0xor0ne (@0xor0ne) Bsky

TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities (paper, '26)

d-we.me/papers/treve...

#infosec

1 day ago 0 0 0 0

Analysis of CVE-2025-4802: glibc 2.27-2.38 fails to sanitize LD_LIBRARY_PATH before dlopen() in statically linked SUID binaries, allowing arbitrary library loading and LPE.

allelesecurity.com/libc-vuln-an...

Infosec

5 days ago 1 1 0 0

Heap KASLR Leaks | Lukas Maar Software-only KernelSnitch side channel plus cross-cache reuse leaks heap KASLR (msg_msg/pipe_buffer) across Linux environments and Android.

Software-only timing side-channel leaking mm_struct without a memory-safety bug, pivoting via cross-cache reuse to msg_msg/pipe_buffer, effective even on MTE.

lukasmaar.github.io/posts/heap-k...

Credits: Lukas Maar

#infosec

1 week ago 4 1 0 0

Leveling Up Secure Code Reviews with Claude Code - SpecterOps Claud Code is a force multiplier when performing secure code reviews during an assessment. In this post, we discuss how to leverage Claude Code to produce digestible output that helps up better unders...

Using Claude Code for secure code review

specterops.io/blog/2026/03...

#infosec #llm

2 weeks ago 5 0 1 0

Rooting the TP-Link Tapo C200 Rev.5 Let’s explore ways to mod a Tapo C200 Rev.5 firmware in order to gain root access to a running device.

Reverse engineer and get full root access on the TP-Link Tapo C200 (2025)

quentinkaiser.be/security/202...

#infosec

2 weeks ago 4 0 0 0

GitHub - huhusmang/Awesome-LLMs-for-Vulnerability-Detection: Awesome Large Language Models for Vulnerability Detection Awesome Large Language Models for Vulnerability Detection - huhusmang/Awesome-LLMs-for-Vulnerability-Detection

Collection of paper related to LLM for vulnerability research/detection

github.com/huhusmang/Aw...

#infosec

2 weeks ago 6 1 1 0

GitHub - IamAlch3mist/Awesome-Embedded-Systems-Vulnerability-Research: Resources to getting started vulnerability research on IoT/embedded devices. Resources to getting started vulnerability research on IoT/embedded devices. - IamAlch3mist/Awesome-Embedded-Systems-Vulnerability-Research

Collection of resources for getting started with IoT/embedded devices vulnerability research

github.com/IamAlch3mist...

#infosec

3 weeks ago 5 2 0 0

A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets A step-by-step guide to exploiting a 20-year-old bug in the Linux kernel to achieve full privilege escalation and container escape, plus a cool bug-hunting heuristic.

Exploiting a use-after-free vulnerability in the Linux kernel’s packet socket subsystem, caused by a race condition between packet_set_ring() and packet_notifier() (CVE-2025-38617)

blog.calif.io/p/a-race-wit...

#infosec

4 weeks ago 3 2 0 0

Revisiting Two-Shot Kernel Shellcode Execution From Control Flow Hijacking One of the inspirations for my work on the System Register Hijacking paper was this blog post by Project Zero written by Andrey Konovalov. In the blog post he describes a method of bypassing SMEP/SMAP...

Bypassing Linux kernel CR Pinning to execute shellcode by placing a KProbe in the native_write_cr4 instruction gap.

blog.zolutal.io/two-shot-ker...

#infosec

1 month ago 2 0 0 0

Now You See mi: Now You're Pwned Exploiting and jailbreaking Xiaomi Home Security Smart Cameras

Excellent blog post on reverse engineering and exploiting a Xiaomi C400 Smart Camera

labs.taszk.io/articles/pos...

Research by Botond Hartmann

#infosec

1 month ago 11 5 0 0

PageJack in Action: CVE-2022-0995 exploit - Quarkslab's blog PageJack is a Linux kernel exploitation technique useful to generate a Use After Free (UAF) in the page allocator. In this article we provide a detailed example of how to use it to exploit a Linux ker...

Exploiting CVE-2022-0995 (Linux kernel OOB write in watch_queue) using the PageJack technique to create a page level UAF and overwrite struct file to gain LPE.

blog.quarkslab.com/pagejack-in-...

Credits Jean Vincent

#infosec

1 month ago 9 2 0 0

GitHub - 0xor0ne/awesome-list: Cybersecurity oriented awesome list Cybersecurity oriented awesome list. Contribute to 0xor0ne/awesome-list development by creating an account on GitHub.

Cybersecurity blog posts, writeups, papers, and tools

github.com/0xor0ne/awes...

#infosec

1 month ago 28 4 0 0

GitHub - vulhunt-re/vulhunt: Vulnerability detection framework by Binarly's REsearch team Vulnerability detection framework by Binarly's REsearch team - vulhunt-re/vulhunt

VulHunt: vulnerability detection framework

github.com/vulhunt-re/v...

Accompanying blog series:

www.binarly.io/blog/vulhunt...
www.binarly.io/blog/vulhunt...
www.binarly.io/blog/vulnera...
www.binarly.io/blog/vulhunt...
www.binarly.io/blog/agentic...

#infosec

1 month ago 16 3 2 0

A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets A step-by-step guide to exploiting a 20-year-old bug in the Linux kernel to achieve full privilege escalation and container escape, plus a cool bug-hunting heuristic.

Analysis and exploitation of CVE-2025-38617, a race condition based use-after-free vulnerability in the Linux kernel’s packet socket subsystem

blog.calif.io/p/a-race-wit...

#Linux #infosec

1 month ago 8 1 0 0

SCOMmand and Conquer - Attacking System Center Operations Manager (Part 1) - SpecterOps TL:DR; SCOM suffers from similar insecure default configurations as its SCCM counterpart, enabling attackers to escalate privileges, harvest credentials, and ultimately compromise the entire managemen...

Two part series on attacking System Center Operations Manager (SCOM): management group takeover via NTLM relay and RunAs credential recovery (2025)

Part 1: specterops.io/blog/2025/12...
Part 2: specterops.io/blog/2025/12...

Research by Matt Johnson and Garrett Foster

#infosec

1 month ago 11 5 0 0

GitHub - emproof-com/workshop_firmware_reverse_engineering: Workshop on firmware reverse engineering Workshop on firmware reverse engineering. Contribute to emproof-com/workshop_firmware_reverse_engineering development by creating an account on GitHub.

Emproof's workshop material to get started with embedded firmware reverse engineering

github.com/emproof-com/...

#infosec #embedded

2 months ago 31 6 0 0

[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device In October 2025, we performed a security assessment of the ARM-based Moxa UC-1222A Secure Edition industrial computer.

Recovering LUKS decryption key by passively monitoring the SPI bus between the SoC and the discrete TPM 2.0 device (Moxa UC-1222A)

www.cyloq.se/en/research/...

#infosec

2 months ago 7 3 0 0

Three-part series Binarly on Supermicro BMC firmware authentication bypasses

Part 1: www.binarly.io/blog/ghost-i...
Part 2: www.binarly.io/blog/broken-...
Part 3: www.binarly.io/blog/have-yo...

#infosec

2 months ago 14 4 0 0

Binary Ninja - Defeating Anti-Reverse Engineering: A Deep Dive into the 'Trouble' Binary Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.

Reverse engineering Linux anti-RE tricks (ELF headers, segment gaps, XOR layers, RC4 encryption)

binary.ninja/2026/01/23/r...

Credits: Xusheng Li

#infosec

2 months ago 49 6 0 0

Bruteforcing ECC and dumping firmware from a Potensic Atom 2 drone

neodyme.io/en/blog/dron...

#infosec

2 months ago 9 0 0 0

Great 3-parts series on 0-click exploit chain targeting Android Pixel 9

Part 1: projectzero.google/2026/01/pixe...
Part 2: projectzero.google/2026/01/pixe...
Part 3: projectzero.google/2026/01/pixe...

Research by Natalie Silvanovich and Seth Jenkins

#infosec

3 months ago 33 4 1 1

Not To Be Trusted - A Fiasco in Android TEEs Trusted Execution Environments (TEEs) based on ARM TrustZone form the backbone of modern Android devices' security architecture. The wor...

Escalate privileges from a rooted user space (N-EL0) to the highest privilege level in the Secure World (S-EL3) (Android Xiaomi Redmi 11s) (CCC 2025)

media.ccc.de/v/39c3-not-t...

#infosec

3 months ago 6 1 0 0

Airoha Bluetooth RACE vulnerabilities (CVE-2025-20700/20701/20702)

Blog post: insinuator.net/2025/12/blue...

White paper: static.ernw.de/whitepaper/E...

Credits Dennis Heinze, Frieder Steinmetz

#infosec #bluetooth

3 months ago 3 0 0 0

Clang Hardening Cheat Sheet - Ten Years Later - Quarkslab's blog Ten years ago, we published a Clang Hardening Cheat Sheet. Since then, both the threat landscape and the Clang toolchain have evolved significantly. This blog post presents the new mitigations availab...

Clang Hardening Cheat Sheet (2026)

blog.quarkslab.com/clang-harden...

#infosec

3 months ago 11 4 0 1

GitHub - 0xor0ne/awesome-list: Cybersecurity oriented awesome list Cybersecurity oriented awesome list. Contribute to 0xor0ne/awesome-list development by creating an account on GitHub.

Curated list of cybersecurity research, RE material, exploitation write-ups, and tools.

github.com/0xor0ne/awes...

#infosec

3 months ago 67 12 2 1

Bypassing secure boot on Raspberry RP2350 (paper)

www.usenix.org/system/files...

#infosec #embedded

3 months ago 10 6 0 0

Breaking Into a Brother (MFC-J1010DW): Three Security Flaws in a Seemingly Innocent Printer The Target: Brother MFC-J1010DW Affected Models: Brother Printer MFC-J1010DW Vulnerable Firmware: Version <= 1.18 TL;DR: The Vulnerability Chain We discovered three vulnerabilities that when chained...

Unauthenticated remote code execution on a Brother Printer MFC-J1010DW by chaining three vulnerabilities

starlabs.sg/blog/2025/11...

Credits Nguyên Đăng Nguyên, Manzel Seet and Amos Ng

#infosec #iot

3 months ago 4 2 0 0

A look at an Android ITW DNG exploit.
Quram library exploit technical details (CVE-2025-21042)

googleprojectzero.blogspot.com/2025/12/a-lo...

#infosec

4 months ago 6 3 0 0

Getting remote code execution on a Brother Printer (MFC-J1010DW) by chaining three vulnerabilities

starlabs.sg/blog/2025/11...

#infosec

4 months ago 92 14 1 1

1-click exploit chain over Bluetooth stack used in automotive industry (PerfektBlue) (slides)

powerofcommunity.net/2025/slide/m...

Credits Mikhail Evdokimov

#infosec

4 months ago 5 2 0 0

Posts by 0xor0ne