KHLO7RVUFRWXAC0Q/Picture3.png Blog - MindShaRE: Using lldbinit to Enhance the LLDB Debugger https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1587420995568-QAWT5HEFH5KMAN3S6RSM/Picture4.png Blog - MindShaRE: Using lldbinit to Enhance the LLDB Debugger https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1587421026231-0611EAD6GGHQF8PNND6P/Picture5.png Blog - MindShaRE: Using lldbinit to Enhance the LLDB Debugger https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1587421090827-SECT5F9W870DXACEXD5Y/Picture6.png Blog - MindShaRE: Using lldbinit to Enhance the LLDB Debugger https://www.thezdi.com/blog/2020/4/8/cve-2020-8835-linux-kernel-privilege-escalation-via-improper-ebpf-program-verification monthly 0.5 2020-04-16 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1586377358072-XA3HANULXSNTUUPG790N/Picture1.png Blog - CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1586377725025-QVM2EOEFSN9QTMZGIS09/Picture2.png Blog - CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1586377772455-H6ME2BDSABZGASODQ4FQ/Picture3.png Blog - CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1586377897420-M2747K3G6VC6GD42Z5WC/Picture4.png Blog - CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1586377929929-U58YTZ7E0MVZDY4D74OX/Picture5.png Blog - CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification https://www.thezdi.com/blog/2020/4/14/the-april-2020-security-update-review monthly 0.5 2020-06-23 https://www.thezdi.com/blog/2020/4/6/exploiting-the-tp-link-archer-c7-at-pwn2own-tokyo monthly 0.5 2020-04-16 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1586189756128-AT57OYUUJ4ZYL1ZE9P7F/Picture1.png Blog - Exploiting the TP-Link Archer A7 at Pwn2Own Tokyo Figure 1 - Reversed tdpServer packet format https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1586189921092-JUCOXF30K3EKJ23CQZ4M/Picture2.png Blog - Exploiting the TP-Link Archer A7 at Pwn2Own Tokyo Figure 2 - tdpd_pkt_parser() #1 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1586189976636-L78KQQRRISZWFOL6S87L/Picture3.png Blog - Exploiting the TP-Link Archer A7 at Pwn2Own Tokyo Figure 3 - calc_checksum() from the lao_bomb exploit code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1586190060217-W2LQ3WFEGOZ21IUFK3KC/Picture4.png Blog - Exploiting the TP-Link Archer A7 at Pwn2Own Tokyo Figure 4 - tdpd_pkt_parser() #2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1586190148984-69MGAM6V9JDP0AV8LV2B/Picture5.png Blog - Exploiting the TP-Link Archer A7 at Pwn2Own Tokyo Figure 5 - onemesh_slave_key_offer() #1 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1586190199449-UNC0LZOKFPSYTI70FLEU/Picture6.png Blog - Exploiting the TP-Link Archer A7 at Pwn2Own Tokyo Figure 6- onemesh_slave_key_offer() #2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1586190235752-5DWG66IWHEXACF3L5Y2V/Picture7.png Blog - Exploiting the TP-Link Archer A7 at Pwn2Own Tokyo Figure 7 - Example JSON payload for onemesh_slave_key_offer() https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1586190298040-0BFQQPW63NBV5DU45JSE/Picture8.png Blog - Exploiting the TP-Link Archer A7 at Pwn2Own Tokyo Figure 8 - onemesh_slave_key_offer() #3 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1586190346400-7QQP3AHT5A7GCZJ6PGSY/Picture9.png Blog - Exploiting the TP-Link Archer A7 at Pwn2Own Tokyo Figure 9 - onemesh_slave_key_offer() #4 https://www.thezdi.com/blog/2020/4/1/cve-2020-3947-use-after-free-vulnerability-in-the-vmware-workstation-dhcp-component monthly 0.5 2020-04-02 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585770418490-RFLMPA2ZIQ73CUNG0KWE/Picture1.png Blog - CVE-2020-3947: Use-After-Free Vulnerability in the VMware Workstation DHCP Component Figure 1 - DHCP Header structure https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585770508874-1QX91Q1GFNY02JGW372Z/Picture2.png Blog - CVE-2020-3947: Use-After-Free Vulnerability in the VMware Workstation DHCP Component Figure 2 - Option Field Structure https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585770733576-Q61BLQWPP7TPVV5J0OX7/Picture3.png Blog - CVE-2020-3947: Use-After-Free Vulnerability in the VMware Workstation DHCP Component Figure 3 - Lease Structure https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585770875540-KOC8B2CIR5EAHVBIRD86/Picture4.png Blog - CVE-2020-3947: Use-After-Free Vulnerability in the VMware Workstation DHCP Component Figure 4 – Compare the uid Fields https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585770914944-TN01G57ITKUO3HXJN7LK/Picture5.png Blog - CVE-2020-3947: Use-After-Free Vulnerability in the VMware Workstation DHCP Component Figure 5 - Frees the uid Field https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585770957009-5FIZL6S1ZT7GW6X03J0I/Picture6.png Blog - CVE-2020-3947: Use-After-Free Vulnerability in the VMware Workstation DHCP Component Figure 6 - Triggering the Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585771018615-0GE22060ZIRNKFOW356P/Picture7.png Blog - CVE-2020-3947: Use-After-Free Vulnerability in the VMware Workstation DHCP Component Figure 7 - BinDiff Patch Comparison https://www.thezdi.com/blog/2020/3/25/cve-2020-0729-remote-code-execution-through-lnk-files monthly 0.5 2020-03-26 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585166895728-OB6ZQYML0VWQX1L67XHB/Picture1.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585166929979-CTD1SXEQXY8GUYC2ZP8H/Picture2.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585166967035-JWC4Y816DPPCKE0U1EJW/Picture3.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585167018853-8XNFITKMR0PJAPGXXJDK/structuredquery-readpropvariant-bindiff.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585167064711-LYEZ10HTNLOW37UJTPF6/Picture5.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585167095424-RE6A09TLGUOJIXH0P3PS/Picture6.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585167123979-BAF56LDHGNG2XK2AXJZ8/Picture7b.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585167150594-TGWNSHGLSH8CYNN5996Z/Picture8.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585168908869-P5OGSXYL2OE7TC43GV0Y/Picture9.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585168970007-ARGS9G2MWMM6FBINXOJ2/Picture10.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169060536-5SQROARU17ZNEN5676ZE/Picture11.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169087879-VKTRKDK9H2G23TD736B4/Picture12.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169122328-PZK4GMWFS9CXJJSR3Z63/Picture13.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169164006-TFP2DW6Z2JW4UIOUDBAL/Picture14.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169369408-3WH7H6STL6F7R34HDH5C/Picture15.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169458647-RKJMVGPFRPWS2TGOPCHG/Picture16.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169497086-J7Z9M7AUO07QUNRHU8R7/Picture17.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169561545-29H7GR4UP1RRYNPHJVGB/Picture18.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169597575-S28ID4MGO9NRSXNKAXKM/Picture19.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169653287-FWVRB0OPYKQEMNU41CYK/Picture20.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169739870-W110K940JV2AXXMIQIDN/Picture21.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169786572-2TA6T142FA7KRC2Q5R1P/Picture22.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169829378-OVKW64VON2BAH59N7ZDU/Picture23.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169878262-HVD0FYNMNUWQ60KI52JT/Picture24.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169915247-79E5ASW3P8N6WTK8AUP7/Picture25.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585169987237-VDQGDPHDWH139NYMS2TI/Picture26.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585170030771-QYXWIR9WPL8RAYTY3OPP/Picture27.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585170096246-D27YZ48YQ2C2CZ1CG1QQ/Picture28.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1585170128175-URU450Z04SJOE8VPHFTU/Picture29.png Blog - CVE-2020-0729: Remote Code Execution Through .LNK Files https://www.thezdi.com/blog/2020/3/20/pwn2own-day-two-results-and-master-of-pwn monthly 0.5 2020-03-20 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1584715082984-7QVE82RMU13PTMD9EI4J/Attempt+%235Final.png Blog - Pwn2Own Day Two – Results and Master of Pwn Figure 1 – Phi Phạm Hồng of STAR Labs watches his Oracle exploit succeed https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1584716772539-FX8FA8FXPCYQFJIPZG6T/Attempt+%236Final.png Blog - Pwn2Own Day Two – Results and Master of Pwn Figure 2: The Fluoroacetate duo of Richard Zhu (top) and Amat Cama exploit Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1584717108600-WVAOZDCLRHOVXQAVRDFM/Attempt+%237Final.png Blog - Pwn2Own Day Two – Results and Master of Pwn Figure 3 - The Synactiv team of Bruno Pujos (top) and Corentin Bayet https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1584717209068-1OFVU7LX3BY6JEWZFQHI/MoP+Standings4.jpg Blog - Pwn2Own Day Two – Results and Master of Pwn Figure 4: Final Master of Pwn standings https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results monthly 0.5 2020-03-20 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1584628156468-2KECTIAOXXRN9D5PWP23/Attempt+%231Final.png Blog - Pwn2Own 2020 – Day One Results Figure 1 - Insu Yun of the Georgia Tech SSL Team confirms the root shell on his team’s exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1584628238656-NRPB65KQU309HQTFEYQT/Attempt+%232Final.png Blog - Pwn2Own 2020 – Day One Results Figure 2 - Richard Zhu observes his successful LPE https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1584628481323-KI4GYP1JOGZ5AW85XI33/Attempt+%233Final.png Blog - Pwn2Own 2020 – Day One Results Figure 3 - Manfred Paul smiles after escalating to root on Ubuntu Desktop https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1584628536472-WIW82Y7I7AOIEYPRV8F3/Attempt+%234Final.png Blog - Pwn2Own 2020 – Day One Results Figure 4 - Amat Cama (top) and Richard Zhu of Fluoroacetate observe their successful attempt https://www.thezdi.com/blog/2020/3/17/welcome-to-pwn2own-2020-the-schedule-and-live-results monthly 0.5 2020-03-20 https://www.thezdi.com/blog/2020/3/12/regarding-pwn2own-vancouver monthly 0.5 2020-03-12 https://www.thezdi.com/blog/2020/3/10/the-march-2020-security-update-review monthly 0.5 2020-03-18 https://www.thezdi.com/blog/2020/3/5/cve-2020-2555-rce-through-a-deserialization-bug-in-oracles-weblogic-server monthly 0.5 2020-03-05 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1583424321552-X6CBIDZME94Y3BN3V88Z/Picture1.png Blog - CVE-2020-2555: RCE Through a Deserialization Bug in Oracle’s WebLogic Server https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1583424364133-KUTLF8CKVG1H5E5KLJ3S/Picture2.png Blog - CVE-2020-2555: RCE Through a Deserialization Bug in Oracle’s WebLogic Server https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1583424556966-MR6REUNLV3RNVONVOPRC/Picture3.png Blog - CVE-2020-2555: RCE Through a Deserialization Bug in Oracle’s WebLogic Server https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1583424589822-34RROP4P8TQD9R2ABQ5B/Picture4.png Blog - CVE-2020-2555: RCE Through a Deserialization Bug in Oracle’s WebLogic Server https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1583424638241-EYWS6U8SHGOF8WUUGYJV/Picture5.png Blog - CVE-2020-2555: RCE Through a Deserialization Bug in Oracle’s WebLogic Server https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1583424671354-VW5N5AGOT5JASVICXFIJ/Picture6.png Blog - CVE-2020-2555: RCE Through a Deserialization Bug in Oracle’s WebLogic Server https://www.thezdi.com/blog/2020/3/3/announcing-remote-participation-in-pwn2own-vancouver monthly 0.5 2020-03-03 https://www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys monthly 0.5 2020-02-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1582586235810-1J5FLGY7QXYOT97AB86V/Picture1.png Blog - CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys Figure 1: Excerpt of the web.config file containing the static validationKey. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1582586317743-CVWGYNHLZVJPMQRSL9DY/Picture2.png Blog - CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1582586377995-8YWQF6V5WHTUU2G6G9J1/Picture3.png Blog - CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1582586415310-M0UNTZDKNGNPGAK8RF9I/Picture4.png Blog - CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1582586537160-O4XSRBN202Q29JBLMQR8/Picture5.png Blog - CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1582586579409-BY4G3O9YG1VBL1VP66IX/Picture6.png Blog - CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1582586631174-Y97QQUEX8TM61ZQV16VA/Picture9.png Blog - CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1582586693052-MHGSOTMH7GHCSF30WFE3/Picture10.png Blog - CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys https://www.thezdi.com/blog/2020/2/19/submission-advice-for-security-researchers monthly 0.5 2020-04-06 https://www.thezdi.com/blog/2020/2/11/the-february-2020-security-update-review monthly 0.5 2020-02-13 https://www.thezdi.com/blog/2020/2/9/announcing-a-targeted-incentive-program-for-selected-trend-micro-products monthly 0.5 2020-02-13 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581279457119-OIDYNM47NK6FY305C17L/Chart1.png Blog - Announcing a Targeted Incentive Program for Selected Trend Micro Products https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581280144302-TVO4BXKR7QYGFEH1WQ5Q/tables.png Blog - Announcing a Targeted Incentive Program for Selected Trend Micro Products https://www.thezdi.com/blog/2020/2/6/mindshare-dealing-with-encrypted-router-firmware monthly 0.5 2020-05-27 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581004420782-H8KEHN17TTFRYYYT7BRF/Picture1.png Blog - MindShaRE: Dealing with encrypted router firmware Fig 1. binwalk tosses its hands into the air, shrugs, and reports back nothing. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581004558438-UJV08PX8O5NVAQ6Z8HXI/Picture2.png Blog - MindShaRE: Dealing with encrypted router firmware Figure 2: Firmware release scenario 1 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581004627030-4CIFC09PV2SJGUGKG0CE/Picture3.png Blog - MindShaRE: Dealing with encrypted router firmware Figure 3: Firmware release scenario 2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581004769514-6X7ZOINAWV2BCZC8K1RY/Picture4.png Blog - MindShaRE: Dealing with encrypted router firmware Figure 4: Firmware release scenario 3 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581004925457-I3K2O3WTRBSYMI5R71LY/Picture5.png Blog - MindShaRE: Dealing with encrypted router firmware Figure 5: binwalk unable to identify anything in the firmware image https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581005004519-54A1EAWWAKM96ZOIKFZM/Picture6.png Blog - MindShaRE: Dealing with encrypted router firmware Figure 6: binwalk scan results for the early DIR-882 router firmware https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581005057213-3S6JY27XMX3VU3NURXDS/Picture7.png Blog - MindShaRE: Dealing with encrypted router firmware Figure 7: binwalk results for the unencrypted transition version and the first encrypted firmware https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581005103406-12SW6XKLM0HYEE7WNFOS/Picture8.png Blog - MindShaRE: Dealing with encrypted router firmware Figure 8: binwalk extracting the root file system for firmware version 1.04B02 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581005160632-0XT046IPEXKHAYE9UPUG/Picture9.png Blog - MindShaRE: Dealing with encrypted router firmware Figure 9: Directory contents of /bin for the extracted file system. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581005206715-94Z91PEFHNQMI9D8JMUO/Picture10.png Blog - MindShaRE: Dealing with encrypted router firmware Figure 10: Using QEMU to perform a cross-architectural chroot and decrypt the firmware https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1581005267449-N4DP5TFCCZIDF3MAW7D6/Picture11.png Blog - MindShaRE: Dealing with encrypted router firmware Figure 11: binwalk successfully detecting different sections of the decrypted firmware https://www.thezdi.com/blog/2020/1/30/looking-back-at-the-zero-day-initiative-in-2019 monthly 0.5 2020-01-30 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1580400360857-9ANY9YORWVXCE8V7RVSF/Advisories-YoY.png Blog - Looking Back at the Zero Day Initiative in 2019 Figure 1 - Advisories published from 2005 through 2019 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1580400455660-LS39IVONPGE5WK380421/CVSS-YoY.png Blog - Looking Back at the Zero Day Initiative in 2019 Figure 2 - CVSS scores of published advisories from 2015 through 2019 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1580400552005-Q8EIXUSDKSWEERCPWXYH/0days-YoY.png Blog - Looking Back at the Zero Day Initiative in 2019 Figure 3 – Portion of published ZDI advisories with no vendor fix available, by year https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1580400645590-38DHV7ZYKUX9CYQB6QUQ/Vendors-2019.png Blog - Looking Back at the Zero Day Initiative in 2019 Figure 4 - Advisories per vendor for 2019 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1580400725099-009GI0LGCB9U4JA4F7ZV/CWE-2019.png Blog - Looking Back at the Zero Day Initiative in 2019 Figure 5 - CWEs of published advisories in 2019 https://www.thezdi.com/blog/2020/1/21/pwn2own-miami-2020-schedule-and-live-results monthly 0.5 2020-01-24 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579814455267-Y54Z1Z6SAREWX3FBBULW/MoP6.png Blog - Pwn2Own Miami 2020 - Schedule and Live Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579704011366-731ITS7NLKO7TX48BXR4/foo.jpg Blog - Pwn2Own Miami 2020 - Schedule and Live Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579710432946-GGRIDSU3VCO1TIFUN96W/20200122_101445-01.jpeg Blog - Pwn2Own Miami 2020 - Schedule and Live Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579717374434-VWZGBYMZKZ1YIQW8BFU3/IMG_6788.jpg Blog - Pwn2Own Miami 2020 - Schedule and Live Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579720851815-X7ZPGOG7JSVYGZ7RX7U6/Day2-6.jpg Blog - Pwn2Own Miami 2020 - Schedule and Live Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579727632200-3OLVUNZH3IVWI5A688B8/Day2-8.jpg Blog - Pwn2Own Miami 2020 - Schedule and Live Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579792420055-A3QQ7CMHRPMBKU4BJOKD/Day3-1b.jpg Blog - Pwn2Own Miami 2020 - Schedule and Live Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579792220427-F79GAIED395BVN4MBU03/Day3-2.jpg Blog - Pwn2Own Miami 2020 - Schedule and Live Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579795461240-BHX12GU496BSQY7NZ8FR/Day3-3.jpg Blog - Pwn2Own Miami 2020 - Schedule and Live Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579807860321-ZBWNY42WTQM0CJ4VVSV2/Day3-7.jpg Blog - Pwn2Own Miami 2020 - Schedule and Live Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579810672186-Z3DIGGK7O47XJT3BO41M/Day3-8.jpg Blog - Pwn2Own Miami 2020 - Schedule and Live Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579814293634-S6E0GAXADB47WOLKVCR8/Day3-9.jpg Blog - Pwn2Own Miami 2020 - Schedule and Live Results https://www.thezdi.com/blog/2020/1/15/reliably-finding-and-exploiting-icsscada-bugs monthly 0.5 2020-01-16 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579190851916-0NGWMH6LPLVZYHPAAV50/Fig1.png Blog - Reliably Finding and Exploiting ICS/SCADA Bugs Figure 1: The Fuzzing Process https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579191013284-XF6EEC322W9E5TPUGS6E/Picture2.png Blog - Reliably Finding and Exploiting ICS/SCADA Bugs Figure 2: Crash Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579191075147-WYIB5NUVO6YHAOW6YA86/Picture3.png Blog - Reliably Finding and Exploiting ICS/SCADA Bugs Figure 3: Stack-based Buffer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579191576348-7XLM4TIQX5XW2NFS3EBX/Picture4.png Blog - Reliably Finding and Exploiting ICS/SCADA Bugs Figure 4: Root Cause https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579191632127-6REPIAPMZMAIICFNE5UA/Picture5.png Blog - Reliably Finding and Exploiting ICS/SCADA Bugs Figure 5: The remains of the stack https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579191747302-86WGHIMRQS5T8QEUW1BC/Picture6.png Blog - Reliably Finding and Exploiting ICS/SCADA Bugs Figure 6: Checking if the payload can be delivered remotely https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579192091182-HMM8O7OWLTT0EJ0AJ9HW/Picture7.png Blog - Reliably Finding and Exploiting ICS/SCADA Bugs Figure 7: Creating the cyclic pattern with mona https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579192143842-BTMDMH1PG9X5VCRK1IOL/Picture8.png Blog - Reliably Finding and Exploiting ICS/SCADA Bugs Figure 8: Crash based off of the cyclic pattern https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579192189163-9JWSASQ0QQQDYM119GYJ/Picture9.png Blog - Reliably Finding and Exploiting ICS/SCADA Bugs Figure 9: Finding the cyclic pattern with mona's findmsp function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579192477279-A287HJKNYHFG5GBO8K8K/Picture10.png Blog - Reliably Finding and Exploiting ICS/SCADA Bugs Figure 10: Suggested payload format, courtesy of mona https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579194512253-5XJ6L16JDIGYQ39594VM/Picture11.png Blog - Reliably Finding and Exploiting ICS/SCADA Bugs Figure 11: Using mona to find pop/pop/ret instructions https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579194723160-YYKRSY33QB7MHL9FIXZC/Picture12.png Blog - Reliably Finding and Exploiting ICS/SCADA Bugs Figure 12: The results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1579194760503-PJVAWQ05AO65EFFFOZ47/Picture13.png Blog - Reliably Finding and Exploiting ICS/SCADA Bugs Figure 13: Putting it all together https://www.thezdi.com/blog/2020/1/14/the-january-2020-security-update-review monthly 0.5 2020-01-14 https://www.thezdi.com/blog/2020/1/8/pwn2own-returns-to-vancouver-for-2020 monthly 0.5 2021-01-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1578507778978-LG8ZMCMDX899W6OAKI9Q/TeslaTier1.png Blog - Pwn2Own Returns to Vancouver for 2020 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1578507826286-PMWRJ9NYEN4BLDERGPMW/TeslaAddOn.png Blog - Pwn2Own Returns to Vancouver for 2020 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1578507873248-39IGLTVB9S7HA5Z9DDF0/TeslaTier2.png Blog - Pwn2Own Returns to Vancouver for 2020 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1578507915814-04KG6FSNAEESD0XBQLA4/TeslaTier3d.png Blog - Pwn2Own Returns to Vancouver for 2020 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1578582455941-MOIJ8L7B9FVFD0CJZEO0/Browsers4.png Blog - Pwn2Own Returns to Vancouver for 2020 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1578514216239-QN2A9DQFT9E9PJ96N1G6/Virtualization.png Blog - Pwn2Own Returns to Vancouver for 2020 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1578514337433-CPAPML05J8Z2FREATKI4/EnterpriseApps.png Blog - Pwn2Own Returns to Vancouver for 2020 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1578514445292-89NO39IHJVIZXU3ILWA2/Servers.png Blog - Pwn2Own Returns to Vancouver for 2020 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1578514634869-0W99JJTTT27KDN3NHZUJ/EoP.png Blog - Pwn2Own Returns to Vancouver for 2020 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1578514777523-Q8TYRZ82CEF7HQ0H2WMY/Microsoft-logo_rgb_c-gray.png Blog - Pwn2Own Returns to Vancouver for 2020 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1578514851354-W1HD72DNL269YHCSVE30/VMware_logo_gry_RGB_300dpi.jpg Blog - Pwn2Own Returns to Vancouver for 2020 https://www.thezdi.com/blog/2019/12/19/privilege-escalation-via-the-core-shell-com-registrar-object monthly 0.5 2019-12-20 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576789031110-EN5JQ0PO7RBIFF1J828J/Picture1.png Blog - Privilege Escalation Via the Core Shell COM Registrar Object Figure 1 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576789057523-L851QKJJD14KESIP9I1M/Picture2.png Blog - Privilege Escalation Via the Core Shell COM Registrar Object Figure 2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576789094073-VTM1YSU30L6YDN6F10MN/Picture2-5.png Blog - Privilege Escalation Via the Core Shell COM Registrar Object Figure 3 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576789164190-Y6NNI3925OAAA1FG8ZCE/Picture3.png Blog - Privilege Escalation Via the Core Shell COM Registrar Object Figure 4 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576789571847-JCOUJXCHUO7JG0DNAK21/Figure5.png Blog - Privilege Escalation Via the Core Shell COM Registrar Object Figure 5 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576789623942-GJNRSBH5PKKQ284FO7LG/Figure6.png Blog - Privilege Escalation Via the Core Shell COM Registrar Object Figure 6 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576789748867-K4AIY4OS7M1VDMB6EBY2/Figure7.png Blog - Privilege Escalation Via the Core Shell COM Registrar Object Figure 7 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576789810942-Y4YC4BN8GI403IL1OSD6/Figure8.png Blog - Privilege Escalation Via the Core Shell COM Registrar Object Figure 8 https://www.thezdi.com/blog/2019/12/18/regular-exploitation-of-a-tesla-model-3-through-chromium-regexp monthly 0.5 2019-12-19 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576702043798-44WYXL3ITGHCD832BIK6/Picture1.png Blog - Regular Exploitation of a Tesla Model 3 through Chromium RegExp https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576702087214-D7X3I8HQRUJHAU1ENNYH/Picture2.png Blog - Regular Exploitation of a Tesla Model 3 through Chromium RegExp https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576702134422-EZCCL8JWO6KBLE1Z12W2/Picture3.png Blog - Regular Exploitation of a Tesla Model 3 through Chromium RegExp https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576702300350-E0NRY4T5LWKUVUHG24QA/Picture4.png Blog - Regular Exploitation of a Tesla Model 3 through Chromium RegExp https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576702341579-D5QPWFSJZ4O33NTMUKQX/Picture5.png Blog - Regular Exploitation of a Tesla Model 3 through Chromium RegExp https://www.thezdi.com/blog/2019/12/18/looking-back-at-the-impact-of-cve-2019-0604-a-sharepoint-rce monthly 0.5 2019-12-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576683995871-AEG4Y6KH5UNW58781MO0/filterhits2.png Blog - Looking Back at the Impact of CVE-2019-0604: A SharePoint RCE Figure 1 - TippingPoint filter hits for CVE-2019-0604 from July to December 2019 https://www.thezdi.com/blog/2019/12/16/local-privilege-escalation-in-win32ksys-through-indexed-color-palettes monthly 0.5 2019-12-17 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576549816073-YOP12N4FY9VFL69LNZVR/img1.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576549857243-S1TCMX50RRI5K5ZNTO0J/img2.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576549919154-99O9PKKWVNRBQ1J0DY6W/img3.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576549954175-ASULYFFLJRSX2ZBNE49J/img4.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576550001800-J6TS4GR7GYE98QLF6633/img5.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576550163716-HHRUNH5LHS7U3B1W0BA4/img6.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576550196492-47FJKLKWSLHOMB79J1VU/img7.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576550226491-PG8HM88Z98UHO3YNF8CC/img9.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576550261506-D0F53F3FLLJC5XKS5OJ0/img10.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576550360649-11DUMME3RIEIJYUE8GAY/img11.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576550506763-MYWJRL0HHN8UJ5LAFPUB/img12.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576550697658-K5UD0JOOKV6AFD5GL4A1/img13.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576550755010-EWG3FD1Z45Z37Z7WHQ6E/img14.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576551238597-4KCUPQRKEXIIMGDPM605/pic1.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576551273991-GJR47XZYFXE86Q348313/Pic2.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576551306181-2AVX1OJCHS9C5OY5LOSO/Pic3.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576551343214-FWLQB2LWHBBIW2UZ1BSL/Pic4.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576551654281-53311QDI29C2AUZLF96S/img15.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576551829120-FPUXPRL3DLGTEB6QSJIY/img16.png Blog - Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes https://www.thezdi.com/blog/2019/12/15/syncing-out-of-the-firefox-sandbox monthly 0.5 2019-12-16 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576444345484-ANANZFQIEJYZMTUKWOOT/Picture1.png Blog - Syncing out of the Firefox sandbox https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576444420852-MREWAOJEN8VUBDLIAQ0A/Picture2.png Blog - Syncing out of the Firefox sandbox https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576444458273-WMKJ5PHE12IGMEKDXO5N/Picture3.png Blog - Syncing out of the Firefox sandbox https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576444486044-8D1EUR4B3CV4M8RVV9SK/Picture4.png Blog - Syncing out of the Firefox sandbox https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1576444512262-IC98932TV14T2ZSMDJVV/Picture5.png Blog - Syncing out of the Firefox sandbox https://www.thezdi.com/blog/2019/12/10/the-december-2019-security-update-review monthly 0.5 2019-12-10 https://www.thezdi.com/blog/2019/12/4/cve-2019-9512-a-microsoft-windows-http2-ping-flood-denial-of-service monthly 0.5 2019-12-06 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1575488152567-S78QI0PHPOCIA93RB7IY/Image1.png Blog - CVE-2019-9512 – A Microsoft Windows HTTP/2 Ping Flood Denial of Service https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1575488265573-9NEMFZDT56HFJGQHPVGH/Image2.png Blog - CVE-2019-9512 – A Microsoft Windows HTTP/2 Ping Flood Denial of Service https://www.thezdi.com/blog/2019/12/2/mindshare-hardware-reversing-with-the-tp-link-tl-wr841n-router-part-2 monthly 0.5 2020-05-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1575301047790-JJXKSRWPO4H8FQ03Q8KE/code1.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router - Part 2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1575301092093-KHLRRMKGCEUQDHOK0WXQ/Picture1.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router - Part 2 Figure 1 - Disassembly of the vulnerable “http_parser_main()” function. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1575301248469-UBMCMTJ8N0XPI185A8NA/code2.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router - Part 2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1575301290257-OAZ7M3HCVAHQGVSS5PPL/Picture2.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router - Part 2 Figure 2 - A snippet of the disassembled “http_parser_argStrToList()” function. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1575301366735-KTGIU7W059HYBHLMN799/Picture3.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router - Part 2 Figure 3 - A snippet of the exploit code for ZDI-19-992 https://www.thezdi.com/blog/2019/11/25/diving-deep-into-a-pwn2own-winning-webkit-bug monthly 0.5 2020-04-16 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574711068171-B1NEQQ35V75BQ4Q41YH2/PoC.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574711877677-XVVMG1YEZYCD6PCVOKRK/debug1.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574711109779-9X80K19TW6AGYE9MTKPO/PoC-sample.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574711365186-R9IK5HXW7E7GM6TI748K/debug2.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574712043418-6LB76JN8I2CAURUW9V55/source1.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574714934080-CENEW4KG14GEK188MI2F/r1.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574715318799-L3XX97SC7V0W2UJIO7NH/debug3.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574715365337-E9Z1W50A1RH0QO1ZA5K5/debug4.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574716185716-TXV5NZI834TUD6G82SJ1/snip1.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574716224614-D08DI00N2EHIMJH8US9O/debug5.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574717089623-4YPKK1JPXAWTATTJCESW/debug6.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574717122998-YARDJJ0CZ02YOZOE0Q6Q/debug7.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574717163568-QIPOCYN0QB4Y3A81FV6Y/debug8.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574717236628-82I3NNR7ZRAH0EVS1OJN/debug9.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574717349603-OMT7CS51B8A86VJ2NL4G/debug10.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574717391705-ATEU28DP4FLEGEA40R15/debug11.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574717429720-QLPVCCWN5AR92GP7M7G3/debug12.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574717480730-5MJPQTKJJGVWK18BO2EC/debugscript.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574717518734-5X0TCGL9UGD3RS2FBFXK/debugout.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574717597425-7KLTCNXLSBCXYYN6TLI8/bigdebug.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574717638982-2LB9PII06BLAI2FQ7BE4/PoC-sample3.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574717701608-Q4F846NJRK9W8R4GME2H/debug13.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574718282215-FCDGBF85J3TIWXUVTM48/debug14.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574718490275-SE29CR692GAUJL0AHH15/PoC-sample4.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574718535940-MT6A5Y9XA83Q5OSX8YK4/Function_F.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574718592548-89G748J5KYK0Y6X4VUUR/debug15.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574718733433-KTTA434IX2QUGSYVSRIL/debug16.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574718779228-QYZ2D8UTMW2XSVUF5VO0/debug17.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574718823929-4W8P7SAYYU4HJ1V60DPF/debug18.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574718868325-5ZMKZ3ACBATDA8V3DIUD/debug19.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574719004098-Q03RQBCPJFMNGD30FJPY/primitive1.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574719058526-L869E5UN5LJLD4TSZZVF/primitive2.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574719099478-Y450IX1N5MV7U4223FVM/visualize.jpg Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574719152918-GX2MP336MOCIZQP4ENBZ/primitive3.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574719213604-TVPIQWB1WNSP5EZY3IUV/primitive4.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574719309845-E9WD6XX39YBJRIITRPMF/primitive5.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574719355031-3AVWFD5PCM02W977S5BB/primitive6.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574719397190-XZ1F4HZZP63CK8Y2ZBDD/primitive7.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574719458174-ZI2PWI23H5X68CGAIQYI/jsobject.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574720305626-TDI7B0U8E9EJV04TXJ86/primitive8.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574720346581-QH3N9SHJA0U4Z7DW4N1Y/primitive9.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574720389580-1KXJW0JYXO1XXIHMO8ON/primitive10.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574720440629-08BLLSVOO1SS6DOC7Y2A/primitive11.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574720480729-WCX94T9UZS2MJ9VGCJNK/primitive12.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574720521660-ANZE0R75NX4YO12BFVDN/primitive13.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574720583075-PSXSA22CYST00XVT0576/primitive14.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574720663652-LR1BO6NIEHHI7WZG1S6O/primitive15.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574720719448-FH0URMXKV3FOH67H2IXN/primitive16.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574720740116-R92RFX5I6EGRRK4Q84WO/primitive17.png Blog - Diving Deep Into a Pwn2Own Winning WebKit Bug https://www.thezdi.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege monthly 0.5 2019-11-19 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573837015682-JPWL4FH9DRXCVW7U8FWU/Picture1.png Blog - Thanksgiving Treat: Easy-as-Pie Windows 7 Secure Desktop Escalation of Privilege https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574092814399-85YRCH1O5LQOKA14O0MM/Picture2.png Blog - Thanksgiving Treat: Easy-as-Pie Windows 7 Secure Desktop Escalation of Privilege https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574092853018-DSAZP0LHB8POYK5MA3I1/Picture3.png Blog - Thanksgiving Treat: Easy-as-Pie Windows 7 Secure Desktop Escalation of Privilege https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574092890672-EFFMF6TFUD7VNYHMMT6G/Picture4.png Blog - Thanksgiving Treat: Easy-as-Pie Windows 7 Secure Desktop Escalation of Privilege https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1574093034979-YGNV70OJS413F3VK8NTD/Picture5.png Blog - Thanksgiving Treat: Easy-as-Pie Windows 7 Secure Desktop Escalation of Privilege https://www.thezdi.com/blog/2019/11/12/the-november-2019-security-update-review monthly 0.5 2019-11-13 https://www.thezdi.com/blog/2019/11/7/pwn2own-tokyo-2019-day-two-final-results monthly 0.5 2019-11-09 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573115908632-6PSBNUIHBY0N02YKSZSE/DSC02737.JPG Blog - Pwn2Own Tokyo 2019 – Day Two Final Results Richard Zhu and Amat Cama of Fluoroacetate https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573116106429-CT0A0TODS98R90MKIY4Y/DSC02763.JPG Blog - Pwn2Own Tokyo 2019 – Day Two Final Results ZDI’s Abdul-Aziz Hariri and Richard Zhu of Fluoroacetate https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573116237200-NC67DMHLFP2W5XX77ZQJ/DSC02772.JPG Blog - Pwn2Own Tokyo 2019 – Day Two Final Results Pedro Ribeiro of Team Flashback https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573113161988-EV56NVOBRYSL6OQ9SK1J/snake.gif Blog - Pwn2Own Tokyo 2019 – Day Two Final Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573116518702-FYIOJ5O1KPGBLXWB7W9Q/DSC02798.JPG Blog - Pwn2Own Tokyo 2019 – Day Two Final Results ZDI’s Jasiel Spelman configures a device with Max Van Amerongen of F-Secure Labs https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573116714879-0J19IC8YEL40V62HSMWS/DSC02827.JPG Blog - Pwn2Own Tokyo 2019 – Day Two Final Results Team Fluoroacetate showing their exfiltrated photo https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573116790868-NDNCZK0T3MTXQGACP10O/Trophy0.jpg Blog - Pwn2Own Tokyo 2019 – Day Two Final Results Master of Pwn winners Richard Zhu and Amat Cama of Team Fluoroacetate https://www.thezdi.com/blog/2019/11/6/pwn2own-tokyo-2019-day-one-results monthly 0.5 2019-11-21 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573032926036-H3GA67DCLZQNHIEC4I2K/DSC02457.jpg Blog - Pwn2Own Tokyo 2019 – Day One Results Pedro Ribeiro and Radek Domanski of Team Flashback https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573033027194-QHBBV85APQ2JKIHW6B1T/DSC02508.jpg Blog - Pwn2Own Tokyo 2019 – Day One Results ZDI’s Abdul-Aziz Hariri and Richard Zhu of Fluoroacetate https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573033146566-CXAGKRR550YDB1LI265P/DSC02530.JPG Blog - Pwn2Own Tokyo 2019 – Day One Results Amat Cama and Richard Zhu of Fluoroacetate https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573033255503-H1ZTJEM6NB0D7133LW52/DSC02557.JPG Blog - Pwn2Own Tokyo 2019 – Day One Results Showing the exfiltrated picture https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573033635237-KXBK9NYYNSV32EG6J4K7/DSC02551.JPG Blog - Pwn2Own Tokyo 2019 – Day One Results Richard Zhu and Amat Cama of Fluoroacetate https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573033744697-NRJTBT17XHAT5MR0ONKS/DSC02580.JPG Blog - Pwn2Own Tokyo 2019 – Day One Results ZDI’s Abdul-Aziz Hariri and Jasiel Spelman observe Pedro Ribeiro and Radek Domanski of Team Flashback https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573034168187-GJTI0VPKSEWGLXEOSQ21/DSC02607.JPG Blog - Pwn2Own Tokyo 2019 – Day One Results Mark Barnes, Max Van Amerongen, and James Loureiro of F-Secure Labs) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1573034478627-9QRA8V8J1VLSZ7MLLH52/DSC02625.JPG Blog - Pwn2Own Tokyo 2019 – Day One Results ZDI’s Jasiel Spelman and Richard Zhu of Fluoroacetate https://www.thezdi.com/blog/2019/11/5/welcome-to-pwn2own-tokyo-2019-schedule-and-live-updating-results monthly 0.5 2019-11-07 https://www.thezdi.com/blog/2019/10/31/the-little-bitmap-that-couldnt monthly 0.5 2019-10-31 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572379053127-5PZCJ9GLLI9GMPZFPA46/Figure1.png Blog - The Little Bitmap That Could(n’t) Figure 1: The XLSX macro https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572379093014-H23NR0DFB9ZUKPCXHBBH/Figure2.png Blog - The Little Bitmap That Could(n’t) Figure 2: The Crash https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572379346667-R55VVU1LUA63Y7PA3S2S/Figure3.png Blog - The Little Bitmap That Could(n’t) Figure 3: MSDN specification on OleLoadPicturePath https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572379415603-EPD7G7ILG2W3FBE35VXC/Figure4.png Blog - The Little Bitmap That Could(n’t) Figure 4: Harness for OleLoadPicturePath in C++ https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572379705633-3JWHAKT9GZBES6CPKWQ6/Figure5.png Blog - The Little Bitmap That Could(n’t) Figure 5: Arguments to afl-fuzz.exe within a batch file https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572379756420-4LIYJL85EE54WPIQKMMH/Figure6.png Blog - The Little Bitmap That Could(n’t) Figure 6: WinAFL up and going https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572379805637-MM4O7R26CT8CE0N9JRZR/Figure7.png Blog - The Little Bitmap That Could(n’t) Figure 7: First result in under 5 minutes https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572379858368-BITB6GUQDPAUZC9RF0RE/Figure8.png Blog - The Little Bitmap That Could(n’t) Figure 8: I am a complete and utter failure https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572379897151-OYPEHIN4STG6G2APFQEQ/Figure9.png Blog - The Little Bitmap That Could(n’t) Figure 9: Out-Of-Bounds Read in oleaut32 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572379947754-CK09I8TV3JQS0N9ROC0B/Figure10.png Blog - The Little Bitmap That Could(n’t) Figure 10: Vindicated! https://www.thezdi.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world monthly 0.5 2020-07-28 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572198030028-8F1SA4MNNLCYZA5IE9DJ/ControlServer.png Blog - Pwn2Own Miami – Bringing ICS into the Pwn2Own World https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572198342087-U7EIGLQ82ZMVYZ33BN1R/OPC_UA.png Blog - Pwn2Own Miami – Bringing ICS into the Pwn2Own World https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572198566226-K2JA0ZY9DH2P1SONQZUP/DNP3.png Blog - Pwn2Own Miami – Bringing ICS into the Pwn2Own World https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572198740970-GTXEYEOVUZME2FINKNLR/HMI.png Blog - Pwn2Own Miami – Bringing ICS into the Pwn2Own World https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572198926368-WMTC6QM46CDTCA9RTW33/EWS.png Blog - Pwn2Own Miami – Bringing ICS into the Pwn2Own World https://www.thezdi.com/blog/2019/10/23/cve-2019-1306-are-you-my-index monthly 0.5 2019-10-24 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1571847736676-43HZ8SRQEE5PHRRMLUAW/call-graph.png Blog - CVE-2019-1306: Are you my Index? https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1571847801349-5JPHP7BPWE1HZLCJFNA3/Image1.png Blog - CVE-2019-1306: Are you my Index? https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1571847924641-HRISZVMTHM1QNA4NX88T/Image2.png Blog - CVE-2019-1306: Are you my Index? https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1571848167952-RKLA80EOJW0M5TB13N3G/Image3.png Blog - CVE-2019-1306: Are you my Index? https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1571848201597-F6OPTZVHWZSL7SSDD92E/Image4.png Blog - CVE-2019-1306: Are you my Index? https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1571848430327-E7XMPV4O2K65DQ8CZWIS/Image5.png Blog - CVE-2019-1306: Are you my Index? https://www.thezdi.com/blog/2019/10/17/cve-2019-12643-cisco-ios-xe-authentication-bypass-vulnerability monthly 0.5 2019-10-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1571322500581-JD2DGM11FKQW7QBU9L4P/image1.png Blog - CVE-2019-12643: Cisco IOS XE Authentication Bypass Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1571322555167-65QNG9N08R409U7ZQ2CW/image2.png Blog - CVE-2019-12643: Cisco IOS XE Authentication Bypass Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1571322820864-VEB6YMWWL4RV76OTELZA/image3.png Blog - CVE-2019-12643: Cisco IOS XE Authentication Bypass Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1571322854193-VIBN5IQ6A2A30G7MSF5U/image4.png Blog - CVE-2019-12643: Cisco IOS XE Authentication Bypass Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1571323041010-UBBR0JCXYV7M35YNTRQI/image5.png Blog - CVE-2019-12643: Cisco IOS XE Authentication Bypass Vulnerability https://www.thezdi.com/blog/2019/10/8/the-october-security-update-review monthly 0.5 2019-10-15 https://www.thezdi.com/blog/2019/10/3/cve-2019-8697-macos-system-escalation-via-disk-management monthly 0.5 2019-10-03 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1570114696276-0BE3SJ4K2262MERGKKVY/Picture1.png Blog - CVE-2019-8697: MacOS System Escalation Via Disk Management Figure 1 - Assigning function sub_10000C241 as a callback https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1570114737988-D0K1EHYUJSDI8TO02E6A/Picture2.png Blog - CVE-2019-8697: MacOS System Escalation Via Disk Management Figure 2 - Setting port rights https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1570114804279-M3HQJK1OLYUYAMRXNYL5/Picture3.png Blog - CVE-2019-8697: MacOS System Escalation Via Disk Management Figure 3 - msgh_id used as an index in a dispatch table located at off_1001AB6E0 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1570114846900-94NZRC59JGQJ09ZU3IOX/Picture4.png Blog - CVE-2019-8697: MacOS System Escalation Via Disk Management Figure 4 - Reply buffer allocated and mach port created https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1570114886293-R33KCV9JOO72AIN23WR2/Picture5.png Blog - CVE-2019-8697: MacOS System Escalation Via Disk Management Figure 5 - Adding key-value pairs of port and reply buffer to dictionary https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1570114940973-PB9NXIU2DZIOT9OGU48Y/Picture6.png Blog - CVE-2019-8697: MacOS System Escalation Via Disk Management Figure 6 - Setting up reply buffer via mig_reply_setup and calling RPC dispatcher https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1570114982465-ELQ27JYO5X8Q3TTGIX8D/Picture7.png Blog - CVE-2019-8697: MacOS System Escalation Via Disk Management Figure 7 - Arithmetic on length create a larger offset https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1570115069851-XL6QPRZFK9HMLN0U85EE/Picture8.png Blog - CVE-2019-8697: MacOS System Escalation Via Disk Management https://www.thezdi.com/blog/2019/9/24/cve-2019-0801-microsoft-office-uri-hyperlink-hijinks monthly 0.5 2019-09-24 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1569269546488-0YPBH458UCHLH92E7JTI/Picture1.png Blog - CVE-2019-0801: Microsoft Office Uri Hyperlink Hijinks https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1569269720134-WNBQ6P29I2994GGEFPM4/Picture2.png Blog - CVE-2019-0801: Microsoft Office Uri Hyperlink Hijinks https://www.thezdi.com/blog/2019/9/18/cve-2019-1257-code-execution-on-microsoft-sharepoint-through-bdc-deserialization monthly 0.5 2019-09-19 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1568841450673-K6X2EBMMG71NV7PQY9LG/Image1.png Blog - CVE-2019-1257: Code Execution on Microsoft SharePoint Through BDC Deserialization https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1568841578973-YIH2NDXZ1899M2PL4Z2X/Image2a.png Blog - CVE-2019-1257: Code Execution on Microsoft SharePoint Through BDC Deserialization https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1568841693290-N8M905T5YJ5MINVR33EH/powershell.png Blog - CVE-2019-1257: Code Execution on Microsoft SharePoint Through BDC Deserialization https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1568841732538-RIUMCIRVLX3A2O00HWR5/Image3b.png Blog - CVE-2019-1257: Code Execution on Microsoft SharePoint Through BDC Deserialization https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1568841772231-MZ4BVS7LI5SH8UDD4367/Image4a.png Blog - CVE-2019-1257: Code Execution on Microsoft SharePoint Through BDC Deserialization https://www.thezdi.com/blog/2019/9/16/patch-analysis-examining-a-missing-dot-dot-in-oracle-weblogic monthly 0.5 2019-09-17 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1568652256981-X8JGFTHAMH5U3Z8SPS43/Picture1.png Blog - Patch Analysis: Examining a Missing Dot-Dot in Oracle WebLogic Figure 1 - Directory Traversal Character Checks – With Comments Added https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1568652296989-HGXNWRC0EAFG68MY2Z8E/Picture2.png Blog - Patch Analysis: Examining a Missing Dot-Dot in Oracle WebLogic Figure 2 - The doUploadFile() Function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1568652350187-A6ANZW9JS99I9I34NXWC/Picture3.png Blog - Patch Analysis: Examining a Missing Dot-Dot in Oracle WebLogic Figure 3 - Code Changes from CVE-2019-2618 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1568652387872-R1VZDFJ0STKSU8IMZKWJ/Picture4.png Blog - Patch Analysis: Examining a Missing Dot-Dot in Oracle WebLogic Figure 4 - Exception Error for saveDir https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1568652431648-6MTD9ECZIB3QSSVC3F4D/Picture5.png Blog - Patch Analysis: Examining a Missing Dot-Dot in Oracle WebLogic Figure 5 - Demonstration the Directory Traversal https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1568652481063-RMEHMQGWT2U303XHJX1O/Picture6.png Blog - Patch Analysis: Examining a Missing Dot-Dot in Oracle WebLogic Figure 6 - Code Changes for CVE-2019-2827 https://www.thezdi.com/blog/2019/9/10/the-september-2019-security-update-review monthly 0.5 2019-09-14 https://www.thezdi.com/blog/2019/9/2/mindshare-hardware-reversing-with-the-tp-link-tl-wr841n-router monthly 0.5 2020-05-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567447034646-S5JPYV225S4T6HRN50NW/_DSC4555.JPG Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 1 - The TP-Link TL-WR841Nv14 Router https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567447096775-YQWNL6XZTPNCTD9ANSD5/_DSC4560.JPG Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 2 - Bottom of router https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567447163495-RKUIV7TFIN3TWF1M4JA1/_DSC4589.JPG Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 3 - Internal view of the router https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567447243045-LU412VV1CJTLQZI7WVRG/_DSC4599.JPG Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 4 - Close up view of the MEDIATEK MT7628NN SoC https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567447295131-2XA1SAVN5GCG7EY0V8AG/_DSC4602.JPG Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 5 - Close up view of the Zentel SDRAM https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567447345354-TCOKQIQ8HAEVJZO6AAOA/_DSC4620.JPG Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 6 - Close up view of the GigaDevice SPI Flash Memory https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567447411508-Z18BR87VJ02CDTELFCKO/_DSC4592.JPG Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 7 - Lower surface of PCB https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567447485840-OR8N98CXZKLEFMLY3WR5/_DSC4619.JPG Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 8 - Close up view of the UART debugging interfaces https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567447671211-J0HFFG0XMJUSWVG3D4MV/schematics.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 9 - Block diagram of the serial communication set up https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567448157385-QKT1NC4SHAT4K4KDLN5Q/got_shell.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 10 - Output from the UART https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567448274593-C7C8RG7DLL0GQPIAQK9V/step2.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 11 - Block diagram of the debugging set up in step 2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567448350869-HG1CI8JWXFW7MGXQU67P/SDS00004.jpg Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 12 - Initial oscilloscope output https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567448416291-MQW1GJZD1YVCSAVXE30J/ihave.jpg Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567448771789-QO9VL4CZ6218RD8NE43T/SDS00006.jpg Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 13 - Second oscilloscope reading https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567448887712-5H80ER10TTDVSTAKJ9GU/got+shell.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 14 - Bi-directional serial terminal https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567448961668-MEMJRB9TJEB5PZWFIQHD/_DSC4637.JPG Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 15 - Complete hardware setup https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567449014552-6GHFTXZ3JUE4NHU0QMDI/kernel.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 16 - Showing the Linux version https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567449087288-GHIASDYZHFI1137DXDKS/limited.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 17 - Available commands on the router shell https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567449168006-M4PIPJTKE2ZRGUTXHMXP/mount.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 18 - Determining the writeable locations on the device https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567449217947-XVKPYFTFA658ID07JQ1L/tftp_transfer.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 19 - Installing BusyBox and gdbserver https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567449274310-40E6EASH6S5C0OJB3JN5/busybox.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 20 - Available commands with full BusyBox installed https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567449351534-FEBTC3AGNN9ZO2VXXYXX/gdb_session.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 21 - Output from GDB Session https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567449489648-W2Z66XAG0K9S7S6V91M2/gdbscript.png Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567449526683-FQK4IPC6DCHX3YV7M63Y/gdb_session_crash.jpg Blog - MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router Figure 22 - Output from GDB Session Crash https://www.thezdi.com/blog/2019/8/26/announcing-pwn2own-tokyo-for-2019 monthly 0.5 2020-07-28 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566851293795-0AIWSQPHNOPG4YOYO1FA/Browsers.png Blog - Announcing Pwn2Own Tokyo for 2019 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566851343890-YS8B9EWERC93E6KN96H2/ShortDistance.png Blog - Announcing Pwn2Own Tokyo for 2019 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566851393054-MPU1JTA465IV15OKHKI1/Messaging.png Blog - Announcing Pwn2Own Tokyo for 2019 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566851448159-CB8W3ICDS0I0DQEEP1VH/Baseband.png Blog - Announcing Pwn2Own Tokyo for 2019 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1567015381236-VNBF7LOJKK52EONZLGGG/Wearable2.png Blog - Announcing Pwn2Own Tokyo for 2019 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566917191986-UHNUQM27CGNOIH7A4WF0/HomeAutomation2.png Blog - Announcing Pwn2Own Tokyo for 2019 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566851558261-FTVSQ7DSZB2D8YYXSGEO/Television.png Blog - Announcing Pwn2Own Tokyo for 2019 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1572996636261-P267O4KRDAYDIGTQ7PZU/Presentation2.jpg Blog - Announcing Pwn2Own Tokyo for 2019 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566851805122-S9JFBLDZZR0R7MD86O4J/combo-bluerp.png Blog - Announcing Pwn2Own Tokyo for 2019 https://www.thezdi.com/blog/2019/8/22/cve-2019-12527-code-execution-on-squid-proxy-through-a-heap-buffer-overflow monthly 0.5 2019-08-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566484728496-88EVMUNFA8WQ2JW4U9R6/Fig1.png Blog - CVE-2019-12527: Code Execution on Squid Proxy Through a Buffer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566484774675-CQH1FE55SS8C8QFMU9S6/Fig2.png Blog - CVE-2019-12527: Code Execution on Squid Proxy Through a Buffer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566484804559-ZMHXPSI4CK5KXY9FTYXA/Fig3.png Blog - CVE-2019-12527: Code Execution on Squid Proxy Through a Buffer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566485027096-OIXDB1NKUDITSEWZFTQE/Fig4.png Blog - CVE-2019-12527: Code Execution on Squid Proxy Through a Buffer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566485058671-9C3PJ7C6ATHBDB5D4QVX/Fig5.png Blog - CVE-2019-12527: Code Execution on Squid Proxy Through a Buffer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566497521209-8KKQF7D8PYI2ONJKPJ2L/fixed.png Blog - CVE-2019-12527: Code Execution on Squid Proxy Through a Buffer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566485130439-GXV5X4FCD73X96ZF7AY1/Fig7.png Blog - CVE-2019-12527: Code Execution on Squid Proxy Through a Buffer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566485165078-SQ7GGY5SHKCLZETJUUCW/attackpacket.png Blog - CVE-2019-12527: Code Execution on Squid Proxy Through a Buffer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1566485193466-TG3B0SCJ79ODFA71Z2AX/Fig3.png Blog - CVE-2019-12527: Code Execution on Squid Proxy Through a Buffer Overflow https://www.thezdi.com/blog/2019/8/15/taking-control-of-vmware-through-the-universal-host-control-interface-part-2 monthly 0.5 2019-08-19 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1565813413820-O8WWST3LYE1PR68J8797/Picture1.png Blog - Taking Control of VMware Through the Universal Host Control Interface: Part 2 Transfer Descriptor (TD) structure https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1565813468006-D9HOUN6OGSIO1DQFLNLT/Picture2.png Blog - Taking Control of VMware Through the Universal Host Control Interface: Part 2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1565813497548-S47L1R0RCTPH1A23SAAN/Picture3.png Blog - Taking Control of VMware Through the Universal Host Control Interface: Part 2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1565813528739-VIILB9X58S3ZSDQ7LA4Y/Picture4.png Blog - Taking Control of VMware Through the Universal Host Control Interface: Part 2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1565813556194-DYP9L6F8BLV4RV3SNLW9/Picture5.png Blog - Taking Control of VMware Through the Universal Host Control Interface: Part 2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1565813584072-MQ29LST64I0FO3N4X0J1/Picture6.png Blog - Taking Control of VMware Through the Universal Host Control Interface: Part 2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1565814536743-GB6FBHV5LTTC1VC2OE3Q/Picture7a.png Blog - Taking Control of VMware Through the Universal Host Control Interface: Part 2 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1565814819200-XEBRPG9UNVYAWLMPQOOD/Picture8.png Blog - Taking Control of VMware Through the Universal Host Control Interface: Part 2 https://www.thezdi.com/blog/2019/8/13/the-august-2019-security-update-review monthly 0.5 2019-08-13 https://www.thezdi.com/blog/2019/8/1/wipe-out-hanging-more-than-ten-on-your-old-belkin-surf-router monthly 0.5 2019-08-01 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564595908322-JEVWW40MR0FUN6YDD353/Picture1.png Blog - Wipe Out! Hanging (More Than) Ten On Your Old Belkin SURF Router Figure 1: A malicious UPnP request that triggers the vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564595949803-TBQHU9CT30B4GDSD7TKV/Picture2.png Blog - Wipe Out! Hanging (More Than) Ten On Your Old Belkin SURF Router Figure 2: Serial terminal crash log https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564595994665-RL7VBFTVOTKU2A5YSMA2/Picture3.png Blog - Wipe Out! Hanging (More Than) Ten On Your Old Belkin SURF Router Figure 3: Diagram showing the vulnerable `strcpy()` function calls https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564596048149-EW9FITLA1WPCCDY3UEBL/Picture4.png Blog - Wipe Out! Hanging (More Than) Ten On Your Old Belkin SURF Router Figure 4: Control flow diagram that highlights all vulnerable `strcpy()` calls within the function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564596139982-MLDV2943XFYQGRMH5ZGK/Picture5.png Blog - Wipe Out! Hanging (More Than) Ten On Your Old Belkin SURF Router Figure 5: Shows the hardcoded backdoors within in the firmware https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564596189409-1HNK53TX0EUCZP9L4K7I/Picture6.png Blog - Wipe Out! Hanging (More Than) Ten On Your Old Belkin SURF Router Figure 6: Shows an authentication HTTP request using the hardcoded “wlan_config” credentials https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564596259661-ET4YUK7BUR9ZENT521SF/Picture7.png Blog - Wipe Out! Hanging (More Than) Ten On Your Old Belkin SURF Router Figure 7: A malicious HTTP POST request with an overly long boundary value https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564596296066-7LVFGRNW2AI1SDKWSYFP/New_fig8.png Blog - Wipe Out! Hanging (More Than) Ten On Your Old Belkin SURF Router Figure 8: Disassembly showing the code around the vulnerable `strcpy()` call https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564596346351-R5GNCQP2LS6XRD9YBRTP/Picture9.png Blog - Wipe Out! Hanging (More Than) Ten On Your Old Belkin SURF Router Figure 9: Serial terminal crash log https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564596398143-MP99W9J415UXTLKSIDGZ/Picture10.png Blog - Wipe Out! Hanging (More Than) Ten On Your Old Belkin SURF Router Figure 10: A malicious DNS request https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564596437858-FIXL3882KBAGALP9UMUI/Picture11.png Blog - Wipe Out! Hanging (More Than) Ten On Your Old Belkin SURF Router Figure 11: Serial terminal crash log https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564596486643-GMLO3RDJI5WWZFGD18GT/New_fig12.png Blog - Wipe Out! Hanging (More Than) Ten On Your Old Belkin SURF Router Figure 12: Disassembly showing the code around the vulnerable memcpy() call https://www.thezdi.com/blog/2019/7/25/cve-2019-7839-coldfusion-code-execution-through-jnbridge monthly 0.5 2019-07-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564065443065-M6XQU2L4491J0O7591PM/1.png Blog - CVE-2019-7839: ColdFusion Code Execution Through JNBridge https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564065538399-Z80DTTDZQHCP9Q05UHU0/2combined.png Blog - CVE-2019-7839: ColdFusion Code Execution Through JNBridge https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1564065576836-3IVLBK3US9M3PGS3RG13/3combined.png Blog - CVE-2019-7839: ColdFusion Code Execution Through JNBridge https://www.thezdi.com/blog/2019/7/16/mindshare-automated-bug-hunting-by-modeling-vulnerable-code monthly 0.5 2020-05-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1563221237794-FYX7GL6IZ2YDTH6MODGY/1.png Blog - MindShaRE: Automated Bug Hunting by Modeling Vulnerable Code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1563221254590-LY8UT7737EP1TRDU9RAJ/2.png Blog - MindShaRE: Automated Bug Hunting by Modeling Vulnerable Code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1563221294064-YI31DKIRM3X48UW3LKN4/3.png Blog - MindShaRE: Automated Bug Hunting by Modeling Vulnerable Code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1563221383681-PJNZ33KO3F20UZ65EOSC/4.png Blog - MindShaRE: Automated Bug Hunting by Modeling Vulnerable Code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1563221438710-WYTQI6B9JBF62PJOY1X9/5.png Blog - MindShaRE: Automated Bug Hunting by Modeling Vulnerable Code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1563221470008-9V8FO3ASIMJ6KGPPEF2S/6.png Blog - MindShaRE: Automated Bug Hunting by Modeling Vulnerable Code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1563221523777-7LJHCQY5A84SZ680I414/7.png Blog - MindShaRE: Automated Bug Hunting by Modeling Vulnerable Code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1563221647882-1510TUM750U8FMGXP1P3/8.png Blog - MindShaRE: Automated Bug Hunting by Modeling Vulnerable Code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1563221728492-MH1QH6RLB69XNUTHN7PH/9.png Blog - MindShaRE: Automated Bug Hunting by Modeling Vulnerable Code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1563221787677-Y7YYC22ARXLC15NTRZTP/10.png Blog - MindShaRE: Automated Bug Hunting by Modeling Vulnerable Code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1563221837982-FCEJ00DJ8NHHPBOGIF77/11.png Blog - MindShaRE: Automated Bug Hunting by Modeling Vulnerable Code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1563221878937-FVCK382UIMTE5EE170MM/12.png Blog - MindShaRE: Automated Bug Hunting by Modeling Vulnerable Code https://www.thezdi.com/blog/2019/7/9/the-july-2019-security-update-review monthly 0.5 2019-07-09 https://www.thezdi.com/blog/2019/7/1/the-left-branch-less-travelled-a-story-of-a-mozilla-firefox-use-after-free-vulnerability monthly 0.5 2019-07-01 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1561993554860-EQ2MDRNX02TMSTEIOQVW/Picture1.png Blog - The Left Branch Less Travelled: A Story of a Mozilla Firefox Use-After-Free Vulnerability Figure 1 - Proof-of-Concept https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1561993597616-EAXAM5P9JLJPCBLOHIH9/Picture2.png Blog - The Left Branch Less Travelled: A Story of a Mozilla Firefox Use-After-Free Vulnerability Figure 2 - Crash and stack trace https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1561993813492-V0QGU5URMLO07BT0P2KV/Picture3.png Blog - The Left Branch Less Travelled: A Story of a Mozilla Firefox Use-After-Free Vulnerability Figure 3 - The xul.dll!NS_NewHTMLSelectElement Function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1561993851516-5CO6ITBRO1VGQCJ0ZS8D/Picture4.png Blog - The Left Branch Less Travelled: A Story of a Mozilla Firefox Use-After-Free Vulnerability Figure 4 - The mozilla::dom::HTMLSelectElement::HTMLSelectElement Function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1561993943907-ZWCG3E7XDJAJNEY0CI8S/Picture5.png Blog - The Left Branch Less Travelled: A Story of a Mozilla Firefox Use-After-Free Vulnerability Figure 5 - Program logic as seen in IDA https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1561994025693-CVYPVXKNFAG2TNS2MDS7/Picture6.png Blog - The Left Branch Less Travelled: A Story of a Mozilla Firefox Use-After-Free Vulnerability Figure 6 - Reaching the nsINode::ReplaceOrInsertBefore Function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1561994080783-0ZQDKKHZUL4W38EBVBYJ/Picture7.png Blog - The Left Branch Less Travelled: A Story of a Mozilla Firefox Use-After-Free Vulnerability Figure 7 - Calling the nsContentUtils::MaybeFireNodeRemoved Function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1561994140630-8DOYD7LUAOGDY90UFE35/Picture8.png Blog - The Left Branch Less Travelled: A Story of a Mozilla Firefox Use-After-Free Vulnerability Figure 8 - Triggering the Read Access Violation https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1561994180786-Q9O70AJ22N63SWFI93A0/Picture9.png Blog - The Left Branch Less Travelled: A Story of a Mozilla Firefox Use-After-Free Vulnerability Figure 9 - Avoiding the UAF via the AddRef Function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1561994253813-F8YU7PRPBYBBV8NFWSGI/Picture10.png Blog - The Left Branch Less Travelled: A Story of a Mozilla Firefox Use-After-Free Vulnerability Figure 10 - Patch details https://www.thezdi.com/blog/2019/6/20/remote-code-execution-via-ruby-on-rails-active-storage-insecure-deserialization monthly 0.5 2019-07-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1560968132448-5ZBVEPZYKHGFP1YR9XMR/Screen1.png Blog - Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1560968180111-IX537GM7CA3J5AND4JWE/Screen2.png Blog - Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1560968253831-U4N411DG87EC90EJ92ZD/Screen3.png Blog - Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1560968285621-M12B929DPI9LCQAY7M5T/Screen4.png Blog - Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1560968317973-8HO9VS7F6GEMFR039J10/Screen5.png Blog - Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1560968541914-5P3K4BXNV8I3JAPWC6AO/Screen6.png Blog - Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1560968621395-7I80VLJZQL7OCJN5T6HL/Screen7.png Blog - Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1560968731796-ALQRJIJIKCE6QTTNUXJT/PoC.png Blog - Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization https://www.thezdi.com/blog/2019/6/11/exploiting-the-windows-task-scheduler-through-cve-2019-1069 monthly 0.5 2019-06-11 https://www.thezdi.com/blog/2019/6/11/the-june-2019-security-update-review monthly 0.5 2019-06-11 https://www.thezdi.com/blog/2019/6/6/mindshare-hardware-reversing-with-the-belkin-surf-n300-router monthly 0.5 2020-05-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559776125939-5TMYKD7AI2JJTR1D3V83/Picture1.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 1 - The Belkin Surf N300 Router https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559776175171-F041QDRDFP32GUPV4QGZ/Picture2.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 2 - Underside of the Belkin Surf N300 Router https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559776226887-54DVH2KEHXKK3BVNT2QQ/Picture3.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 3 - Interior view of the Belkin Surf N300 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559776275417-NC2UMLKIBR6C63U7U3U1/Picture4.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 4 - Detail view of the Ralink RT3052F https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559776321935-DZXPT37BJ624V2PFBCNH/Picture5.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 5 - Detail view of the EtronTech EM638165TS SDRAM https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559776396293-ITE5REL9TN3A47UTNPTO/Picture6.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 6 - Back side of the printed circuit board https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559776441127-XWTHHE5GSZ7BDICWW820/Picture7.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 7 - Detail view of the Winbond W25Q16BVSIG SPI Flash chip https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559776494229-8T53N1S02NH6A6YG5IEK/Picture8.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 8 - Close up of the U5 JTAG debugging port https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559776571351-YBNF2APNIQYKKB854TV8/Picture9.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 9 - Close up of the J2 UART port https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559776679487-8YPBXWQ5765QV6TTIOPL/Picture10.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 10 - Confirming successful urjtag installation https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559776718601-IPA6MOLCHJ8OKJFMHG6Y/Picture11.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 11 - Finding the device PID https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559776764311-6AYBB23744R2TFS5JJOR/Picture12.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 12 - Communicating with the onboard CPLD https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559777096475-YWEODLHS981ULROL8AWJ/Picture13.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 13 - Communicating with and programming the Xilinx CPLD https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559777164436-AS8F0CG3CAIOGPKSCOXI/Picture14.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 14 - The completed hardware setup https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559778854612-4ZSTJV90DKNGI3NWOE1S/Picture15.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 15 - Showing communication via USB interface 0 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559778915579-OE3VJ0ABFD4LZ9T1BUYO/code.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559778946927-EY9Z3YZT7H06GV78FNJ1/Picture16.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 16 - OpenOCD has successfully established a connection with the target. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559779002353-1JASEG2MSFMDW19LAELY/Picture17.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 17 - Showing the OpenOCD connection, the telnet session, and the GDB debugging session established https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1559779101013-LYTPN2M1D3VXY438A559/Picture18.png Blog - MindShaRE: Hardware Reversing with the Belkin Surf N300 Router Figure 18 - GDB showing the program counter of the CPU set to 0x41414141 by the attacker https://www.thezdi.com/blog/2019/5/27/cve-2019-0708-a-comprehensive-analysis-of-a-remote-desktop-services-vulnerability monthly 0.5 2019-06-06 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558977994806-PZMX3DVFFXY35FXZU8FS/image1.png Blog - CVE-2019-0708: A Comprehensive Analysis of a Remote Desktop Services Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558978037506-DK7JYH84NIU67T0QJUYM/image2.png Blog - CVE-2019-0708: A Comprehensive Analysis of a Remote Desktop Services Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558978113082-26C34BHMXORSILTS9NKN/image3.png Blog - CVE-2019-0708: A Comprehensive Analysis of a Remote Desktop Services Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558978154259-BB4NNSL5URYAQM2KFVE8/image4.png Blog - CVE-2019-0708: A Comprehensive Analysis of a Remote Desktop Services Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558978197740-3G09DOJKD45PCTMPMFQQ/image5.png Blog - CVE-2019-0708: A Comprehensive Analysis of a Remote Desktop Services Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558978384525-T7W2VANOQJNIQ7MAOHSG/image6.png Blog - CVE-2019-0708: A Comprehensive Analysis of a Remote Desktop Services Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558978440506-6B22LPE1KVZ6MKNFG9N6/src-code.png Blog - CVE-2019-0708: A Comprehensive Analysis of a Remote Desktop Services Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558978523811-T13IQWA2E2P1ZXVW0H9D/image1.png Blog - CVE-2019-0708: A Comprehensive Analysis of a Remote Desktop Services Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558978618422-VYS2KVQQ05B6KMLTT0CQ/image7.png Blog - CVE-2019-0708: A Comprehensive Analysis of a Remote Desktop Services Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558978684166-3ZQSMI8N1AR1YT5KPB7C/image8.png Blog - CVE-2019-0708: A Comprehensive Analysis of a Remote Desktop Services Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558978730639-YD7QMW03UA9KROI0BTAU/image9.png Blog - CVE-2019-0708: A Comprehensive Analysis of a Remote Desktop Services Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558978874897-68MCQIRLFZWTR8BZKJM0/WinDbgAttached.jpg Blog - CVE-2019-0708: A Comprehensive Analysis of a Remote Desktop Services Vulnerability https://www.thezdi.com/blog/2019/5/21/rce-without-native-code-exploitation-of-a-write-what-where-in-internet-explorer monthly 0.5 2019-05-21 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558111944279-O7RJVWULI4QAXSZ8LMY8/1.png Blog - RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558125914664-F6BOPDZJHL4IOT178YN8/2c.png Blog - RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558112796469-XZ05VQ4A7RWXX7ZVVJ3D/3.png Blog - RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558117622362-YS8R7GQR59NP06SR6L1X/4.png Blog - RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558122760317-RJN78WRWNHCIGZZFIXCA/Picture5a.png Blog - RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer Figure 1: Using the gremlin as a read primitive https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558117897843-9OW8HKQ48JAKU701W6N3/Picture6.png Blog - RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer Figure 2: Building an arbitrary DWORD in memory https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558122879005-I4Q6ZRYDLGKPZV05A2MM/Picture7+copy.png Blog - RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer Figure 3: Leaking the address of a target object https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558118144033-KNKCGF78KWTM7XZ8KN51/Picture8.png Blog - RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer Figure 4: Dispatch-critical fields of a Scripting.Dictionary https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558127545657-ZGXFQ106L0HNS9IC7SO8/9a.png Blog - RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558127387741-JVAV7642F8DVQ13R9MF2/10a.png Blog - RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558127282663-A7NN0CBTJFU20OLWINW1/11a.png Blog - RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1558118760227-H8AE10XAQ9GDR3JU7OHL/exploit3.png Blog - RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer https://www.thezdi.com/blog/2019/5/14/the-may-2019-security-update-review monthly 0.5 2019-05-14 https://www.thezdi.com/blog/2019/5/13/updates-and-enhancement-to-the-targeted-incentive-program monthly 0.5 2019-05-13 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1557525264673-TD5CZLPB1X1JAJTI3KMP/tables-relaunch2.jpg Blog - Updates and Enhancements to the Targeted Incentive Program https://www.thezdi.com/blog/2019/5/7/taking-control-of-vmware-through-the-universal-host-controller-interface-part-1 monthly 0.5 2019-05-07 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1557239346191-FH85ZM5XS4L1AJPPP9BW/Picture1.png Blog - Taking Control of VMware Through the Universal Host Controller Interface: Part 1 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1557239394858-0JGVV1Q4H1UNXHOX16LQ/Picture2.png Blog - Taking Control of VMware Through the Universal Host Controller Interface: Part 1 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1557239424202-K85I7ZLDGJOCFQ772CB0/Picture3.png Blog - Taking Control of VMware Through the Universal Host Controller Interface: Part 1 https://www.thezdi.com/blog/2019/4/25/cve-2019-0726-an-rce-vulnerability-in-the-windows-10-dhcp-client monthly 0.5 2019-04-25 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1556202881945-6E504O9X28WU7GEDTIC1/pic1.png Blog - CVE-2019-0726: An RCE Vulnerability in the Windows 10 DHCP Client https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1556203529470-2GDM1MZ60Z7RV6XB7UYJ/pic2.png Blog - CVE-2019-0726: An RCE Vulnerability in the Windows 10 DHCP Client https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1556203745072-RNHAHH91XYQV7SGMEE72/pic3.png Blog - CVE-2019-0726: An RCE Vulnerability in the Windows 10 DHCP Client https://www.thezdi.com/blog/2019/4/18/the-story-of-two-winning-pwn2own-jit-vulnerabilities-in-mozilla-firefox monthly 0.5 2019-04-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1555597007582-WUHUSBTAC7WYSIATYBG5/Picture1.png Blog - The Story of Two Winning Pwn2Own JIT Vulnerabilities in Mozilla Firefox Fluoroacetate team (middle) demonstrates their Firefox exploit. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1555597057908-V5FXVT3GP4VQNRO0Z0D5/Picture2.png Blog - The Story of Two Winning Pwn2Own JIT Vulnerabilities in Mozilla Firefox https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1555597090717-1SJ0GINJCREOHWBPMG2X/Picture3.png Blog - The Story of Two Winning Pwn2Own JIT Vulnerabilities in Mozilla Firefox https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1555597118007-YU0XAFAT4JVR4SH2KEJW/Picture4.png Blog - The Story of Two Winning Pwn2Own JIT Vulnerabilities in Mozilla Firefox https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1555597146637-4Q8L9BYVIJ1YD28AXN0Q/Picture5.png Blog - The Story of Two Winning Pwn2Own JIT Vulnerabilities in Mozilla Firefox https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1555597196919-P6K4Q2Q0KDRV46L47ICQ/Picture6.png Blog - The Story of Two Winning Pwn2Own JIT Vulnerabilities in Mozilla Firefox Niklas Baumstark (bottom right) demonstrates his Firefox exploit as ZDI analysts observe https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1555597255896-G78Q6ACP9DWRZV3E3SBD/Picture7.png Blog - The Story of Two Winning Pwn2Own JIT Vulnerabilities in Mozilla Firefox https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1555597289896-RH1W6JMS1SKR5YIK4X3M/Picture8.png Blog - The Story of Two Winning Pwn2Own JIT Vulnerabilities in Mozilla Firefox https://www.thezdi.com/blog/2019/4/11/a-series-of-unfortunate-images-drupal-1-click-to-rce-exploit-chain-detailed monthly 0.5 2019-04-12 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1541545500076-KWQPQW1IMBDMJMFEH8BU/test-php-img.png Blog - A Series of Unfortunate Images: Drupal 1-click to RCE Exploit Chain Detailed https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1541545728094-VKL21XNJ1YVL422PULS0/test-php-results.png Blog - A Series of Unfortunate Images: Drupal 1-click to RCE Exploit Chain Detailed https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1541545668063-APDQ08FYL11MU9RPLFOE/pcre-vuln-code.png Blog - A Series of Unfortunate Images: Drupal 1-click to RCE Exploit Chain Detailed https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1541546055614-WWBGPMX6MGHY4SAPXGY5/sameple-html.png Blog - A Series of Unfortunate Images: Drupal 1-click to RCE Exploit Chain Detailed https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1541546160071-A8I0Y46PVGFW6FS5CRN4/phar-vuln-code.png Blog - A Series of Unfortunate Images: Drupal 1-click to RCE Exploit Chain Detailed https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1541547778508-UTLMJ5V5JAUL1C5V1JL0/blog-ZDI-CAN-7232-cat.jpg Blog - A Series of Unfortunate Images: Drupal 1-click to RCE Exploit Chain Detailed https://www.thezdi.com/blog/2019/4/9/the-april-2019-security-update-review monthly 0.5 2019-04-11 https://www.thezdi.com/blog/2019/4/3/loading-up-a-pair-of-qt-bugs-detailing-cve-2019-1636-and-cve-2019-6739 monthly 0.5 2019-04-03 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1554235803714-YG5IR6JFC1EIX697NYZP/Picture1.png Blog - Loading up a pair of Qt bugs: Detailing CVE-2019-1636 and CVE-2019-6739 Figure 1 - Registry entry that configures a custom URI scheme for Webex https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1554235872653-AGYN9BA8WPIGAEL4PDNN/Picture2.png Blog - Loading up a pair of Qt bugs: Detailing CVE-2019-1636 and CVE-2019-6739 Figure 2 - Code responsible for loading DLLs in Qt5Core.dll https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1554235904388-K4IQGO0PDHC5OANRAVCD/Picture3.png Blog - Loading up a pair of Qt bugs: Detailing CVE-2019-1636 and CVE-2019-6739 Figure 3 - Code that reads from /imageformats dir and starts parsing images https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1554236010779-PHX8A5WC6I63312RMQXZ/Picture4.png Blog - Loading up a pair of Qt bugs: Detailing CVE-2019-1636 and CVE-2019-6739 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1554236202089-V2PYGLM9QXDWOLI933II/Picture5.png Blog - Loading up a pair of Qt bugs: Detailing CVE-2019-1636 and CVE-2019-6739 Figure 4 - Metadata contents from a GIF parsing plugin https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1554236280600-3CY7CNFLELJBXZG1EU8H/Picture6.png Blog - Loading up a pair of Qt bugs: Detailing CVE-2019-1636 and CVE-2019-6739 Figure 5 - Registry entry that configures a custom URI scheme for Anti-Malware https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1554236334436-CE6B2G51TXUPMWCWY67Q/Picture7.png Blog - Loading up a pair of Qt bugs: Detailing CVE-2019-1636 and CVE-2019-6739 https://www.thezdi.com/blog/2019/3/22/pwn2own-vancouver-2019-wrapping-up-and-rolling-out monthly 0.5 2019-12-19 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1553297444794-O9WBB1OJNG5V46IY7MB1/IMG_20190322_130202.jpg Blog - Pwn2Own Vancouver 2019: Wrapping Up and Rolling Out The assembled crowd viewed from within the vehicle https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1553297657146-SCKA8SYHBZ0445M6WW8X/IMG_5782.JPG Blog - Pwn2Own Vancouver 2019: Wrapping Up and Rolling Out ZDI Analyst Jasiel Spelman prepares to run the demonstration from Richard Zhu https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1553298015929-CCZA6HO68OIF77SVJFQS/IMG_0068.jpg Blog - Pwn2Own Vancouver 2019: Wrapping Up and Rolling Out Master of Pwn winners Richard Zhu and Amat Cama - Team Fluoroacetate https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1553298128861-0DP9OHLUEQ25J34NW5L1/IMG_5789.JPG Blog - Pwn2Own Vancouver 2019: Wrapping Up and Rolling Out The Master of Pwn trophy and awarded laptops https://www.thezdi.com/blog/2019/3/21/pwn2own-vancouver-2019-day-two-results monthly 0.5 2019-03-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1553205441752-0W7FFV9W0SFWOJIQXMBL/IMG_6161.JPG Blog - Pwn2Own Vancouver 2019: Day Two Results Richard Zhu and Amat Cama demonstrate their Firefox exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1553205647421-XK6EC0NTE3SSNBV1JBF3/IMG_6171.JPG Blog - Pwn2Own Vancouver 2019: Day Two Results The Fluoroacetate duo of Amat Cama and Richard Zhu elevate from a browser to the host OS https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1553206258901-8SLXYD7ITVV75243F0VD/IMG_6202.JPG Blog - Pwn2Own Vancouver 2019: Day Two Results Niklas Baumstark targets Mozilla Firefox along with a sandbox escape https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1553213096953-0OHGMG2NA2D7MB620H7Z/IMG_6227.JPG Blog - Pwn2Own Vancouver 2019: Day Two Results Arthur Gerkis of Exodus Intelligence demonstrates his Microsoft Edge exploit https://www.thezdi.com/blog/2019/3/21/pwn2own-vancouver-2019-day-schedule-results-and-live-results monthly 0.5 2019-03-22 https://www.thezdi.com/blog/2019/3/20/pwn2own-vancouver-2019-day-one-results monthly 0.5 2019-03-21 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1553110713277-F9XBVOCHY0X8N49GDGSH/IMG_5873.png Blog - Pwn2Own Vancouver 2019: Day One Results Richard Zhu and Amat Cama (Team Fluoroacetate) target Apple Safari https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1553110902712-NGVVEDLQUWZDSB67B3IF/IMG_5909.JPG Blog - Pwn2Own Vancouver 2019: Day One Results Amat Cama and Richard Zhu (Team Fluoroacetate) demonstrate their Oracle VirtualBox exploits https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1553116105285-AJEUJCDKKSR735641LND/signal-2019-03-20-130232.jpeg Blog - Pwn2Own Vancouver 2019: Day One Results anhdaden of STAR Labs shows off his successful Oracle VirtualBox demonstration https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1553121826464-XTPI8U9LO5JWH5FVASYA/IMG_5934.JPG Blog - Pwn2Own Vancouver 2019: Day One Results Richard Zhu and Amat Cama (Fluoroacetate) show off their final success of Day One. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1553126387670-QQQG6UWGRE5T1P7V14YT/IMG_5954.JPG Blog - Pwn2Own Vancouver 2019: Day One Results The phoenhex and qwerty team show off their Safari exploit https://www.thezdi.com/blog/2019/3/20/pwn2own-vancouver-2019-the-schedule-and-live-results monthly 0.5 2019-03-22 https://www.thezdi.com/blog/2019/3/14/the-apple-bug-that-fell-near-the-webkit-tree monthly 0.5 2019-03-14 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1552511792093-63DLAZ7H82ETFGUJ2D0O/Picture1.png Blog - The Apple Bug That Fell Near The WebKit Tree https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1552511943739-S6S5H4FOCT3LF314ELMN/Picture2.png Blog - The Apple Bug That Fell Near The WebKit Tree https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1552512000389-H782WISLZD8Y0INS03C1/Picture3.png Blog - The Apple Bug That Fell Near The WebKit Tree https://www.thezdi.com/blog/2019/3/13/cve-2019-0604-details-of-a-microsoft-sharepoint-rce-vulnerability monthly 0.5 2019-03-13 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1552414711600-EKG78C2MPDBNB0HP673C/DecodeEntityInstanceId.gif Blog - CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability Figure 1 : Microsoft.SharePoint.BusinessData.Infrastructure.EntityInstanceIdEncoder.DecodeEntityInstanceId(string) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1552414920444-0JUGZ3ZRGVT9H736WCZT/fig2.png Blog - CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability Figure 2: Calls to Microsoft.SharePoint.BusinessData.Infrastructure.EntityInstanceIdEncoder.DecodeEntityInstanceId(string) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1552415536995-HSOLIAEL8ISKTI573WOR/Fig3.png Blog - CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability Figure 3: ItemPicker.ValidateEntity(PickerEntity) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1552415720628-3DTVGWSV14XLPEYMC9KJ/Fig4.png Blog - CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability Figure 4: EntityEditor.Validate() https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1552415852185-HDBWSI4O9UCPSXKTOIEN/Fig5.png Blog - CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability Figure 5: EntityEditor.LoadPostData(string, NameValueCollection) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1552418381706-LQ806OET81D5N4XY6YGQ/text1b.png Blog - CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1552418451131-4GJPH9UJOX3QOW6PY0YM/text2b.png Blog - CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1552416364232-AKORUFMU9K3ZI0F7D5T1/Fig6.png Blog - CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability Figure 6: Picker.aspx with Microsoft.SharePoint.WebControls.ItemPickerDialog https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1552417621000-PONI1C1E6659Q8PZ544A/Fig7.png Blog - CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability Figure 7: Break point at EntityInstanceIdEncoder.DecodeEntityInstanceId(string) with the encodedId value "__dummy" https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1552418220091-O9GSJ1ZRT9IBD2MJXQVC/text3b.png Blog - CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1552418123739-I8Z5AKMNLLKON4AODOB9/text4b.png Blog - CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability https://www.thezdi.com/blog/2019/3/12/the-march-2019-security-update-review monthly 0.5 2019-03-12 https://www.thezdi.com/blog/2019/3/6/webaccess-uncontrol monthly 0.5 2019-03-07 https://www.thezdi.com/blog/2019/2/28/finding-unicorns-when-the-c-compiler-writes-the-vuln monthly 0.5 2019-02-28 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1551366952324-3AEXTR13KSBCIT0B7T2Z/1.png Blog - Finding Unicorns: When the C++ Compiler Writes the Vuln https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1551367124273-UO5V3P1F7RI31S1Z3YKE/2.png Blog - Finding Unicorns: When the C++ Compiler Writes the Vuln https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1551367226392-BZAFDOERS19WLITY2AY1/3.png Blog - Finding Unicorns: When the C++ Compiler Writes the Vuln https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1551367334646-GCGRVM6XXALU4PQM7Q0U/4.png Blog - Finding Unicorns: When the C++ Compiler Writes the Vuln https://www.thezdi.com/blog/2019/2/12/the-february-2019-security-update-review monthly 0.5 2019-02-12 https://www.thezdi.com/blog/2019/2/6/using-the-weblinks-api-to-reach-javascript-uafs-in-adobe-reader monthly 0.5 2019-02-06 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1549384704181-3G5ERKO4Z3W9LK06PXMY/Picture1.png Blog - Using the Weblinks API to Reach JavaScript UAFs in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1549384724880-LYK6XQ4XDLN59V0ZL9OV/Picture2.png Blog - Using the Weblinks API to Reach JavaScript UAFs in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1549400284352-ZLGEH74O9RRC0KESX5J4/Picture3.png Blog - Using the Weblinks API to Reach JavaScript UAFs in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1549400305628-T50B6B8AEBZFL1M1RV6O/Picture4.png Blog - Using the Weblinks API to Reach JavaScript UAFs in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1549400396446-WCOYE9ZQ14CDXDQ0MGXQ/Picture5.png Blog - Using the Weblinks API to Reach JavaScript UAFs in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1549400538525-9V7KE7R6A1DX1ZHU717G/Picture6.png Blog - Using the Weblinks API to Reach JavaScript UAFs in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1549400649231-IN8Y1U89CY8563Q99H3L/Picture7.png Blog - Using the Weblinks API to Reach JavaScript UAFs in Adobe Reader https://www.thezdi.com/blog/2019/1/31/implementing-fuzz-logics-with-dharma monthly 0.5 2019-01-31 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548877539008-YX730LIT24K8UGBHMJ0G/Picture1.png Blog - Implementing Fuzz Logics with Dharma Figure 1: Proof of Concept for createIcon Use-After-Free https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548876291215-WBTGDDXGJ3OKZWADB7UB/Picture2.png Blog - Implementing Fuzz Logics with Dharma Figure 2: createIcon crash in WinDbg https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548877619348-I21YVQ1GTRUANMH9HUNC/Picture3.png Blog - Implementing Fuzz Logics with Dharma Figure 3: Sample Dharma grammar file https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548877703761-5411VUHKRIO9Z14ETVBC/Picture4.png Blog - Implementing Fuzz Logics with Dharma Figure 4: Dharma command line arguments https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548877747826-7SXWWG6L1C6EOTJQG5TL/Picture5.png Blog - Implementing Fuzz Logics with Dharma Figure 5: Dharma sample grammar file output https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548877958658-PWCIHR7AQM0633VHHJCC/Picture6.png Blog - Implementing Fuzz Logics with Dharma Figure 6: addField parameters, from the JavaScript for Acrobat API Reference https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548878110348-809PT3H3SUBF4SV4HM5K/Picture7.png Blog - Implementing Fuzz Logics with Dharma Figure 7: Basic addField Dharma template https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548878177449-31QIZZ833HKYNL48F8VQ/Picture8.png Blog - Implementing Fuzz Logics with Dharma Figure 8: Sample output from baseline Dharma addField template https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548878229956-RW7O2Y294ZVCCE36NHNE/Picture9.png Blog - Implementing Fuzz Logics with Dharma Figure 9: Expanding on the addField grammar file https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548878293903-VUZZ3JZ1HMRSHQTKH9C6/Picture10.png Blog - Implementing Fuzz Logics with Dharma Figure 10: Setting properties on the Field object https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548878343881-L1OKAFTWOCIQDSASTQ2W/Picture11.png Blog - Implementing Fuzz Logics with Dharma Figure 11: New definition statement broken into multi-lines for ease of reading https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548878540776-EYC6NDDV4G71IMULVX7E/Picture12.png Blog - Implementing Fuzz Logics with Dharma Figure 12: Adding the option to select the free’d item https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548878607183-NJ93V6NVDIY605DBG1XV/Picture13.png Blog - Implementing Fuzz Logics with Dharma Figure 13: Generated JavaScript with our baked-in freeing function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548878679906-C2T75W20NAJJFXLYK585/Picture14.png Blog - Implementing Fuzz Logics with Dharma Figure 14: PoC for ZDI-18-1198 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1548878750991-NJW3WKWTSUL86FJJCWLL/Picture15.png Blog - Implementing Fuzz Logics with Dharma Figure 15: UAF for display() https://www.thezdi.com/blog/2019/1/29/of-isos-and-attorneys-legal-action-in-vulnerability-disclosure monthly 0.5 2019-01-29 https://www.thezdi.com/blog/2019/1/17/the-zdi-2018-retrospective monthly 0.5 2019-01-17 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547674108559-N7XR9A7NNJV0XQQIQ552/Figure+1+copy.jpg Blog - The ZDI 2018 Retrospective Figure 1 - Vendor count of published advisories for 2018 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547740088059-RX26RF9299ASQ2G7UN01/Figure+2+copy.jpg Blog - The ZDI 2018 Retrospective Figure 2 - Vendor count of published advisories - 2015-2018 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547740224186-VJ0IG3G3GZWJICMY1SBG/Figure+3+copy.jpg Blog - The ZDI 2018 Retrospective Figure 3 - Source https://portal.msrc.microsoft.com/en-us/security-guidance/acknowledgments https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547740289031-C9Y30EVF5I55WH6CBZ4J/Figure+4+copy.jpg Blog - The ZDI 2018 Retrospective Figure 4 - CVSS Distribution of Published Advisories https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547740391151-WH4M2731QSZ9CBAZRWWC/Figure+5+copy.jpg Blog - The ZDI 2018 Retrospective Figure 5 - Published advisories per year https://www.thezdi.com/blog/2019/1/14/pwn2own-vancouver-2019-tesla-vmware-microsoft-and-more monthly 0.5 2019-03-05 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547060876978-VFFZ8A0N82ST7GYS1KQ8/01-Tesla_Table.png Blog - Pwn2Own Vancouver 2019: Tesla, VMware, Microsoft, and More https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547223639574-HS17CN1VELKWBUKTAGWX/02e-Tesla_Addon.png Blog - Pwn2Own Vancouver 2019: Tesla, VMware, Microsoft, and More https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547061120001-P68F44N1BCBQTRPPQXRJ/03-Virtualization_Table.png Blog - Pwn2Own Vancouver 2019: Tesla, VMware, Microsoft, and More https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547061166087-IR4E7IOUP6TGSF1SIT48/04-Virtualization_Addon.png Blog - Pwn2Own Vancouver 2019: Tesla, VMware, Microsoft, and More https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547061209518-LPL44PQ5IWHO8WOYOKLR/05-Browser_Table.png Blog - Pwn2Own Vancouver 2019: Tesla, VMware, Microsoft, and More https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547061250477-4Z34ALYB6ERJVM24GTRX/06-Browser_Addon.png Blog - Pwn2Own Vancouver 2019: Tesla, VMware, Microsoft, and More https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547061282422-OMVQU4CDNMGEYOT07V76/07-Enterprise.png Blog - Pwn2Own Vancouver 2019: Tesla, VMware, Microsoft, and More https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547061321993-GISHQXL2B5PIZS9JNP47/08-Server_side.png Blog - Pwn2Own Vancouver 2019: Tesla, VMware, Microsoft, and More https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547061511210-3KM34S9DRA09JO1FZCOD/Microsoft-logo_rgb_c-gray.png Blog - Pwn2Own Vancouver 2019: Tesla, VMware, Microsoft, and More https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1547061652256-D8SSOP1XOLTL8VL1DQ7J/1000px-Vmware.svg.png Blog - Pwn2Own Vancouver 2019: Tesla, VMware, Microsoft, and More https://www.thezdi.com/blog/2019/1/8/the-january-2019-security-update-review monthly 0.5 2019-01-08 https://www.thezdi.com/blog/2018/12/21/zdi-18-1372-the-elegant-bypass monthly 0.5 2018-12-21 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545408757898-8JP4GAWBW6YSBCQ05V9O/Picture1.png Blog - ZDI-18-1372 – The Elegant Bypass https://www.thezdi.com/blog/2018/12/20/really-check-errors-pointing-to-the-object-of-your-desire monthly 0.5 2018-12-20 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545323066801-KPG1FQ7O8COZ231WEAXN/Picture1+copy.png Blog - Really Check Errors: Pointing to the Object of your Desire https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545238715309-SVZE1XFSQKD7W8YZQM27/Picture2.png Blog - Really Check Errors: Pointing to the Object of your Desire https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545242738591-5RR526AQYSL2D6ZFNEGN/Picture3.png Blog - Really Check Errors: Pointing to the Object of your Desire https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545323133221-I5UV9JPTZTJQFI38UOY3/Picture4+copy.png Blog - Really Check Errors: Pointing to the Object of your Desire https://www.thezdi.com/blog/2018/12/19/an-insincere-form-of-flattery-impersonating-users-on-microsoft-exchange monthly 0.5 2018-12-19 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545089090953-8STHGD5R6C826WNZDGU0/picture1.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545089184163-H0N1D04ED60JJ5GQJLA1/Picture2.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545089323751-3L5LGBJ8E5TVQEJBRQOY/Picture3.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545089389740-DS3MP8DRDAEQJDNPD7T9/Picture4.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545089768123-BQ5160EEUCX9HDSHSOJI/Picture5.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545089815101-4G3PKGT90WSMQSZYJ3W6/Picture6.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545089962631-Y7KYKC5841YG90KZCBCU/Picture7.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545090148434-ZR39FQK6A1D60DXZWUN6/Picture8.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545090179876-0KO4HP8UTKOV1FT5S6O5/Picture9.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545090224741-1UB5YAYDFLGV7NO5KCIC/Picture10.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545090260840-B5CGT8O78HZ1B8LIHL1Q/Picture11.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545097173425-IX5Y3EBMZKTU9OQFFUW0/Picture12.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545097217622-DZTXZQH4H39MPQ22U37A/Picture13.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545097258475-S5DOOU1X9OXOL09ILTAF/Picture14.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545097307970-M3E4VTHLJ0H9Y5W9XXPY/Picture15.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545097373309-GQJBJSOTVA6LPLVR7X50/Picture16.png Blog - An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange https://www.thezdi.com/blog/2018/12/18/top-5-day-two-electron-boogaloo-a-case-for-technodiversity monthly 0.5 2018-12-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545080201219-TLLPGU1A0ONJ2UCX72QZ/picutre1.png Blog - Top 5 Day Two: Electron Boogaloo - A case for technodiversity https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545080243018-Q77GQQ1BLNBE43BB4ARR/picutre2.png Blog - Top 5 Day Two: Electron Boogaloo - A case for technodiversity https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545080277023-1UV222DJMUQVGNQNC04Y/calc.png Blog - Top 5 Day Two: Electron Boogaloo - A case for technodiversity https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545080316035-P3NBUBH7JXRIYQ4891U9/picutre3.png Blog - Top 5 Day Two: Electron Boogaloo - A case for technodiversity https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545080469505-QXL0IL55729QZ850JH06/picture4.png Blog - Top 5 Day Two: Electron Boogaloo - A case for technodiversity https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545080542101-4GYWRL8EJV6TH779Q82X/picture5.png Blog - Top 5 Day Two: Electron Boogaloo - A case for technodiversity https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1545080607889-1EY7HF56PL6BGUW2KY6S/picture6.png Blog - Top 5 Day Two: Electron Boogaloo - A case for technodiversity https://www.thezdi.com/blog/2018/12/17/seeing-double-exploiting-a-blind-spot-in-memgc monthly 0.5 2018-12-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1544806386066-8XBO6BMF7PX63S3MGRI1/Picture1.png Blog - Seeing Double: Exploiting a Blind Spot in MemGC Figure 1 - Annotated PoC https://www.thezdi.com/blog/2018/12/11/when-one-corruption-is-not-enough-analyzing-an-adobe-pwn2own-exploit monthly 0.5 2018-12-12 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1544563401139-40Q8T2CWE36E5O0ID5M5/Picture1.png Blog - When one corruption is not enough: Analyzing an Adobe Pwn2Own Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1544563707158-H7LKGTPPZ2ZTXFC65FK9/Picture2.png Blog - When one corruption is not enough: Analyzing an Adobe Pwn2Own Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1544563773241-JLYX05YT49OZPC7AEB0T/Picture3.png Blog - When one corruption is not enough: Analyzing an Adobe Pwn2Own Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1544563806467-EVX3RKUQOBI747ZWDESA/Picture4.png Blog - When one corruption is not enough: Analyzing an Adobe Pwn2Own Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1544563841948-67XS7JFPY5W8Z5N7URSL/Picture5.png Blog - When one corruption is not enough: Analyzing an Adobe Pwn2Own Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1544563881498-Y28VAIIH9S0SNOI9JW77/Picture6.png Blog - When one corruption is not enough: Analyzing an Adobe Pwn2Own Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1544564528093-INKG3CN28JXT346DAS9V/Picture7.png Blog - When one corruption is not enough: Analyzing an Adobe Pwn2Own Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1544564556994-GMW5B4615GY4ZXDDM392/Picture8.png Blog - When one corruption is not enough: Analyzing an Adobe Pwn2Own Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1544564606887-XFHM193C325XGBQ204AX/Picture9.png Blog - When one corruption is not enough: Analyzing an Adobe Pwn2Own Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1544564695619-IFN5S7PVPY31T2JHOP66/Picture10.png Blog - When one corruption is not enough: Analyzing an Adobe Pwn2Own Exploit https://www.thezdi.com/blog/2018/12/11/the-december-2018-security-update-review monthly 0.5 2018-12-11 https://www.thezdi.com/blog/2018/12/4/directx-to-the-kernel monthly 0.5 2018-12-04 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543793915170-I1EYWR691PUIVEPYOBNU/Picture1.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543793939136-CYGNNLEI0WQHJ8I6C5CE/Picture2.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543793972615-XJ3ML5PVHSKXC9M5D2T4/Picture3.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543793998391-P6OPE4R5C875GFI4Q7RB/Picture4.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543794036445-7ZAGW7U5MJA530U9OJP8/Picture5.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543794232396-LFSD8ZUPYXDNLW848EIZ/Picture6.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543794273579-QPHH7Y2TB0B9FHMUZBLM/Picture7.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543794298125-4K7ZQ8J8MS75D7PCKWG0/Picture8.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543794330996-134UIL7XTQWYI3D3G72M/Picture9.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543794456466-7GYKJ06N3XXO51T4BUWH/Picture10.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543794483779-VWR5P7HB9NUDWWZ11XDB/Picture11.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543794529158-FNW2L3QEWSATH3PDR2UY/Picture12.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543794567896-ASTSO2U2UGVZG1KXK3A9/Picture13.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543794706635-JBYWXEAABVEKS4V6NU8K/Picture14.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543794746630-WOEYC6LKY7AS18PRA595/Picture15.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543794790783-NW0213IKETPIOY8SM2VQ/Picture16.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543794839887-XGKN44TUYTA2AMVLI1QK/Picture17.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543794963888-Y1OK8OZ1ATB3EWOL3W7V/Picture18.png Blog - DirectX to the Kernel https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1543795005329-JDS2BYQE3X8QDCQ1P5KP/Picture19.png Blog - DirectX to the Kernel https://www.thezdi.com/blog/2018/11/14/pwn2own-tokyo-2018-day-two-results-and-master-of-pwn monthly 0.5 2019-11-07 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1542181423066-BP3Y4L91KG8OP70UFIKD/DAY+2+PROBA+1.00_00_30_03.Still003.jpg Blog - Pwn2Own Tokyo 2018 - Day Two Results and Master of Pwn https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1542181536016-RTQRV9PNV4HZQ9FSKVIC/_DSC0444.JPG Blog - Pwn2Own Tokyo 2018 - Day Two Results and Master of Pwn https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1542181690154-S028VEVAUU1S7RWK45XA/_DSC0481.JPG Blog - Pwn2Own Tokyo 2018 - Day Two Results and Master of Pwn https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1542183927756-AOQBCAM3TY7E4D8PQCIG/_DSC0567.JPG Blog - Pwn2Own Tokyo 2018 - Day Two Results and Master of Pwn https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1542184140821-ZX8AH8KJZWX79PM7OALS/_DSC0616.JPG Blog - Pwn2Own Tokyo 2018 - Day Two Results and Master of Pwn https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1542184045098-UA89UEY83G3Q5YU2QZH4/Dr8rVZ-VAAEkHOW.jpg Blog - Pwn2Own Tokyo 2018 - Day Two Results and Master of Pwn https://www.thezdi.com/blog/2018/11/13/pwn2own-tokyo-2018-day-two-schedule-and-updates monthly 0.5 2018-11-14 https://www.thezdi.com/blog/2018/11/13/the-november-2018-security-update-review monthly 0.5 2018-11-14 https://www.thezdi.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results monthly 0.5 2018-11-13 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1542094941494-WKICXNJA38M1SN1XKGV4/_DSC0272.JPG Blog - Pwn2Own Tokyo 2018: Day One Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1542095966234-I3PUV9LNLGP47ET2W8GH/_DSC0301.JPG Blog - Pwn2Own Tokyo 2018: Day One Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1542096054891-4OTL0E6C1BZKH3T08NTL/_DSC0318-2.jpg Blog - Pwn2Own Tokyo 2018: Day One Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1542096167825-OJL8VLRL4LBWAYM6H6OC/_DSC0339.JPG Blog - Pwn2Own Tokyo 2018: Day One Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1542096333711-31PL1MF7G13237U385AK/_DSC0403.JPG Blog - Pwn2Own Tokyo 2018: Day One Results https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1542096519762-KL50HHZH4LO8ESAFMM1P/_DSC0422.JPG Blog - Pwn2Own Tokyo 2018: Day One Results https://www.thezdi.com/blog/2018/11/12/welcome-to-pwn2own-tokyo-2018-day-one monthly 0.5 2018-11-13 https://www.thezdi.com/blog/2018/11/7/updates-and-new-targets-available-in-the-targeted-incentive-program monthly 0.5 2018-11-07 https://www.thezdi.com/blog/2018/10/31/preventative-patching-produces-pwn2own-participants-panic monthly 0.5 2018-10-31 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1540923956266-28KU58DMI0K2JUUBWWSD/Picture1.png Blog - Preventative Patching Produces Pwn2Own Participant’s Panic https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1540924260770-Z1MX3B4ZEFO3FOUHC59L/Picture2.png Blog - Preventative Patching Produces Pwn2Own Participant’s Panic https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1540924298216-RFKU8N41TT7XCR0FMOWW/Picture3.png Blog - Preventative Patching Produces Pwn2Own Participant’s Panic https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1540924335649-S9XT1W0093OK6LI1P28N/Picture4.png Blog - Preventative Patching Produces Pwn2Own Participant’s Panic https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1540924367554-2W90GFV49U19I0NHK3J5/Picture5.png Blog - Preventative Patching Produces Pwn2Own Participant’s Panic https://www.thezdi.com/blog/2018/10/24/cve-2018-4338-triggering-an-information-disclosure-on-macos-through-a-broadcom-airport-kext monthly 0.5 2018-10-24 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1540231228586-F7V4GZ7U4NIGCSR9L25N/Picture1.png Blog - CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1540234936229-582OKXOM6ZQCFWCCIZVV/Picture2.png Blog - CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1540234982482-Z940P0U1LPKKC1D4K3JP/Picture2.png Blog - CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1540235033136-NI0X7GNQOGVVBI441F5V/Picture3.png Blog - CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1540235074255-AGJEI1LGOE3QKPYYTXW2/PoC-Example.png Blog - CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext https://www.thezdi.com/blog/2018/10/18/cve-2018-8460-exposing-a-double-free-in-internet-explorer-for-code-execution monthly 0.5 2018-10-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1539790062955-8W72QKALEJLH11T9TESX/Screen1.png Blog - CVE-2018-8460: Exposing a Double Free in Internet Explorer for Code Execution https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1539790280523-FM0WURPISZ7R4LKRDN4J/Screen2.png Blog - CVE-2018-8460: Exposing a Double Free in Internet Explorer for Code Execution https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1539801727818-JS94IUJQHD2DG7XD6SNI/Screen3.png Blog - CVE-2018-8460: Exposing a Double Free in Internet Explorer for Code Execution https://www.thezdi.com/blog/2018/10/9/the-october-2018-security-update-review monthly 0.5 2018-11-12 https://www.thezdi.com/blog/2018/9/28/onix-finding-pokmon-in-your-acrobat-revealing-a-new-attack-surface monthly 0.5 2018-10-02 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1538171516849-S2P3JLJELG78C0G9HWPM/Picture1.png Blog - Onix: Finding Pokémon in your Acrobat (Revealing a new attack surface) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1538171533818-EGOXEO4JBUR3EBOOHS76/Picture2.png Blog - Onix: Finding Pokémon in your Acrobat (Revealing a new attack surface) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1538171607215-TJVFDU8XC5T74VVG2TJK/Picture3.png Blog - Onix: Finding Pokémon in your Acrobat (Revealing a new attack surface) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1538171670546-DILHMBSIVR6RN4VN5XC4/Picture4.png Blog - Onix: Finding Pokémon in your Acrobat (Revealing a new attack surface) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1538171711863-GWVHJP1BG6VIOETPELA1/Picture5.png Blog - Onix: Finding Pokémon in your Acrobat (Revealing a new attack surface) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1538171727337-452CVY06TT1AXBGCA6JO/Picture6.png Blog - Onix: Finding Pokémon in your Acrobat (Revealing a new attack surface) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1538171777225-FDLJVDOUJJ70W6GYT0H1/Picture7.png Blog - Onix: Finding Pokémon in your Acrobat (Revealing a new attack surface) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1538171836831-R3FXSIRK4OJD4YZJSEX4/Picture8.png Blog - Onix: Finding Pokémon in your Acrobat (Revealing a new attack surface) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1538171876665-7LN6HYEVU6YX2REV6PN9/Picture9.png Blog - Onix: Finding Pokémon in your Acrobat (Revealing a new attack surface) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1538171910635-FXTXR3XR1YTOIB9C11M7/Picture10.png Blog - Onix: Finding Pokémon in your Acrobat (Revealing a new attack surface) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1538171957812-7C0RJB585E0PEO0VL2JL/Picture11.png Blog - Onix: Finding Pokémon in your Acrobat (Revealing a new attack surface) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1538172140634-3S85I888F6JQ5P9DLM4I/Picture12.png Blog - Onix: Finding Pokémon in your Acrobat (Revealing a new attack surface) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1538172291771-ED8N5STRCWHMDKPHQL7E/Picture13.png Blog - Onix: Finding Pokémon in your Acrobat (Revealing a new attack surface) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1538172316445-RD5W6QOEVDZSWYR4W19A/Picture14.png Blog - Onix: Finding Pokémon in your Acrobat (Revealing a new attack surface) https://www.thezdi.com/blog/2018/9/27/cve-2018-15421-examining-a-stack-based-overflow-in-the-cisco-webex-network-recording-player monthly 0.5 2018-09-27 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1537977427984-CABHGXPO7REISS436RYJ/1procmon.png Blog - CVE-2018-15421 – Examining a Stack-based Overflow in the Cisco Webex Network Recording Player Process Monitor showing nbrplay.exe looking for RtpConfig.ini https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1537977481490-7C9JLK4Y4T5ASGJBSK5Y/2ini_parser.png Blog - CVE-2018-15421 – Examining a Stack-based Overflow in the Cisco Webex Network Recording Player Setting up different properties https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1537977798119-CGP975K0STW6K74WUAFF/3sscanf.png Blog - CVE-2018-15421 – Examining a Stack-based Overflow in the Cisco Webex Network Recording Player No width in format string https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1537977837068-WTD81BW8IS9KFVQ0Z19Y/4fgets.png Blog - CVE-2018-15421 – Examining a Stack-based Overflow in the Cisco Webex Network Recording Player https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1537977854146-POXJEXX0X4J1ANIF2SWL/5stack.png Blog - CVE-2018-15421 – Examining a Stack-based Overflow in the Cisco Webex Network Recording Player Corrupted stack https://www.thezdi.com/blog/2018/9/20/zdi-can-6135-a-remote-code-execution-vulnerability-in-the-microsoft-windows-jet-database-engine monthly 0.5 2018-09-24 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1537457577547-4G4DYSEKFQS1X9SOJMEW/crash.png Blog - ZDI-CAN-6135: A Remote Code Execution Vulnerability in the Microsoft Windows Jet Database Engine https://www.thezdi.com/blog/2018/9/18/cve-2018-12794-using-type-confusion-to-get-code-execution-in-adobe-reader monthly 0.5 2018-09-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1537195729269-95X5BFJAAYIKDWFCT9WC/r1.png Blog - CVE-2018-12794: Using Type Confusion to Get Code Execution in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1537195803010-4P4RAVKSLUWRWIB5GRE1/r2.png Blog - CVE-2018-12794: Using Type Confusion to Get Code Execution in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1537195835668-4UW3WMZONP53AR9KXI64/firstcrash.png Blog - CVE-2018-12794: Using Type Confusion to Get Code Execution in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1537195910666-E19THLXM01TBPRY8BUBR/1.jpg Blog - CVE-2018-12794: Using Type Confusion to Get Code Execution in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1537196033609-AIOF9MZSB1TZ95HPP3TP/2.jpg Blog - CVE-2018-12794: Using Type Confusion to Get Code Execution in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1537196083322-11GLOSO3BQDK5VN44QMW/3.jpg Blog - CVE-2018-12794: Using Type Confusion to Get Code Execution in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1537196159228-8F3MBY5XGLRS5E3MPFND/4.jpg Blog - CVE-2018-12794: Using Type Confusion to Get Code Execution in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1537196498738-8JXC0Y6V0RAA76J8QQAZ/lastcrash.png Blog - CVE-2018-12794: Using Type Confusion to Get Code Execution in Adobe Reader https://www.thezdi.com/blog/2018/9/13/pivot-pivot-reaching-unreachable-vulnerable-code-in-industrial-iot-platforms monthly 0.5 2018-09-13 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535832669938-Q80DZEC7MTAC4PO5LKE5/Picture1.png Blog - Pivot! PIVOT! – Reaching Unreachable Vulnerable Code in Industrial IoT Platforms Preparing to hand off the RPC request to drawsrv https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535832700763-39BUMB66TXFYM7QPOKN3/Picture2.png Blog - Pivot! PIVOT! – Reaching Unreachable Vulnerable Code in Industrial IoT Platforms IOCTL Control Flow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1536861811352-BBM0RORUP0E67KT4ST0B/Screen+Shot+2018-09-13+at+12.50.37+PM.png Blog - Pivot! PIVOT! – Reaching Unreachable Vulnerable Code in Industrial IoT Platforms Prepping the payload for CreateProcessA() https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535832768894-C5XV1BAFUN2U3GOBLKOH/Picture4.png Blog - Pivot! PIVOT! – Reaching Unreachable Vulnerable Code in Industrial IoT Platforms Parsing command-line arguments for bwacrts.exe https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535832836528-VGT06FTXOZXYAL9VI9XD/Picture5.png Blog - Pivot! PIVOT! – Reaching Unreachable Vulnerable Code in Industrial IoT Platforms Modifying the PoC https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535832864612-RHCFFOEMLA2UTXZWO9GT/Picture6.png Blog - Pivot! PIVOT! – Reaching Unreachable Vulnerable Code in Industrial IoT Platforms EIP overwrite https://www.thezdi.com/blog/2018/9/11/the-september-2018-security-update-review monthly 0.5 2018-09-12 https://www.thezdi.com/blog/2018/9/04/announcing-pwn2own-tokyo-for-2018 monthly 0.5 2020-07-28 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535742899873-1KXTHV2LLA9710LZ64DC/trophy.jpg Blog - Announcing Pwn2Own Tokyo for 2018 Master of Pwn Trophy from 2017 https://www.thezdi.com/blog/2018/8/28/virtualbox-3d-acceleration-an-accelerated-attack-surface monthly 0.5 2018-08-29 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535489592682-7FWFE7HHW4QP7T88JN48/Picture1.png Blog - VirtualBox 3D Acceleration: An accelerated attack surface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535489621799-TYX4VQ7X1B3XRB4JIJ02/Picture2.png Blog - VirtualBox 3D Acceleration: An accelerated attack surface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535489655000-9F0CAPSD78WHQHSC6TW7/Picture3.png Blog - VirtualBox 3D Acceleration: An accelerated attack surface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535489806318-XOKXWWOIR6VZF6DCT3YS/Picture4.png Blog - VirtualBox 3D Acceleration: An accelerated attack surface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535489862179-Z0JX9J3CNEAHMNFY9WZ8/Picture5.png Blog - VirtualBox 3D Acceleration: An accelerated attack surface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535489898310-TIX6AWMY2MAY72BLTP3M/Picture6.png Blog - VirtualBox 3D Acceleration: An accelerated attack surface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535489970755-5EZYI5OKLDZ6V74K95UT/Picture7.png Blog - VirtualBox 3D Acceleration: An accelerated attack surface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535490005176-5ZV63AU16X37SKMVLEV5/Picture8.png Blog - VirtualBox 3D Acceleration: An accelerated attack surface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1535490059053-F36WF9Q2DI6SCGZVURDH/Picture9.png Blog - VirtualBox 3D Acceleration: An accelerated attack surface https://www.thezdi.com/blog/2018/8/22/floating-poison-math-in-chakra monthly 0.5 2018-08-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1534887273500-LR5MNQ5POVE80IROOKGT/Image1.png Blog - Floating-Poison Math in Chakra https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1534887104872-IEUNP2HBOOU42A4Y9DKY/Image2.png Blog - Floating-Poison Math in Chakra https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1534887145564-NO61XSL3QKA786CC3R9S/Image3.png Blog - Floating-Poison Math in Chakra https://www.thezdi.com/blog/2018/8/14/voicemail-vandalism-getting-remote-code-execution-on-microsoft-exchange-server monthly 0.5 2018-08-14 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1534173141048-LIDGF58QQKP327QNF4AF/procexp.png Blog - Voicemail Vandalism: Getting Remote Code Execution on Microsoft Exchange Server https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1534178896717-ASVUYRWJFL6TZVPI5M9D/combined.png Blog - Voicemail Vandalism: Getting Remote Code Execution on Microsoft Exchange Server https://www.thezdi.com/blog/2018/8/14/the-august-2018-security-update-review monthly 0.5 2018-09-09 https://www.thezdi.com/blog/2018/8/01/throwing-shade-analysis-of-a-foxit-integer-overflow monthly 0.5 2018-08-01 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1532980015450-4433Z33QMILF8GGR3OD5/radial.jpg Blog - Throwing Shade: Analysis of a Foxit Integer Overflow Different kinds of shading pattern types https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1532979972513-EJJKZ5P9WGVX0MMYVU08/ShadingTypes.png Blog - Throwing Shade: Analysis of a Foxit Integer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1532980106701-XMDB6OHM3YTGQOY0G8SG/shading_excerpt.png Blog - Throwing Shade: Analysis of a Foxit Integer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1532980081613-ZLNC2SS4Q13TKXLCNW88/object_definition.png Blog - Throwing Shade: Analysis of a Foxit Integer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1532980325027-3EG4SWVZHABI9KUW6BZ2/ida+image.png Blog - Throwing Shade: Analysis of a Foxit Integer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1532980415281-C2P6RO70KMIM07SHD7FJ/windbg.png Blog - Throwing Shade: Analysis of a Foxit Integer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1532980472412-OZ0QPL7IPZ7QXE741ZUF/malloc_call.png Blog - Throwing Shade: Analysis of a Foxit Integer Overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1532980525684-2MA6H5JFIR1S2AECR64D/OOB.png Blog - Throwing Shade: Analysis of a Foxit Integer Overflow https://www.thezdi.com/blog/2018/7/24/announcing-the-targeted-incentive-program-a-special-award-for-special-targets monthly 0.5 2023-05-05 https://www.thezdi.com/blog/2018/7/19/mindshare-an-introduction-to-pykd monthly 0.5 2020-05-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1531944705287-NU9R7Z29KEGX0KKV7PDL/Picture1.png Blog - MindshaRE: An Introduction to PyKD https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1531944751419-UL7O9Z551EN33Q53NX7I/Picture2.png Blog - MindshaRE: An Introduction to PyKD https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1531944893988-N08SDKFIV9LM7WWAFRMO/Picture3.png Blog - MindshaRE: An Introduction to PyKD https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1531944970658-83YPJQYR4MZGTE3VZGVI/Picture4.png Blog - MindshaRE: An Introduction to PyKD https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1531945004187-Q3YXY6X3JHFLBP1KWY1I/Picture5.png Blog - MindshaRE: An Introduction to PyKD https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1531945046513-7HOG2D4ZG0D5KHKF7YOV/Picture6.png Blog - MindshaRE: An Introduction to PyKD https://www.thezdi.com/blog/2018/7/10/the-july-2018-security-update-review monthly 0.5 2018-08-13 https://www.thezdi.com/blog/2018/7/9/checking-in-a-look-back-at-the-first-half-of-2018 monthly 0.5 2018-07-09 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1530803239403-VI3MW021ALL23WONQUGB/1H2018.jpg Blog - Checking In: A Look Back at the First Half of 2018 Figure 1 - Vendor breakdown for the first half of 2018 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1530803275698-S4F794AVEU48QIC1YTIN/1H2017.jpg Blog - Checking In: A Look Back at the First Half of 2018 Figure 2 - Vendor breakdown for the first half of 2017 https://www.thezdi.com/blog/2018/6/26/mindshare-variant-hunting-with-ida-python monthly 0.5 2020-05-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1530050502445-IMKRCOS6IZ2C43851RV9/1.png Blog - MindshaRE: Variant Hunting with IDA Python https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1530050523722-HUVCA8LMJN0SYLG1FVUW/2.png Blog - MindshaRE: Variant Hunting with IDA Python https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1530050557597-0ZDDJ88MLEVNJ9HI5FN3/3.png Blog - MindshaRE: Variant Hunting with IDA Python https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1530050584107-WRK1I5OKQ2RBC7AVXG3W/4.png Blog - MindshaRE: Variant Hunting with IDA Python https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1530050611121-XP5NVJCM0G7GYGIP63I9/5.png Blog - MindshaRE: Variant Hunting with IDA Python https://www.thezdi.com/blog/2018/6/21/analyzing-an-integer-overflow-in-bitdefender-av-part-2-the-exploit monthly 0.5 2018-06-21 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1529354009560-H5D47IO5JN3ICDS25VWP/1b.png Blog - Analyzing an Integer Overflow in Bitdefender AV: Part 2 – The Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1529354044124-DN84DHX15DSSXTQQH1OK/2b.png Blog - Analyzing an Integer Overflow in Bitdefender AV: Part 2 – The Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1529354226684-PQWCUWT5BJFM0OI6C4BL/3b.png Blog - Analyzing an Integer Overflow in Bitdefender AV: Part 2 – The Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1529354300465-6KKBRHHDRJ30TGD21135/4b.png Blog - Analyzing an Integer Overflow in Bitdefender AV: Part 2 – The Exploit https://www.thezdi.com/blog/2018/6/19/analyzing-an-integer-overflow-in-bitdefender-av-part-1-the-vulnerability monthly 0.5 2018-06-19 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1529087488158-22N7RHSQ2569EH6SX921/1.png Blog - Analyzing an Integer Overflow in Bitdefender AV: Part 1 – The Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1529087632590-J6DY61LQW1EUUR05SHGC/2.png Blog - Analyzing an Integer Overflow in Bitdefender AV: Part 1 – The Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1529087743026-JMEB88301SGXC06ML0GL/3.png Blog - Analyzing an Integer Overflow in Bitdefender AV: Part 1 – The Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1529087785266-3CPDWR0VJQOF9EXN5KXU/4.png Blog - Analyzing an Integer Overflow in Bitdefender AV: Part 1 – The Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1529087837787-EKMWC4RIP2VHT9HLP38D/5.png Blog - Analyzing an Integer Overflow in Bitdefender AV: Part 1 – The Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1529087884937-MH5P10FD4CF6YRSWDK2N/6.png Blog - Analyzing an Integer Overflow in Bitdefender AV: Part 1 – The Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1529088222791-KY43ZIDMAA1YO22P9JOE/7.png Blog - Analyzing an Integer Overflow in Bitdefender AV: Part 1 – The Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1529088320905-K4S97BQ4NQV9HP77YY44/9.png Blog - Analyzing an Integer Overflow in Bitdefender AV: Part 1 – The Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1529088545664-C2IUQD5Z6RY0AMBTB348/10a.jpg Blog - Analyzing an Integer Overflow in Bitdefender AV: Part 1 – The Vulnerability https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1529088448165-XGA2JKG8LXGFFBTH9IRB/11.png Blog - Analyzing an Integer Overflow in Bitdefender AV: Part 1 – The Vulnerability https://www.thezdi.com/blog/2018/6/12/the-june-2018-security-update-review monthly 0.5 2018-06-12 https://www.thezdi.com/blog/2018/6/7/down-the-rabbit-hole-a-deep-dive-into-an-attack-on-an-rpc-interface monthly 0.5 2018-06-07 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1528382952030-AEBXXODH2XQ2ZJ83GZM4/1.png Blog - Down the Rabbit Hole - A Deep Dive into an attack on an RPC interface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1528382981748-EALOESMJCX1H624XR7K1/image-asset.png Blog - Down the Rabbit Hole - A Deep Dive into an attack on an RPC interface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1528383045062-U272H159KSKZV7NEYN80/3.png Blog - Down the Rabbit Hole - A Deep Dive into an attack on an RPC interface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1528383063989-VFJ17ZJF59W42LG5FM50/4.png Blog - Down the Rabbit Hole - A Deep Dive into an attack on an RPC interface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1528383088789-T6EW4T6G8ZYX10Y9WFJ1/5.png Blog - Down the Rabbit Hole - A Deep Dive into an attack on an RPC interface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1528383116221-7PA9ZVS0YERVB7UV4F9C/image-asset.png Blog - Down the Rabbit Hole - A Deep Dive into an attack on an RPC interface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1528383136321-K3BJ5YD5ET17RJ5QC3R4/7.png Blog - Down the Rabbit Hole - A Deep Dive into an attack on an RPC interface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1528383155010-T4CLPNP08XORITEKACT9/8.png Blog - Down the Rabbit Hole - A Deep Dive into an attack on an RPC interface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1528383182605-K4K3IU1LT07UURJQVXO1/image-asset.png Blog - Down the Rabbit Hole - A Deep Dive into an attack on an RPC interface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1528383212663-ELE5FJ8DKR9AYBG4D1QT/10.png Blog - Down the Rabbit Hole - A Deep Dive into an attack on an RPC interface https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1528383235869-G39I8TVMXGZTMKQRESHY/11.png Blog - Down the Rabbit Hole - A Deep Dive into an attack on an RPC interface https://www.thezdi.com/blog/2018/5/29/malicious-intent-using-adobe-acrobats-ocg-setintent monthly 0.5 2018-05-29 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1527605168943-48WM7TUYVUSD7IWZMFAJ/Picture1.png Blog - Malicious Intent using Adobe Acrobat's OCG setIntent https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1527605201170-XQOMAXKB1GO4NCHQZHO7/Picture2.png Blog - Malicious Intent using Adobe Acrobat's OCG setIntent https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1527605228468-3J4OS5YGB1MLMRYNLCY5/Picture3.png Blog - Malicious Intent using Adobe Acrobat's OCG setIntent https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1527605299240-FU4BGLNECHOU83Z4J2FM/Picture4.png Blog - Malicious Intent using Adobe Acrobat's OCG setIntent Figure 1 - Locating setIntent https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1527605391253-6G39PCTYARUCEE1XX7KG/Picture5.png Blog - Malicious Intent using Adobe Acrobat's OCG setIntent Figure 2 - Decompiled code of the sub_238B9F62 function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1527605464967-503RC7TU78F5MBCBJIPS/Picture7.png Blog - Malicious Intent using Adobe Acrobat's OCG setIntent Figure 3 - Demonstrating the overflow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1527605513689-UP2AOV6EVBVQV7ZH2IN8/Picture7b.png Blog - Malicious Intent using Adobe Acrobat's OCG setIntent Figure 4 - Proof-of-Concept code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1527605547674-8EJPY1ZRACAQPY13UNC5/Picture8.png Blog - Malicious Intent using Adobe Acrobat's OCG setIntent Figure 5 - Subset of patch from Adobe https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1527605591304-5JB2DYI4TW0PZC8HU9VC/image-asset.png Blog - Malicious Intent using Adobe Acrobat's OCG setIntent Figure 6 - Same POC with new array length https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1527605626245-XLZC18T69MLPNVUB8K41/Picture10.png Blog - Malicious Intent using Adobe Acrobat's OCG setIntent Figure 7 - New patch avoiding integer wrap [2] then allocating buffer [3] https://www.thezdi.com/blog/2018/5/21/mindshare-walking-the-windows-kernel-with-ida-python monthly 0.5 2020-05-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1526936376774-A8FSU1ZH5OIGOQCQUWVU/01-Win7x64-KiServiceLimit.png Blog - MindshaRE: Walking the Windows Kernel with IDA Python Figure One - KiServiceLimit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1526936421147-9T6UMMSENI18OJ89AX0F/image-asset.png Blog - MindshaRE: Walking the Windows Kernel with IDA Python Figure Two - KiServiceTable https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1526936506214-PVXNNNZEG1CMP5G1FSVP/03-Win10x64-KiServiceTable.png Blog - MindshaRE: Walking the Windows Kernel with IDA Python Figure Three - KiServiceTable https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1526936558004-YOJPRKS7GOTCE9TEOVV9/04-GetInputFile.png Blog - MindshaRE: Walking the Windows Kernel with IDA Python Figure Four - GetInputFile https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1526936611148-YKDZZ1VIGWC24JBA1C0X/05-LocByName.png Blog - MindshaRE: Walking the Windows Kernel with IDA Python Figure Five - LocByFile https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1526936693850-D0BB0TZVOP58I3EX44G4/06-Limit.png Blog - MindshaRE: Walking the Windows Kernel with IDA Python Figure Six - Limit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1526936732476-48FRS2RI7HXF55JR0C75/07-DataRefsFrom.png Blog - MindshaRE: Walking the Windows Kernel with IDA Python Figure Seven - DataRefsFrom https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1526936991327-WL2SQ807L0FGUPMLMLY4/08-Results.png Blog - MindshaRE: Walking the Windows Kernel with IDA Python Figure Eight - Results https://www.thezdi.com/blog/2018/5/15/its-time-to-terminate-the-terminator monthly 0.5 2018-05-15 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1526319195948-E6OVRHC460DKGJKMBN94/Figure+1.png Blog - It’s Time to Terminate the Terminator Figure One https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1526319311269-ZXR49KYSF6E2T4GT7GXI/Figure+2.png Blog - It’s Time to Terminate the Terminator Figure Two https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1526319435910-MIF2CT417RRUYBGKQA5V/Figure+3.png Blog - It’s Time to Terminate the Terminator Figure Three https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1526319466081-W1N788DCV4MTDRLCIJDQ/Figure+4.png Blog - It’s Time to Terminate the Terminator Figure Four https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1526319492037-27RL165K6LATRU0ITUKD/Figure+5.png Blog - It’s Time to Terminate the Terminator Figure Five https://www.thezdi.com/blog/2018/5/8/the-may-2018-security-update-review monthly 0.5 2018-05-08 https://www.thezdi.com/blog/2018/5/2/running-with-scissors-the-dangers-of-cutting-and-pasting-sample-code monthly 0.5 2018-05-02 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1525271789397-MK712BEJM6HMG16OZ7XR/example3.png Blog - Running with Scissors: The Dangers of Cutting and Pasting Sample Code Partial screenshot of the now archived polyfill example https://www.thezdi.com/blog/2018/4/25/when-java-throws-you-a-lemon-make-limenade-sandbox-escape-by-type-confusion monthly 0.5 2019-05-13 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1524674645509-HZ876JJ3NUBMP4T8OJS3/first.png Blog - When Java throws you a Lemon, make Limenade: Sandbox escape by type confusion https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1524673417774-V5EDOS4XYRMGQG7WX2EF/image-asset.jpeg Blog - When Java throws you a Lemon, make Limenade: Sandbox escape by type confusion https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1524673467918-IG1RTF7ZFUV4X5IQ2CIU/image-asset.png Blog - When Java throws you a Lemon, make Limenade: Sandbox escape by type confusion https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1524673531293-9RMZHB2ZPPRDQZY9N8Z5/image-asset.png Blog - When Java throws you a Lemon, make Limenade: Sandbox escape by type confusion https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1524673613372-MPJHQNOWGBR6NAF2CRTS/patch.png Blog - When Java throws you a Lemon, make Limenade: Sandbox escape by type confusion https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1524673668430-N6ZB6V95FPC0FE6Y3WQL/JavaSubmission.png Blog - When Java throws you a Lemon, make Limenade: Sandbox escape by type confusion Java-related submissions to the ZDI program over time. https://www.thezdi.com/blog/2018/4/12/inverting-your-assumptions-a-guide-to-jit-comparisons monthly 0.5 2018-04-12 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1523544230397-UWERCZ7V1FSL32ZJGQFJ/Picture1.png Blog - Inverting Your Assumptions: A Guide to JIT Comparisons https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1523544261893-DDRTF55JGREUJNWPOJ9L/Picture2.png Blog - Inverting Your Assumptions: A Guide to JIT Comparisons https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1523544293652-TNW69UXQ1M1HR5SJ06DD/Picture3.png Blog - Inverting Your Assumptions: A Guide to JIT Comparisons https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1523544369278-J1VRRRNKQA4AE6EH9D2I/Picture4.png Blog - Inverting Your Assumptions: A Guide to JIT Comparisons https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1523548447554-K1043E45K0YFTP45GSAV/ISSW2018-blog-equals-poc.png Blog - Inverting Your Assumptions: A Guide to JIT Comparisons https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1523548472988-PBV837T7TBW117ZEFCFZ/ISSW2018-blog-equals-crash.png Blog - Inverting Your Assumptions: A Guide to JIT Comparisons https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1523544650354-HUOFLJTAVXJEWRJ4ZWOQ/Picture7.png Blog - Inverting Your Assumptions: A Guide to JIT Comparisons https://www.thezdi.com/blog/2018/4/10/the-april-2018-security-update-review monthly 0.5 2018-04-10 https://www.thezdi.com/blog/2018/4/5/quickly-pwned-quickly-patched-details-of-the-mozilla-pwn2own-exploit monthly 0.5 2018-04-05 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1522875424179-CXA9TDXE9HQDQ3A2F0IL/image-asset.png Blog - Quickly Pwned, Quickly Patched: Details of the Mozilla Pwn2Own Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1522875540938-3KDG4SMP29D5V7RJTEE8/image-asset.png Blog - Quickly Pwned, Quickly Patched: Details of the Mozilla Pwn2Own Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1522875613752-ULXJOTVY6VOCA9TAFWQK/image-asset.png Blog - Quickly Pwned, Quickly Patched: Details of the Mozilla Pwn2Own Exploit https://www.thezdi.com/blog/2018/3/29/tales-from-hallwaycon-busting-myths-over-adult-beverages monthly 0.5 2018-03-29 https://www.thezdi.com/blog/2018/3/15/pwn2own-2018-day-two-results-and-master-of-pwn monthly 0.5 2021-05-28 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1521164276515-7ZJJ4D6SP04Y9UAQCGSV/IMG_0997a.jpg Blog - Pwn2Own 2018 – Day Two Results and Master of Pwn Richard Zhu (fluorescence) works with ZDI researcher Mat Powell to set up his exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1521164345338-H6HNU45PYXHZUAW5UP3T/IMG_1016a.jpg Blog - Pwn2Own 2018 – Day Two Results and Master of Pwn Nick Burnett (left) and Markus Gaasedelen review their exploit during the attempt https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1521164419073-YXXK4LSI1WSCNKB6LBEH/IMG_1040a.jpg Blog - Pwn2Own 2018 – Day Two Results and Master of Pwn Alex Plaskett (left), Fabi Beterke (middle), and Georgi Geshev explain their research in the disclosure room https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1521164500550-618BS4IVU9XP4EDBIZQD/IMG_1053a.jpg Blog - Pwn2Own 2018 – Day Two Results and Master of Pwn Richard Zhu (fluorescence) accepts the Master of Pwn trophy and jacket https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1521164551826-306TJG7EM0EPABJF9BNB/Picture1.png Blog - Pwn2Own 2018 – Day Two Results and Master of Pwn https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1521164599158-SE7EGS7L7PEYTKI3UHOO/IMG_1075a.jpg Blog - Pwn2Own 2018 – Day Two Results and Master of Pwn From left to right: Georgi Geshev, Fabi Beterke, Niklas Baumstark , Samuel Groß, Richard Zhu, Alex Plaskett https://www.thezdi.com/blog/2018/3/15/pwn2own-2018-day-two-schedule monthly 0.5 2018-03-15 https://www.thezdi.com/blog/2018/3/14/pwn2own-2018-results-from-day-one monthly 0.5 2018-03-15 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1521062913345-RLAGM99U2ZTQGZCGZBM2/IMG_0955.JPG Blog - Pwn2Own 2018: Results from Day One Richard Zhu attempts to exploit Apple Safari https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1521063036298-MO47JM67RQ2UVRLDZG97/IMG_0978a.jpg Blog - Pwn2Own 2018: Results from Day One Richard Zhu relaxes after successfully demonstrating his exploit against Microsoft Edge https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1521064036722-TTPJWDS8ZBB3OBA8QLQL/IMG_0983a.jpg Blog - Pwn2Own 2018: Results from Day One Niklas Baumstark and ZDI researcher Abdul-Aziz Hariri watch a successful Oracle VirtualBox exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1521072082439-2JPZOIVK5H3M89DC3YKH/IMG_0990a.jpg Blog - Pwn2Own 2018: Results from Day One Samuel Groß successfully exploit Apple Safari to end Day One https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1521073442962-ZN2BQAYTE0RE7AQ76RQV/IMG_0994.JPG Blog - Pwn2Own 2018: Results from Day One https://www.thezdi.com/blog/2018/3/14/welcome-to-pwn2own-2018-the-schedule monthly 0.5 2018-03-19 https://www.thezdi.com/blog/2018/3/13/the-march-2018-security-update-review monthly 0.5 2018-03-13 https://www.thezdi.com/blog/2018/3/9/testing-for-truthiness-exploiting-improper-checks monthly 0.5 2018-03-09 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1520549583567-38GGYZ83NDN8990XP8V7/Picture1.png Blog - Testing for Truthiness: Exploiting Improper Checks We really have had things go up in smoke. https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1520549739250-UD0FDEL9Y49M4U94CKIM/Picture2.png Blog - Testing for Truthiness: Exploiting Improper Checks https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1520549818672-B7DC0CWVTPIOI06WQ6KR/Picture3.png Blog - Testing for Truthiness: Exploiting Improper Checks https://www.thezdi.com/blog/2018/3/1/vmware-exploitation-through-uninitialized-buffers monthly 0.5 2018-03-01 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1519860058656-DBUA8H2K94LQRSCZLUPY/image-asset.png Blog - VMware Exploitation through Uninitialized Buffers https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1519860084850-Z51BGWAXZ4TQGASYR117/image-asset.png Blog - VMware Exploitation through Uninitialized Buffers https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1519860115844-9A1H9EOIAZYLN9NGQQNM/image-asset.png Blog - VMware Exploitation through Uninitialized Buffers https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1519860171109-WCGWB9J55LJJA2E54Y6B/image-asset.png Blog - VMware Exploitation through Uninitialized Buffers https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1519860224090-IGIQCLB11D0TWOXUKZM0/image-asset.png Blog - VMware Exploitation through Uninitialized Buffers https://www.thezdi.com/blog/2018/2/13/the-february-2018-security-update-review monthly 0.5 2018-02-13 https://www.thezdi.com/blog/2018/2/12/pushing-webkits-buttons-with-a-mobile-pwn2own-exploit monthly 0.5 2018-02-12 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1518211441802-O22PVG83A720Q3LQZANS/ButtonUAF-PoC.png Blog - Pushing WebKit's Buttons with a Mobile Pwn2Own Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1518211566808-VJD7UZEKW9W0AOKW6YVT/ButtonUAF-IDL.png Blog - Pushing WebKit's Buttons with a Mobile Pwn2Own Exploit https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1518211601686-3VLD5IFXJT1G1E6YLUV8/ButtonUAF-elements.png Blog - Pushing WebKit's Buttons with a Mobile Pwn2Own Exploit https://www.thezdi.com/blog/2018/2/6/one-mans-patch-is-another-mans-treasure-a-tale-of-a-failed-hpe-patch monthly 0.5 2018-02-06 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1517612357582-GZN6T1L9ECS80ZKZWY86/image-asset.png Blog - One man's patch is another man's treasure: A tale of a failed HPE patch https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1517612405714-CDIMJWSTFOMNR7JF259T/image-asset.png Blog - One man's patch is another man's treasure: A tale of a failed HPE patch https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1517613083113-ZUW0MLAQ51DSHENUMP2Z/image-asset.png Blog - One man's patch is another man's treasure: A tale of a failed HPE patch https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1517613136182-4XZXYMUHJJOS4I7IFJU6/image-asset.png Blog - One man's patch is another man's treasure: A tale of a failed HPE patch https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1517613849732-3126EEJTP6KGHY9IME15/image-asset.png Blog - One man's patch is another man's treasure: A tale of a failed HPE patch https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1517613903690-3KE6HO1P5J5TNJGE2DWC/image-asset.png Blog - One man's patch is another man's treasure: A tale of a failed HPE patch https://www.thezdi.com/blog/2018/1/25/pwn2own-returns-for-2018-partners-with-microsoft-and-sponsored-by-vmware monthly 0.5 2023-05-05 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1516730150558-TB34G9SIKI6GL6KL8P2Z/image-asset.png Blog - Pwn2Own Returns for 2018: Partners with Microsoft and Sponsored by VMware https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1516733042623-MDTHSRHG10CSM6YUI3KS/image-asset.png Blog - Pwn2Own Returns for 2018: Partners with Microsoft and Sponsored by VMware https://www.thezdi.com/blog/2018/1/19/automating-vmware-rpc-request-sniffing monthly 0.5 2018-01-19 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1516227716535-8NM3WX5XH5HN9P9CDMWD/image-asset.png Blog - Automating VMware RPC Request Sniffing https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1516227767115-F0ZM9DRU8FUNENDHW4GM/image-asset.png Blog - Automating VMware RPC Request Sniffing https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1516227818468-Q5H50FORFSSE599H47K8/image-asset.png Blog - Automating VMware RPC Request Sniffing https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1516227872732-UPL8TFA7LQQ8Z5M6W8W5/image-asset.png Blog - Automating VMware RPC Request Sniffing https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1516227972569-WZKHNN7T1RSH891JQXUW/image-asset.png Blog - Automating VMware RPC Request Sniffing https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1516228131469-9QS11NO777ZUJH69HPQ8/image-asset.png Blog - Automating VMware RPC Request Sniffing https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1516228312235-008U559C4LWLN5EZ87V3/image-asset.png Blog - Automating VMware RPC Request Sniffing https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1516228363417-R3YT5CIXHY8FWR2T9SH1/image-asset.png Blog - Automating VMware RPC Request Sniffing https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1516228410604-IU1UFFXRYCID1VLR4IQJ/image-asset.png Blog - Automating VMware RPC Request Sniffing https://www.thezdi.com/blog/2018/1/9/the-january-2018-security-update-review monthly 0.5 2018-01-09 https://www.thezdi.com/blog/2018/1/4/the-zdi-2017-retrospective monthly 0.5 2018-01-04 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1515083432893-VHWIVRATB53V9F2CF7TP/image-asset.jpeg Blog - The ZDI 2017 Retrospective Breakdown of vendors ZDI published advisories for in 2017 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1515083488241-8RIU2TRH62XNOJMMP420/image-asset.jpeg Blog - The ZDI 2017 Retrospective Published advisories from 2005 to 2017 https://www.thezdi.com/blog/2017/12/22/a-matching-pair-of-use-after-free-bugs-in-chakra-asmjs monthly 0.5 2017-12-22 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513801850036-N4UIPYWCKXKDNYESTAHZ/image-asset.png Blog - A Matching Pair of Use-After-Free Bugs in Chakra asm.js PoC for ZDI-17-928 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513802018877-T0292UIWMHR5BX7UCCVJ/image-asset.png Blog - A Matching Pair of Use-After-Free Bugs in Chakra asm.js PoC for ZDI-17-848 https://www.thezdi.com/blog/2017/12/21/vmwares-launch-escape-system monthly 0.5 2017-12-21 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513724438128-O26AQ8IHM27PAZXEIW55/image-asset.png Blog - VMware’s Launch escape SYSTEM https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513724635660-SHPJO10CB1NVQJNKN7OY/image-asset.png Blog - VMware’s Launch escape SYSTEM https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513725657056-F6BB96CTBH1ONNR09HB1/image-asset.png Blog - VMware’s Launch escape SYSTEM https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513725699453-GKJKTNH5F7CS6JL0NRRA/image-asset.png Blog - VMware’s Launch escape SYSTEM https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513725722059-TI0U81W6DJX09SOK3CJC/image-asset.png Blog - VMware’s Launch escape SYSTEM https://www.thezdi.com/blog/2017/12/20/invariantly-exploitable-input-an-apple-safari-bug-worth-revisiting monthly 0.5 2017-12-20 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513617447745-CZWVTC91KZNCT4SOB3PX/image-asset.png Blog - Invariantly Exploitable Input: An Apple Safari Bug Worth Revisiting https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513617517919-96C4D77YQ1JO6Z6HU8IU/2.png Blog - Invariantly Exploitable Input: An Apple Safari Bug Worth Revisiting https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513617677656-B6Q47JTCZ5OWATERC8ZS/image-asset.png Blog - Invariantly Exploitable Input: An Apple Safari Bug Worth Revisiting https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513617749945-DAVMIG398MLPVJS5BN1O/image-asset.png Blog - Invariantly Exploitable Input: An Apple Safari Bug Worth Revisiting https://www.thezdi.com/blog/2017/12/19/apache-groovy-deserialization-a-cunning-exploit-chain-to-bypass-a-patch monthly 0.5 2017-12-27 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513612637599-3ANP9LYCBAPB8MSVQA3B/image-asset.png Blog - Apache Groovy Deserialization: A Cunning Exploit Chain to Bypass a Patch https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513612750371-LG4SXNWQAC0GO9HNZYAD/image-asset.png Blog - Apache Groovy Deserialization: A Cunning Exploit Chain to Bypass a Patch https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513613846327-8KRN4Q69VHD2QVVRMY7O/image-asset.png Blog - Apache Groovy Deserialization: A Cunning Exploit Chain to Bypass a Patch https://www.thezdi.com/blog/2017/12/18/reading-backwards-controlling-an-integer-underflow-in-adobe-reader monthly 0.5 2017-12-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513353330293-1QE03156NW9XNMFSXXWX/Picture1.png Blog - Reading Backwards – Controlling an Integer Underflow in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513353387717-6UCF9PGGNW63SYC5D5A8/Picture2.png Blog - Reading Backwards – Controlling an Integer Underflow in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513353438611-ERQA325716T17C3XEZU0/Picture3.png Blog - Reading Backwards – Controlling an Integer Underflow in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513353478569-L1A78GVOTSRPVBJ77W5G/Picture4.png Blog - Reading Backwards – Controlling an Integer Underflow in Adobe Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513353528426-06E7F4TQIYZ817WF3LKW/Picture5.png Blog - Reading Backwards – Controlling an Integer Underflow in Adobe Reader https://www.thezdi.com/blog/2017/12/13/remote-root-in-directvs-wireless-video-bridge-a-tale-of-rage-and-despair monthly 0.5 2017-12-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513106121562-6P7S07R5Q7DQBS30SD1S/wvbr0_diag_page_1.png Blog - Remote Root in DirecTV's Wireless Video Bridge: A Tale of Rage and Despair https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513107917721-6CEE3TP4HHQ0JSTKTI3P/image-asset.png Blog - Remote Root in DirecTV's Wireless Video Bridge: A Tale of Rage and Despair https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513107999676-QRJFIFSJ9SOZFGCEINX0/image-asset.png Blog - Remote Root in DirecTV's Wireless Video Bridge: A Tale of Rage and Despair https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513108300569-I6SS6264B2S7KVJJBAIE/image-asset.png Blog - Remote Root in DirecTV's Wireless Video Bridge: A Tale of Rage and Despair Bus Pirate connected to SPI pins of serial flash chip https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1513108552532-3YGE2XZKJ987W76CRDEM/image-asset.png Blog - Remote Root in DirecTV's Wireless Video Bridge: A Tale of Rage and Despair Disassembly of vulnerable portion of apply.cgi https://www.thezdi.com/blog/2017/12/12/the-december-2017-security-update-review monthly 0.5 2017-12-12 https://www.thezdi.com/blog/2017/12/01/exploiting-untrusted-objects-through-deserialization-analyzing-1-of-100-hpe-bug-submissions monthly 0.5 2017-12-01 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1512140727863-OPNUBPGBWWQLQ236AM9K/servlet.png Blog - Exploiting Untrusted Objects through Deserialization: Analyzing 1 of 100+ HPE Bug Submissions https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1512140953486-91DLP9YDJ1T5K6P3WGLD/vuln_code.png Blog - Exploiting Untrusted Objects through Deserialization: Analyzing 1 of 100+ HPE Bug Submissions https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1512140935584-Y4JX9DK0CKEUIWL5Y7T8/decompile.png Blog - Exploiting Untrusted Objects through Deserialization: Analyzing 1 of 100+ HPE Bug Submissions https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1512141082915-UKR4X51KJQA696ZKT0LV/poc.png Blog - Exploiting Untrusted Objects through Deserialization: Analyzing 1 of 100+ HPE Bug Submissions https://www.thezdi.com/blog/2017/11/14/the-november-2017-security-update-review monthly 0.5 2017-11-14 https://www.thezdi.com/blog/2017/11/2/the-results-mobile-pwn2own-2017-day-two monthly 0.5 2017-11-02 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1509614451138-B03G0RE8FWE78JNMRAY6/image-asset.jpeg Blog - The Results – Mobile Pwn2Own 2017 Day Two https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1509634020409-WACLXJI6NIQU5Q1V2617/Mobile+Pwn2Own_DAY2+THUMBNAIL.png Blog - The Results – Mobile Pwn2Own 2017 Day Two https://www.thezdi.com/blog/2017/11/1/welcome-to-mobile-pwn2own-2017-day-two monthly 0.5 2017-11-02 https://www.thezdi.com/blog/2017/11/1/the-results-mobile-pwn2own-day-one monthly 0.5 2017-11-02 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1509521601302-TG9CX9DVMDG0S2OJEJR2/image-asset.png Blog - The Results – Mobile Pwn2Own Day One That App Shouldn't Be There https://www.thezdi.com/blog/2017/10/31/welcome-to-mobile-pwn2own-2017-day-one monthly 0.5 2017-11-02 https://www.thezdi.com/blog/2017/10/27/on-the-trail-to-mobile-pwn2own monthly 0.5 2017-11-02 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1509050142253-OGADI0MZGTSO43KR55VN/fts3OptimizeFunc.png Blog - On the Trail to Mobile Pwn2Own The optimize() Function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1509050310241-SOPYPAO2PLKQ030APGAL/image-asset.png Blog - On the Trail to Mobile Pwn2Own Helper Function https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1509050504716-YFO2XI58KJ9XUA0FPE7L/image-asset.png Blog - On the Trail to Mobile Pwn2Own Pre-patch Code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1509050581958-6JIRTLINK5TXDNBFIYY3/image-asset.png Blog - On the Trail to Mobile Pwn2Own Post-patch Code https://www.thezdi.com/blog/2017/10/17/wrapping-the-converter-within-foxit-reader monthly 0.5 2017-10-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507833778475-O65MQARZLK37AZ7YNUCZ/Picture1.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507833989901-LYT44VSPCAF0I57MTM5B/Picture2.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507834379824-EVISSG8ISL557H8VNNV8/Picture3.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507834424519-7MC8RGGSBTNG2ZZ3BIZ7/image-asset.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507834955404-P5A4ALIP15MNJQC8W87X/Picture5a.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507835008473-EJ1OVK7O579TI06O519O/Picture5.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507835120818-IDGAAJ9EKCOZ306BQ6MM/Picture6.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507835166470-WZSCNAGFET0SZR7CTSC5/Picture7.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507835265555-BWIIFHW8HHM0JV6X5I65/Picture8.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507835415384-X3068GS8273TT6LQ2MJJ/Picture9.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507835735788-BNN3XPLIIK3B5XP0SBEO/Picture10.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507835886193-F93FFKTKCOBVK3CJBY9L/Picture11.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507835922139-HYBLGFJ8KIFJ8UMMZ5DV/Picture12.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507835967687-N179YONAE9T6SVF1WRPG/Picture13.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507836019423-8HKZCB7W1OYZ0V6SPIQG/Picture14.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507836075727-GXKSI2TTLBFBX6DS4AO1/Picture15.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507836361694-8ZMU3GUZA7888VII05LO/Picture16.png Blog - Wrapping the Converter within Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507836408881-QDICT1VM6H4T8839SQFA/Picture17.png Blog - Wrapping the Converter within Foxit Reader https://www.thezdi.com/blog/2017/10/10/the-october-2017-security-update-review monthly 0.5 2017-10-16 https://www.thezdi.com/blog/2017/10/5/check-it-out-enforcement-of-bounds-checks-in-native-jit-code monthly 0.5 2017-10-05 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507144242408-982E1M2DMOTWX09CT93K/image-asset.png Blog - Check it Out: Enforcement of Bounds Checks in Native JIT Code Figure 1 - CVE-2017-0234 PoC (Click to enlarge) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507144293458-7PHB93J42KMA4VZX6OVC/image-asset.png Blog - Check it Out: Enforcement of Bounds Checks in Native JIT Code Figure 2 - CVE-2017-0234 PoC Debugger Output (Click to enlarge) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507144423083-ZAI2CYP3VPD1JI1Y24L8/image-asset.png Blog - Check it Out: Enforcement of Bounds Checks in Native JIT Code Figure 3 - CVE-2017-0234 Faulty JIT Code (Click to enlarge) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507144492628-88DC4JXIRMUVP1GLEVEL/image-asset.png Blog - Check it Out: Enforcement of Bounds Checks in Native JIT Code Figure 4 - CVE-2017-0234 JIT Code: Branch to Bailout (Click to enlarge) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507144535370-YQO6ZUQCZYHKHPKPDFV6/image-asset.png Blog - Check it Out: Enforcement of Bounds Checks in Native JIT Code Figure 5 - CVE-2017-0234 Patch (Click to enlarge) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507144653401-UJ1Q32IMW118IMD7NH3Y/image-asset.png Blog - Check it Out: Enforcement of Bounds Checks in Native JIT Code Figure 6 - Conditions for Bounds Check Elimination (Click to enlarge) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507145075873-LDR2DXL164Q4CA7K2HYH/image-asset.png Blog - Check it Out: Enforcement of Bounds Checks in Native JIT Code Figure 7 - PoC to Achieve Bounds Check Elimination, Post-Patch (Click to enlarge) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507145156146-AZHTVOOR1H8R77VUZKIP/image-asset.png Blog - Check it Out: Enforcement of Bounds Checks in Native JIT Code Figure 8 - Out-of-Bounds Access, Post-Patch (Click to enlarge) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507145314164-4XXLK1YX8VJUT3JSVW5Y/image-asset.png Blog - Check it Out: Enforcement of Bounds Checks in Native JIT Code Figure 9 - JavascriptArrayBuffer Constructor (Click to enlarge) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507145365038-4S21UZL7NIWQ13C8LN20/image-asset.png Blog - Check it Out: Enforcement of Bounds Checks in Native JIT Code Figure 10 - AsmJsVirtualAllocator (Click to enlarge) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507145623803-D7BAEM6B37NO1KMKBCB2/image-asset.png Blog - Check it Out: Enforcement of Bounds Checks in Native JIT Code Figure 11 - Invalid Address is Reserved, not Free (Click to enlarge) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507145757985-VE94TLNDYF5298JJ06V1/image-asset.png Blog - Check it Out: Enforcement of Bounds Checks in Native JIT Code Figure 12 - Array Type Check Insertion Logic (Click to enlarge) https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507145912235-702IWNJHDP9RH3D1XV1X/image-asset.png Blog - Check it Out: Enforcement of Bounds Checks in Native JIT Code Figure 13 - Multiple Array Accesses Requiring Only a Single Type Check (Click to enlarge) https://www.thezdi.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor monthly 0.5 2017-10-04 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1506531820562-MG8PV8M4KRGBBOT4PDPC/image-asset.jpeg Blog - VMware Escapology – How to Houdini the Hypervisor https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1507074179046-O324XJJJ7I9BEBB6IAA9/image-asset.png Blog - VMware Escapology – How to Houdini the Hypervisor https://www.thezdi.com/blog/2017/9/26/duck-assisted-code-execution-in-emc-data-protection-advisor monthly 0.5 2017-09-26 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1505857396249-1YQ0CZYKT55DW7V87M6M/image-asset.png Blog - Duck-Assisted Code Execution in EMC Data Protection Advisor https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1505857601239-LIED44OK46K8XEYPVWBX/image-asset.png Blog - Duck-Assisted Code Execution in EMC Data Protection Advisor https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1506007740360-YUF3PDCOS6JNNE50LO75/screenshot2.png Blog - Duck-Assisted Code Execution in EMC Data Protection Advisor Default user entries of the DPA PostgreSQL database displayed in pgAdmin4 https://www.thezdi.com/blog/2017/9/13/simple-to-find-simple-to-fix-locating-weak-file-permissions-in-advantech-webaccess monthly 0.5 2017-09-13 https://www.thezdi.com/blog/2017/9/12/the-september-2017-security-update-review monthly 0.5 2017-09-12 https://www.thezdi.com/blog/2017/9/5/getting-into-submitting-how-to-maximize-your-research monthly 0.5 2018-12-13 https://www.thezdi.com/blog/2017/8/24/mobile-pwn2own-2017-returns-to-tokyo monthly 0.5 2020-06-18 https://www.thezdi.com/blog/2017/8/24/deconstructing-a-winning-webkit-pwn2own-entry monthly 0.5 2017-08-24 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1503592303573-ZPCLF8KQ1OPNOEIDFWJY/01-crash.png Blog - Deconstructing a Winning Webkit Pwn2Own Entry https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1503592749356-O06SSNCCYCBEJMDA1RJQ/02-poc.png Blog - Deconstructing a Winning Webkit Pwn2Own Entry https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1503592437301-OJTDQIFBWVLSBW29ULQQ/03-handleBlock.png Blog - Deconstructing a Winning Webkit Pwn2Own Entry https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1503592498096-N4D7FU8UE9P4PF0W1LDZ/04-handleBlock.png Blog - Deconstructing a Winning Webkit Pwn2Own Entry https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1503592551508-9LZFEGADXZC1LVX2XXFB/05-compileCheckInBounds.png Blog - Deconstructing a Winning Webkit Pwn2Own Entry https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1503592596381-4HQ4HP1XRXDIJTBHREOK/06-patch.png Blog - Deconstructing a Winning Webkit Pwn2Own Entry https://www.thezdi.com/blog/2017/8/17/busting-myths-in-foxit-reader monthly 0.5 2017-08-18 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502980949291-7RQJQ5F7K8ATUMFSLEME/image-asset.png Blog - Busting Myths in Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502980978185-SLR4HQBXZ7VGF5S94L3S/image-asset.png Blog - Busting Myths in Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502981069055-FV5TYX2KJ344EQYUNY2I/image-asset.png Blog - Busting Myths in Foxit Reader https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502981141892-Z07DZKWVW1K4MVPEGMIS/image-asset.png Blog - Busting Myths in Foxit Reader https://www.thezdi.com/blog/2017/8/9/the-blue-frost-security-challenge-an-exploitation-journey-for-fun-and-free-drinks monthly 0.5 2017-08-10 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502316379583-XS87ZSPBZJI63R2OYQO8/image-asset.png Blog - The Blue Frost Security Challenge: An Exploitation Journey for Fun and Free Drinks https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502317738507-OE2PGS5E42MRZTN7ARF3/image-asset.png Blog - The Blue Frost Security Challenge: An Exploitation Journey for Fun and Free Drinks https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502317780525-H3HYGPR9PFOJ65MEM18N/image-asset.png Blog - The Blue Frost Security Challenge: An Exploitation Journey for Fun and Free Drinks https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502321167979-ZGQIJF0MW3450LZGMW6G/image-asset.png Blog - The Blue Frost Security Challenge: An Exploitation Journey for Fun and Free Drinks https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502321147961-4YQCWYO0ER58GPZWEY5V/image-asset.png Blog - The Blue Frost Security Challenge: An Exploitation Journey for Fun and Free Drinks https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502321292906-050DCH1PED812NGY2WKH/image-asset.png Blog - The Blue Frost Security Challenge: An Exploitation Journey for Fun and Free Drinks https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502321334107-PGRG3MRCXNJR94A1US42/image-asset.png Blog - The Blue Frost Security Challenge: An Exploitation Journey for Fun and Free Drinks https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502315616803-8K0O86DYG0X4LX6CRRXP/image-asset.png Blog - The Blue Frost Security Challenge: An Exploitation Journey for Fun and Free Drinks https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502315674337-RNC2JPIXNM9QBAOS67ON/image-asset.png Blog - The Blue Frost Security Challenge: An Exploitation Journey for Fun and Free Drinks https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502315700681-P1C3Z4A2O0D0QM53KKVZ/image-asset.png Blog - The Blue Frost Security Challenge: An Exploitation Journey for Fun and Free Drinks https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502372862082-FUDQELN4HG6OIWEJLKN3/11-call_IsBadReadPtr.png Blog - The Blue Frost Security Challenge: An Exploitation Journey for Fun and Free Drinks https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1502372882819-Z0851WI37HTOBQRAYLJE/image-asset.png Blog - The Blue Frost Security Challenge: An Exploitation Journey for Fun and Free Drinks https://www.thezdi.com/blog/2017/8/8/the-august-2017-security-update-review monthly 0.5 2017-08-09 https://www.thezdi.com/blog/2017/8/1/pythonizing-the-vmware-backdoor monthly 0.5 2017-08-03 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1501623639771-7G9FF2PDIV1LFXR0UZ3M/image-asset.jpeg Blog - Pythonizing the VMware Backdoor Figure 1: Backdoor channel commands https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1501624447515-S1X9VEY1T1CNCN78KI12/Picture2.jpg Blog - Pythonizing the VMware Backdoor https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1501767694514-SBZ6EH3AMJ49LLQ6W6S9/image-asset.jpeg Blog - Pythonizing the VMware Backdoor Figure 2: Available Message Types https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1501767937533-ACS0YHHQFOXBBVIMAMP9/image-asset.jpeg Blog - Pythonizing the VMware Backdoor https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1501768005961-UFDUNJT7M5X4ETS2W9Q7/image-asset.jpeg Blog - Pythonizing the VMware Backdoor https://www.thezdi.com/blog/2017/7/18/understanding-risk-in-the-unintended-giant-javascript monthly 0.5 2017-07-19 https://www.thezdi.com/blog/2017/7/11/the-july-2017-security-update-review monthly 0.5 2017-07-11 https://www.thezdi.com/blog/2017/6/26/use-after-silence-exploiting-a-quietly-patched-uaf-in-vmware monthly 0.5 2017-07-24 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1498509360631-PHS3H2VLZXDIWN9EDOO8/image-asset.png Blog - Use-After-Silence: Exploiting a quietly patched UAF in VMware https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1498509685013-DZ1EVYA99X4S5J8TCDXV/image-asset.png Blog - Use-After-Silence: Exploiting a quietly patched UAF in VMware https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1498491162535-0Q2D9FJ7L9KDGJPBLKLU/image-asset.jpeg Blog - Use-After-Silence: Exploiting a quietly patched UAF in VMware Figure 1: Function responsible for freeing the object https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1498509798012-4IV5JTE3AZC8RGRY7FLY/image-asset.png Blog - Use-After-Silence: Exploiting a quietly patched UAF in VMware https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1498491564327-ZM1X5KIVDF063BBUCMQ9/image-asset.jpeg Blog - Use-After-Silence: Exploiting a quietly patched UAF in VMware Figure 2: Object Allocation Code https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1498509884305-9Q2V34ETKUYLOKXMG6PJ/image-asset.png Blog - Use-After-Silence: Exploiting a quietly patched UAF in VMware https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1498502084919-I49XDQIURPNT0S1N5WR8/image-asset.jpeg Blog - Use-After-Silence: Exploiting a quietly patched UAF in VMware https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1498509981213-QHHXT7FDKQBKSWLE65EY/image-asset.png Blog - Use-After-Silence: Exploiting a quietly patched UAF in VMware https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1498492205463-MWPD64J8Y6MJ5BJDMGZC/image-asset.jpeg Blog - Use-After-Silence: Exploiting a quietly patched UAF in VMware Figure 3: unity.window.contents.start disassembly https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1498510482542-14NLMGQE6VN0QRZN4FT4/image-asset.png Blog - Use-After-Silence: Exploiting a quietly patched UAF in VMware https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1498492467898-W7GLME3I30T9A32N3852/image-asset.jpeg Blog - Use-After-Silence: Exploiting a quietly patched UAF in VMware Figure 4: Exploitation Flow https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1498492528999-FVXYMLJAEGX2BIBMROL5/image-asset.jpeg Blog - Use-After-Silence: Exploiting a quietly patched UAF in VMware https://www.thezdi.com/blog/2017/6/13/the-june-2017-security-update-review monthly 0.5 2017-06-14 https://www.thezdi.com/blog/2017/5/19/hacker-machine-interface-the-state-of-scada-hmi-security monthly 0.5 2017-05-23 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1495213428357-6D7YK4WTR7RQ2Q7VEP80/image-asset.png Blog - Hacker Machine Interface – The State of SCADA HMI Security https://www.thezdi.com/blog/2017/5/15/the-may-2017-apple-security-update-review monthly 0.5 2017-05-16 https://www.thezdi.com/blog/2017/5/5/the-may-2017-security-update-review monthly 0.5 2017-05-09 https://www.thezdi.com/blog/2017/5/4/auditing-adobe-reader-the-open-source-attack-surface-in-closed-source-software monthly 0.5 2017-05-23 https://www.thezdi.com/blog/2017/4/11/the-april-2017-security-update-review monthly 0.5 2017-04-11 https://www.thezdi.com/blog/2017/3/23/pwn2own-2017-an-event-for-the-ages monthly 0.5 2017-03-23 https://www.thezdi.com/blog/2017/3/17/the-results-pwn2own-2017-day-three monthly 0.5 2023-05-05 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1489790583337-TVMFVR172WIME7ZQRQ51/image-asset.png Blog - The Results - Pwn2Own 2017 Day Three Command shell running at SYSTEM after successfully popped by Richard Zhu (fluorescence) https://www.thezdi.com/blog/2017/3/16/the-results-pwn2own-2017-day-two monthly 0.5 2017-03-17 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1489720324865-MUAEYIQM8LC5Y9PPEYAL/ffnotepad Blog - The Results – Pwn2Own 2017 Day Two Chaitin Security Research Labs running notepad.exe as SYSTEM https://www.thezdi.com/blog/2017/3/16/pwn2own-2017-day-three-schedule-and-results monthly 0.5 2023-05-05 https://www.thezdi.com/blog/2017/3/15/the-results-pwn2own-2017-day-one monthly 0.5 2023-05-05 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1489638884505-7GMDXS52SBOPKGK8SOXH/image-asset.jpeg Blog - The Results – Pwn2Own 2017 Day One https://www.thezdi.com/blog/2017/3/15/pwn2own-2017-day-two-schedule-and-results monthly 0.5 2017-03-17 https://www.thezdi.com/blog/2017/3/15/welcome-to-pwn2own-2017-the-schedule monthly 0.5 2017-10-25 https://www.thezdi.com/blog/2017/3/14/the-march-2017-security-update-review monthly 0.5 2017-03-14 https://www.thezdi.com/blog/2017/3/2/pwn2own-the-root-of-research monthly 0.5 2017-03-02 https://www.thezdi.com/blog/2017/1/18/pwn2own-returns-for-2017-to-celebrate-10-years-of-exploits monthly 0.5 2017-10-16 https://www.thezdi.com/blog/2017/1/10/january-2017-security-update-review monthly 0.5 2023-05-05 https://www.thezdi.com/blog/2017/1/9/zdi-2016-retrospective monthly 0.5 2017-02-27 https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1488230821886-56PN6ARC5ZYVEA3UXV6F/image-asset.jpeg Blog - The ZDI 2016 Retrospective https://www.thezdi.com/blog/category/Archive monthly 0.5 https://www.thezdi.com/blog/category/White+Paper monthly 0.5 https://www.thezdi.com/blog/category/Blog+post monthly 0.5 https://www.thezdi.com/blog/tag/Whitepaper monthly 0.5 https://www.thezdi.com/blog/tag/Meta monthly 0.5 https://www.thezdi.com/blog/tag/RAR monthly 0.5 https://www.thezdi.com/blog/tag/Adobe monthly 0.5 https://www.thezdi.com/blog/tag/Sonos monthly 0.5 https://www.thezdi.com/blog/tag/Foxit monthly 0.5 https://www.thezdi.com/blog/tag/Docker monthly 0.5 https://www.thezdi.com/blog/tag/CSRSS monthly 0.5 https://www.thezdi.com/blog/tag/MySQL monthly 0.5 https://www.thezdi.com/blog/tag/Batik monthly 0.5 https://www.thezdi.com/blog/tag/Webex monthly 0.5 https://www.thezdi.com/blog/tag/ESXi monthly 0.5 https://www.thezdi.com/blog/tag/Deep+Sea monthly 0.5 https://www.thezdi.com/blog/tag/Techniques monthly 0.5 https://www.thezdi.com/blog/tag/AI monthly 0.5 https://www.thezdi.com/blog/tag/NETGEAR monthly 0.5 https://www.thezdi.com/blog/tag/Synology monthly 0.5 https://www.thezdi.com/blog/tag/Apache monthly 0.5 https://www.thezdi.com/blog/tag/Firefox monthly 0.5 https://www.thezdi.com/blog/tag/Exchange monthly 0.5 https://www.thezdi.com/blog/tag/CVD monthly 0.5 https://www.thezdi.com/blog/tag/WolfBox monthly 0.5 https://www.thezdi.com/blog/tag/MITRE monthly 0.5 https://www.thezdi.com/blog/tag/Taint+Analysis monthly 0.5 https://www.thezdi.com/blog/tag/Cisco monthly 0.5 https://www.thezdi.com/blog/tag/Tesla monthly 0.5 https://www.thezdi.com/blog/tag/Trend+Micro monthly 0.5 https://www.thezdi.com/blog/tag/Struts monthly 0.5 https://www.thezdi.com/blog/tag/HPE monthly 0.5 https://www.thezdi.com/blog/tag/flash monthly 0.5 https://www.thezdi.com/blog/tag/Office monthly 0.5 https://www.thezdi.com/blog/tag/Qt monthly 0.5 https://www.thezdi.com/blog/tag/HyperFlex monthly 0.5 https://www.thezdi.com/blog/tag/CWE monthly 0.5 https://www.thezdi.com/blog/tag/Salt monthly 0.5 https://www.thezdi.com/blog/tag/Canon monthly 0.5 https://www.thezdi.com/blog/tag/IBM monthly 0.5 https://www.thezdi.com/blog/tag/Exploit monthly 0.5 https://www.thezdi.com/blog/tag/vCenter monthly 0.5 https://www.thezdi.com/blog/tag/Revit monthly 0.5 https://www.thezdi.com/blog/tag/Java monthly 0.5 https://www.thezdi.com/blog/tag/Progress monthly 0.5 https://www.thezdi.com/blog/tag/VirtualBox monthly 0.5 https://www.thezdi.com/blog/tag/ChargePoint monthly 0.5 https://www.thezdi.com/blog/tag/photo monthly 0.5 https://www.thezdi.com/blog/tag/Acrobat monthly 0.5 https://www.thezdi.com/blog/tag/printing monthly 0.5 https://www.thezdi.com/blog/tag/Pioneer monthly 0.5 https://www.thezdi.com/blog/tag/ICS monthly 0.5 https://www.thezdi.com/blog/tag/Black+Hat monthly 0.5 https://www.thezdi.com/blog/tag/TIP monthly 0.5 https://www.thezdi.com/blog/tag/SharePoint monthly 0.5 https://www.thezdi.com/blog/tag/Schneider+Electric monthly 0.5 https://www.thezdi.com/blog/tag/VMware monthly 0.5 https://www.thezdi.com/blog/tag/Samba monthly 0.5 https://www.thezdi.com/blog/tag/IDA monthly 0.5 https://www.thezdi.com/blog/tag/Safari monthly 0.5 https://www.thezdi.com/blog/tag/Autel monthly 0.5 https://www.thezdi.com/blog/tag/Intel monthly 0.5 https://www.thezdi.com/blog/tag/Kerberos monthly 0.5 https://www.thezdi.com/blog/tag/WordPress monthly 0.5 https://www.thezdi.com/blog/tag/Tokyo monthly 0.5 https://www.thezdi.com/blog/tag/Internet+Explorer monthly 0.5 https://www.thezdi.com/blog/tag/QEMU monthly 0.5 https://www.thezdi.com/blog/tag/EMC monthly 0.5 https://www.thezdi.com/blog/tag/SCADA monthly 0.5 https://www.thezdi.com/blog/tag/Sandbox+Escape monthly 0.5 https://www.thezdi.com/blog/tag/V8 monthly 0.5 https://www.thezdi.com/blog/tag/D-Link monthly 0.5 https://www.thezdi.com/blog/tag/MindshaRE monthly 0.5 https://www.thezdi.com/blog/tag/HTTP monthly 0.5 https://www.thezdi.com/blog/tag/Visual+Studio monthly 0.5 https://www.thezdi.com/blog/tag/EV monthly 0.5 https://www.thezdi.com/blog/tag/Pwn2Own monthly 0.5 https://www.thezdi.com/blog/tag/Linux monthly 0.5 https://www.thezdi.com/blog/tag/Stats monthly 0.5 https://www.thezdi.com/blog/tag/Log4j monthly 0.5 https://www.thezdi.com/blog/tag/IVI monthly 0.5 https://www.thezdi.com/blog/tag/GDI%2B monthly 0.5 https://www.thezdi.com/blog/tag/WhatsApp monthly 0.5 https://www.thezdi.com/blog/tag/Remote+Desktop monthly 0.5 https://www.thezdi.com/blog/tag/Debugger monthly 0.5 https://www.thezdi.com/blog/tag/NVIDIA monthly 0.5 https://www.thezdi.com/blog/tag/Xiaomi monthly 0.5 https://www.thezdi.com/blog/tag/Info+Leak monthly 0.5 https://www.thezdi.com/blog/tag/0-day monthly 0.5 https://www.thezdi.com/blog/tag/Metasploit monthly 0.5 https://www.thezdi.com/blog/tag/Parallels monthly 0.5 https://www.thezdi.com/blog/tag/JSON monthly 0.5 https://www.thezdi.com/blog/tag/Security+Patch monthly 0.5 https://www.thezdi.com/blog/tag/Reverse+Engineering monthly 0.5 https://www.thezdi.com/blog/tag/LLM monthly 0.5 https://www.thezdi.com/blog/tag/Phillips monthly 0.5 https://www.thezdi.com/blog/tag/Lexmark monthly 0.5 https://www.thezdi.com/blog/tag/PDF monthly 0.5 https://www.thezdi.com/blog/tag/JavaScript monthly 0.5 https://www.thezdi.com/blog/tag/Electron monthly 0.5 https://www.thezdi.com/blog/tag/Top+5 monthly 0.5 https://www.thezdi.com/blog/tag/Chrome monthly 0.5 https://www.thezdi.com/blog/tag/ManageEngine monthly 0.5 https://www.thezdi.com/blog/tag/Hardware monthly 0.5 https://www.thezdi.com/blog/tag/tutorial monthly 0.5 https://www.thezdi.com/blog/tag/Oracle monthly 0.5 https://www.thezdi.com/blog/tag/VBScript monthly 0.5 https://www.thezdi.com/blog/tag/AWS monthly 0.5 https://www.thezdi.com/blog/tag/digital monthly 0.5 https://www.thezdi.com/blog/tag/Escape monthly 0.5 https://www.thezdi.com/blog/tag/JNDI monthly 0.5 https://www.thezdi.com/blog/tag/Bash monthly 0.5 https://www.thezdi.com/blog/tag/Binary+Ninja monthly 0.5 https://www.thezdi.com/blog/tag/Detection+Guidance monthly 0.5 https://www.thezdi.com/blog/tag/Miami monthly 0.5 https://www.thezdi.com/blog/tag/Guidance monthly 0.5 https://www.thezdi.com/blog/tag/Infotainment monthly 0.5 https://www.thezdi.com/blog/tag/OCPP monthly 0.5 https://www.thezdi.com/blog/tag/VMWare monthly 0.5 https://www.thezdi.com/blog/tag/Apple monthly 0.5 https://www.thezdi.com/blog/tag/Kenwood monthly 0.5 https://www.thezdi.com/blog/tag/JIT monthly 0.5 https://www.thezdi.com/blog/tag/Schedule monthly 0.5 https://www.thezdi.com/blog/tag/DNS monthly 0.5 https://www.thezdi.com/blog/tag/HP monthly 0.5 https://www.thezdi.com/blog/tag/Program+News monthly 0.5 https://www.thezdi.com/blog/tag/DoS monthly 0.5 https://www.thezdi.com/blog/tag/Root+Cause monthly 0.5 https://www.thezdi.com/blog/tag/Automotive monthly 0.5 https://www.thezdi.com/blog/tag/Western+Digital monthly 0.5 https://www.thezdi.com/blog/tag/Webkit monthly 0.5 https://www.thezdi.com/blog/tag/Druid monthly 0.5 https://www.thezdi.com/blog/tag/Ivanti monthly 0.5 https://www.thezdi.com/blog/tag/WebSphere monthly 0.5 https://www.thezdi.com/blog/tag/Microsoft monthly 0.5 https://www.thezdi.com/blog/tag/eBPF monthly 0.5 https://www.thezdi.com/blog/tag/Visteon monthly 0.5 https://www.thezdi.com/blog/tag/Google monthly 0.5 https://www.thezdi.com/blog/tag/Deserialization monthly 0.5 https://www.thezdi.com/blog/tag/Router monthly 0.5 https://www.thezdi.com/blog/tag/XWiki monthly 0.5 https://www.thezdi.com/blog/tag/QNAP monthly 0.5 https://www.thezdi.com/blog/tag/Rockwell monthly 0.5 https://www.thezdi.com/blog/tag/Drupal monthly 0.5 https://www.thezdi.com/blog/tag/IIS monthly 0.5 https://www.thezdi.com/blog/tag/Ruby+on+Rails monthly 0.5 https://www.thezdi.com/blog/tag/UAC monthly 0.5 https://www.thezdi.com/blog/tag/Aria monthly 0.5 https://www.thezdi.com/blog/tag/CNA monthly 0.5 https://www.thezdi.com/blog/tag/UAF monthly 0.5 https://www.thezdi.com/blog/tag/FreeBSD monthly 0.5 https://www.thezdi.com/blog/tag/LPE monthly 0.5 https://www.thezdi.com/blog/tag/Fuzzer monthly 0.5 https://www.thezdi.com/blog/tag/Mozilla monthly 0.5 https://www.thezdi.com/blog/tag/Triangle+MicroWorks monthly 0.5 https://www.thezdi.com/blog/tag/Logsign monthly 0.5 https://www.thezdi.com/blog/tag/Reader monthly 0.5 https://www.thezdi.com/blog/tag/Autodesk monthly 0.5 https://www.thezdi.com/blog/tag/Research monthly 0.5 https://www.thezdi.com/blog/tag/CanSecWest monthly 0.5 https://www.thezdi.com/blog/tag/MOVEit monthly 0.5 https://www.thezdi.com/blog/tag/macOS monthly 0.5 https://www.thezdi.com/blog/tag/Sony monthly 0.5 https://www.thezdi.com/blog/tag/Bitdefender monthly 0.5 https://www.thezdi.com/blog/tag/Notepad monthly 0.5 https://www.thezdi.com/blog/tag/MP2O monthly 0.5 https://www.thezdi.com/blog/tag/PyKD monthly 0.5 https://www.thezdi.com/blog/tag/Malwarebytes monthly 0.5 https://www.thezdi.com/blog/tag/Tools monthly 0.5 https://www.thezdi.com/blog/tag/Copy2Pwn monthly 0.5 https://www.thezdi.com/blog/tag/Attack+Surface monthly 0.5 https://www.thezdi.com/blog/tag/Group+Policy monthly 0.5 https://www.thezdi.com/blog/tag/Disclosure monthly 0.5 https://www.thezdi.com/blog/tag/Mobile monthly 0.5 https://www.thezdi.com/blog/tag/.NET+Framework monthly 0.5 https://www.thezdi.com/blog/tag/Retrospective monthly 0.5 https://www.thezdi.com/blog/tag/Firewall monthly 0.5 https://www.thezdi.com/blog/tag/SolarWinds monthly 0.5 https://www.thezdi.com/blog/tag/WebLogic monthly 0.5 https://www.thezdi.com/blog/tag/TPLink monthly 0.5 https://www.thezdi.com/blog/tag/UEFI monthly 0.5 https://www.thezdi.com/blog/tag/Atlassian monthly 0.5 https://www.thezdi.com/blog/tag/Results monthly 0.5 https://www.thezdi.com/blog/tag/Industrial+IoT monthly 0.5 https://www.thezdi.com/blog/tag/Huawei monthly 0.5 https://www.thezdi.com/blog/tag/Wireless monthly 0.5 https://www.thezdi.com/blog/tag/Arista monthly 0.5 https://www.thezdi.com/blog/tag/Threat+Hunting monthly 0.5 https://www.thezdi.com/blog/tag/NFS monthly 0.5 https://www.thezdi.com/blog/tag/EV+Charger monthly 0.5 https://www.thezdi.com/blog/tag/Ubiquiti monthly 0.5 https://www.thezdi.com/blog/tag/Facebook monthly 0.5 https://www.thezdi.com/blog/tag/Kernel monthly 0.5 https://www.thezdi.com/blog/tag/Python monthly 0.5 https://www.thezdi.com/blog/tag/ML monthly 0.5 https://www.thezdi.com/blog/tag/Ubuntu monthly 0.5 https://www.thezdi.com/blog/tag/Azure monthly 0.5 https://www.thezdi.com/blog/tag/Belkin monthly 0.5 https://www.thezdi.com/blog/tag/Berlin monthly 0.5 https://www.thezdi.com/blog/tag/Advantech monthly 0.5 https://www.thezdi.com/blog/tag/IO+Ninja monthly 0.5 https://www.thezdi.com/blog/tag/NetBSD monthly 0.5 https://www.thezdi.com/blog/tag/Vulnerability monthly 0.5 https://www.thezdi.com/blog/tag/Sophos monthly 0.5 https://www.thezdi.com/blog/tag/Android monthly 0.5 https://www.thezdi.com/blog/tag/Vanguards monthly 0.5 https://www.thezdi.com/blog/tag/Linksys monthly 0.5 https://www.thezdi.com/blog/tag/ISC+BIND monthly 0.5 https://www.thezdi.com/blog/tag/Samsung monthly 0.5 https://www.thezdi.com/blog/tag/OPC+UA monthly 0.5 https://www.thezdi.com/blog/tag/Netatalk monthly 0.5 https://www.thezdi.com/blog/tag/ColdFusion monthly 0.5 https://www.thezdi.com/blog/tag/Avast monthly 0.5 https://www.thezdi.com/blog/tag/Windows monthly 0.5 https://www.thezdi.com/blog/tag/IoT monthly 0.5 https://www.thezdi.com/blog/tag/Auto monthly 0.5 https://www.thezdi.com/blog/tag/Squid monthly 0.5 https://www.thezdi.com/blog/tag/Dharma monthly 0.5 https://www.thezdi.com/blog/tag/Zoom monthly 0.5 https://www.thezdi.com/blog/tag/LLDB monthly 0.5 https://www.thezdi.com/blog/tag/Underflow monthly 0.5 https://www.thezdi.com/blog/tag/Citrix monthly 0.5 https://www.thezdi.com/blog/tag/MoTW monthly 0.5 https://www.thezdi.com/blog/tag/kext monthly 0.5 https://www.thezdi.com/blog/tag/Chakra monthly 0.5 https://www.thezdi.com/blog/tag/HMI monthly 0.5 https://www.thezdi.com/blog/tag/Red+Hat monthly 0.5 https://www.thezdi.com/blog/tag/Inductive+Automation monthly 0.5 https://www.thezdi.com/blog/tag/SaltStack monthly 0.5 https://www.thezdi.com/blog/tag/DHCP monthly 0.5 https://www.thezdi.com/blog/tag/Edge monthly 0.5 https://www.thezdi.com/welcome daily 1.0 2013-01-30 https://www.thezdi.com/redirect daily 0.75 2019-03-22