NONE OF THIS CONTENT IS MY OWN

This is a list of links that I've been posting to a random Discord channel for a cybersecurity class I was in. The server is fairly inactive (but ppl still read the channel!) and keeping things exclusively on Discord is bad, so I wrote a Discord bot that mirrors activity in the channel to this page and a Mastodon account.

• 2024-11-19: Palo Alto PAN-OS Had Trivial PHP Security Vulns (source)
• 2024-11-17: PRNG Exploitation... In Minecraft (source)
• 2024-11-08: Abusing A Built-In Kernel-Level Shellcode Decoder In Windows (source)
• 2024-10-05: Chinese-affiliated Group Broke Into US Wiretap Systems (source)
• 2024-10-04: Pixel 9 Baseband Firmware Security Approach (source)
• 2024-09-20: Arc Browser Has A Firebase XSS Bug (source)
• 2024-07-25: Anyone Can Access Private/Deleted Data On GitHub (source)
• 2024-07-19: Google Turns Off URL Shortener & This Affects The Linux Kernel (source)
• 2024-07-18: NVIDIA starts to make kernel modules open-source (source)
• 2024-06-30: Apple Airpods Auth Bypass Over Bluetooth Fast-Connect (source)
• 2024-06-25: Abusing Intel TSX Instructions To "Egg Hunt" A CTF Flag (source)
• 2024-06-20: CVE-2024-27815: A Buffer Overflow in the XNU Kernel (source)
• 2024-06-15: Investigating A Really Old Cox Infra Auth Bypass (For Every Modem) (source)
• 2024-06-15: CVE-2024-30078: Windows Wi-Fi Driver RCE (source)
• 2024-06-09: TPM Attack: Software-Rebound Reset Pin That Intel Thinks Is Feature, Not Bug (source)
• 2024-05-24: Cloudflare: Optimizing TCP for High Throughput and Low Latency (source)
• 2024-05-21: Arbitrary Code Execution In PDF.js (source)
• 2024-05-06: CVE-2024-3661: TunnelVision: DHCP can attack VPN routes on your local network (source)
• 2024-04-06: Linux Kernel Local Privilege Escalation on 5.14 thru 5.16 (source)
• 2024-03-29: SSHD Compromise via Backdoored liblzma (source)
• 2024-03-21: US DOJ Sues Apple Because It's A Monopoly, Finally (source)
• 2024-03-21: Rust 1.77.0 Released (source)
• 2024-02-16: Google's AI for file type identification seems pretty good actually (source)
• 2024-02-12: AMD Funded A CUDA Drop-In Replacement And Now It's Open-Source (source)
• 2024-02-01: glibc syslog vuln, or, C Literally Cannot Stop Having Buffer Overflow -> PrivEsc (source)
• 2024-01-27: Hand-written Backdoors In (NN) Transformers Are Possible (source)
• 2024-01-05: Linux-compatible-ish Kernel Written In Rust (source)
• 2023-12-27: Apple iPhone Debug Interface Used In Exploit Chain (source)
• 2023-12-24: Memory Safety Is Not The End (source)
• 2023-12-19: Terrapin Attack (source)
• 2023-11-29: Python is faster than C/Rust due to a CPU bug!? (source)
• 2023-11-27: Bypassing noexec with ELF ROP-ing (source)
• 2023-11-25: Web Scraping via Javascript Runtime Heap Snapshots (source)
• 2023-11-23: Wasmtime and Cranelift in 2023 (source)
• 2023-11-19: rustc Output Reverse-Engineering (source)
• 2023-11-13: From 1-key KDM to multi-key KDM (source)
• 2023-10-26: Trusting Trust Demo (source)
• 2023-10-25: iLeakage (source)
• 2023-10-01: WebP 0day retrospective (source)
• 2023-09-28: Libvpx remote buffer overflow vuln (source)
• 2023-08-29: Grafana GPG signing key leaked (source)
• 2023-08-28: Privesc Without Drivers (source)
• 2023-07-25: Citrix Has Too Many CVEs To Keep Track Of (source)
• 2023-07-24: Zenbleed (source)
• 2023-07-13: They Ported Windows Defender to Linux (source)
• 2023-06-23: Keyless CAN injection attacks (source)
• 2023-06-16: io_uring strikes for the nth time (source)
• 2023-06-06: Must-reads on Pointer Provenance (source)
• 2023-05-19: Exploiting Spinlock UAF in the Android Kernel (source)
• 2023-05-18: OS Scheduling (source)
• 2023-05-17: Intel OEM signing key leaked (source)
• 2023-05-16: Linux IPv6 Route of Death 0day (source)
• 2023-05-13: oh wow another io_uring vuln, shocker (source)
• 2023-05-11: Converso exposed (source)
• 2023-05-04: No AI Moat (source)
• 2023-05-02: WebGPU (source)
• 2023-04-08: WarpAttack (source)
• 2023-03-28: H.264 Decoder Vulnerabilities (source)
• 2023-03-25: Pheonix Hyperspace (source)
• 2023-03-16: Multiple Internet to Baseband RCE vulns (source)
• 2023-03-10: Widevine L3 DRM claimed broken (source)
• 2023-02-20: "printf external link()" (source)
• 2023-02-03: Project Zero: Windows Kernel memory corruption (source)
• 2023-02-01: sh1mmer (source)
• 2023-01-31: Extracting Training Data from Diffusion Models (source)
• 2023-01-30: Abusing Exceptions for Code Execution (source)
• 2023-01-26: How HVEC/H.265 Works (source)
• 2023-01-25: Do Intel Chips Have A Data Dependence For Adding Numbers? (source)
• 2023-01-23: Linux Kernel Adds Bounded Flexible Arrays, Finally (source)
• 2023-01-16: Windows: Investigating Filter Communication Ports (source)
• 2023-01-12: Windows Kernel Racing Bugs (source)
• 2023-01-03: DualShock4 Reverse Engineering (source)
• 2023-01-01: Hacking a Roku TV (source)
• 2022-12-29: Selectively Allow Firewall Traffic On Windows (source)
• 2022-12-16: Breaking KASLR under KPTI with Prefetch (source)
• 2022-11-30: (OLD) RSA Timing Attacks (source)
• 2022-11-30: (OLD) Remote Timing Attacks are Practical (source)
• 2022-11-29: SGX.Fail (source)
• 2022-11-25: Report: C++ Zero Initialization Costs Nothing, Prevents Lots (source)
• 2022-11-24: Apple Neural Engine Memory Corruption (source)
• 2022-11-21: Tailscale RCE writeup (source)
• 2022-11-11: Accidental Google Pixel Lock Screen Bypass (source)
• 2022-11-01: OpenSSL "Critical" Error Was A Trivial Buffer Overflow (source)
• 2022-10-25: SQLite Vulnerability whoa!! (source)
• 2022-10-24: Cool io_uring exploit writeup (source)
• 2022-10-17: Another Java String Interpolation Bug (source)
• 2022-10-09: They Just Let Anyone Sign One Of These (MacOS CoreTrust Root Certificates) (source)
• 2022-09-29: Matrix Is Effectively Dead (source)
• 2022-09-19: PS2 VM Escape (source)
• 2022-09-13: "Computer, Go Hack Yourself" (source)
• 2022-08-13: Legendary Car Hack (source)
• 2022-07-31: Windows Kernel Exploit Resources (source)
• 2022-06-27: More OpenSSL Memory Corruption (source)
• 2022-06-23: Project Zero Carrier App Analysis (source)
• 2022-06-17: Complex Android Exploit (source)
• 2022-06-15: New Race Condition Fuzzer ETA Son (source)
• 2022-06-11: Apple "PACman" Chip Hardware Vulnerability (source)
• 2022-06-08: Bootloader Fuzzing! (source)
• 2022-05-25: Hacking Fuchsia OS (source)
• 2022-05-24: Data-Only Kernel Exploits (source)
• 2022-05-15: An Interesting Python Sandbox Escape (source)
• 2022-05-04: dirhunt: Find web directories without bruteforce (source)
• 2022-05-01: Gitlab Universal Password (source)
• 2022-04-29: Apple Processors Have A Speculation Vulnerability Too (source)
• 2022-04-19: Rewrite Introduces Java Crypto Bug (source)
• 2022-04-12: Windows RPC RCE Vuln (source)
• 2022-04-09: Browser Exploitation on Windows Writeup (source)
• 2022-04-02: Neat Bugs in `nf_tables` Input Validation (source)
• 2022-04-01: The Only Good April Fools: Actually Neat Applications (source)
• 2022-03-28: Full Linux Privilege Escalation With es6 Modules (source)
• 2022-03-15: Discord As Exfil?? (source)
• 2022-03-08: Unsigned Int Energy (DDoS reflection) (source)
• 2022-03-07: DirtyPipe (source)
• 2022-02-11: Python Security Pitfalls That CTF People Probably Already Knew About (source)
• 2022-01-30: Abusing Microsoft Teams (source)
• 2022-01-26: Apple's IndexDB Has A Tweetable Exploit (source)
• 2022-01-22: MoonBounce: the dark side of UEFI firmware (source)
• 2022-01-10: Cool Browser Security Research Paper (source)
• 2021-12-10: LOG4SHELL (source)
• 2021-12-07: 1-click Windows 10 RCE (source)
• 2021-12-06: Electrospaces.net (source)
• 2021-11-22: Windows Installer LPE 0-day (source)
• 2021-10-14: The Missouri Govenor Said Something Really Dumb; Remember This Debacle? (source)
• 2021-10-12: Javascript For Crypto? Goes As Well As You'd Expect (source)
• 2021-10-09: Build Pipeline Security feat XSS Fox (source)
• 2021-09-25: Apple's Bug Bounty Is Rough (source)
• 2021-09-19: Well, I'll Just Fix Safari Myself, Then! (source)
• 2021-09-14: Microsoft Azure Secret Agent Vulnerability (source)
• 2021-09-04: A Cool Windows Prank :) (source)
• 2021-09-03: History of NSA Installing Backdoors on Juniper Routers (source)
• 2021-09-02: Quest to Uncover The Ultimate Naughty Word List (source)
• 2021-08-30: A Very Long .LNK file (source)
• 2021-08-27: RCE in Office 365 (source)
• 2021-08-22: Razer Mice Give You Admin (source)
• 2021-08-20: GlueBall: The story of CVE-2020-1464 (source)
• 2021-08-14: Fun Domain Name Stuff (source)
• 2021-08-06: HTTP/2-exclusive attacks (source)
• 2021-07-20: Sequoia: A deep root in Linux's filesystem layer (source)
• 2021-06-30: Exploiting CVE-2020-15368 (source)
• 2021-06-27: \"Yeah I got a CVE :sunglasses:\" (source)
• 2021-05-18: OMG Cable (source)
• 2021-05-11: FragAttacks: Security flaws in all Wi-Fi devices (source)
• 2021-04-07: Huge Brain Attack On Facebook (source)
• 2021-04-03: Opening a TXT file is fine, right? (source)
• 2021-03-30: An iOS zero-click radio proximity exploit odyssey (source)
• 2021-03-30: \'90s hackers in 2021 (source)
• 2021-03-29: OpenSSL Security Fixes (source)
• 2021-03-12: STOP DOING VULNERABILITY RESEARCH (source)