Profile avatar
alexplaskett.bsky.social
Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
52 posts 352 followers 122 following
Prolific Poster
Posts 42 Comments 8

Only a week and a half left for USENIX WOOT '25 conference submissions - deadline March 11 AoE. We’re looking forward to seeing even more of your amazing offensive security papers this year! And still a few days for up-and-coming track (March 4). CfP at www.usenix.org/conference/w...

submitted 9 days ago • 0 comments

We discover 119 vulnerabilities in LTE/5G core infrastructure, each of which can result in persistent denial of cell service to an entire metropolitan area or city and some of which can be used to remotely compromise and access the cellular core. https://cellularsecurity.org/ransacked

submitted 17 days ago • 0 comments

I watch and read and I’ve seen a manner research. But this research into visualising Wi-Fi signals using an array of ESP32 chips is something else. www.youtube.com/watch?v=sXwD... It is that good. That deep and frankly so out there and he calls himself a mediocre engineer too. WTF? Blown away.

submitted 21 days ago • 6 comments

Hackers rejoice! We are releasing the Phrack 71 PDF for you today! Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue! The CFP is still open, you can find it and the PDF link at phrack.org

submitted 22 days ago • 2 comments

Update your AMD Zen processor's BIOS: www.amd.com/en/resources... Check with your OEM for BIOS updates with the new microcode patches, they have had some time to address this high importance item.

submitted 32 days ago • 0 comments

2024 was a significant year for decompilation, constituting a possible resurgence in the field. Major talks, the thirty-year anniversary of research, movements in AI, and an all-time high for top publications in decompilation. Join me for a retrospective: mahaloz.re/dec-progr...

submitted 39 days ago • 0 comments

Just unrestricted an issue that shows a fun new attack surface. Android RCS locally transcribes incoming media, making vulnerabilities audio codecs now fully-remote. This bug in an obscure Samsung S24 codec is 0-click project-zero.issues.chromium.org/issues/36869...

submitted 58 days ago • 1 comment

OMG, Orange Tsai released his latest new research 🤯 💣 blog.orange.tw/posts/2025-0...

submitted 58 days ago • 3 comments

Looking through the schedule of #38c3 which starts tomorrow. Some talks I’ll be watching the streams for this year: ACE up the sleeve: Hacking into Apple's new USB-C Controller fahrplan.events.ccc.de/congress/202... Liberating Wi-Fi on the ESP32 fahrplan.events.ccc.de/congress/202...

submitted 73 days ago • 2 comments

vacation reading material acquired!

submitted 76 days ago • 0 comments

Pretty interesting technique used by _mccaulay here to understand the heap better and aid exploitation of a TP-Link vulnerability! www.nccgroup.com/uk/research-...

submitted 76 days ago • 0 comments

We updated our CFP for Phrack 72! The deadline is now April 1st 2025. Check the site for specifics on how to contribute, as well as some inspiration! We also posted a link to purchase physical copies of Phrack 71, and a donation link too. Enjoy! phrack.org

submitted 82 days ago • 4 comments

Intel launched the Pentium processor in 1993. Unfortunately, dividing sometimes gave a slightly wrong answer, the famous FDIV bug. Replacing the faulty chips cost Intel $475 million. I reverse-engineered the circuitry and can explain the bug. 1/9

submitted 93 days ago • 17 comments

I wrote a fun, little blog post. Remote pre-auth file deletion in SolarWinds ARM allowed to achieve LPE on AD machines 🙃

submitted 87 days ago • 1 comment

A PoC for that Cleo zero-day is now live: labs.watchtowr.com/cleo-cve-202...

submitted 87 days ago • 0 comments

New DCOM lateral movement technique discovered that bypasses traditional defenses. Unlike previous attacks relying on IDispatch interfaces, this method exploits undocumented COM interfaces within MSI, specifically targeting IMsiServer and IMsiCustomAction interfaces. 1/7

submitted 87 days ago • 2 comments

Course materials for Modern Binary Exploitation by RPISEC github.com/RPISEC/MBE?s... via @alexplaskett.bsky.social

submitted 89 days ago • 0 comments

I recently saw an amazing Navajo rug at the National Gallery of Art. It looks abstract at first, but it is a detailed representation of the Intel Pentium processor. Called "Replica of a Chip", it was created in 1994 by Marilou Schultz, a Navajo/Diné weaver and math teacher. 1/n

submitted 104 days ago • 36 comments

Rapid7 has disclosed the vulns from our exploit chain targeting the Lorex 2K Indoor Wi-Fi Security Camera, which we entered at this year's Pwn2Own Ireland. A 2 phase exploit, built upon 5 vulns - phase 1 is an auth bypass, whilst phase 2 is RCE. Disclosure, analysis and exploit here: t.co/J9VDwMDRsI

submitted 95 days ago • 1 comment

Novel approach to exploit a limited OOB on Ubuntu at Pwn2Own Vancouver 2024 Slides from a talk by Pumpkin Chang about exploiting a stack out-of-bounds write bug in the traffic control subsystem. u1f383.github.io/slides/talks...

submitted 102 days ago • 1 comment

week 44, streaming kernel dev topic: userspace page fault handling prequel to week 43, worked on the kernel-mode syscall support behind userspace PF handling (incl. recursive page fault support) (pre-recorded since I'm away this week ✌️) https://www.youtube.com/watch?v=5fv6Pjx3in8

submitted 98 days ago • 0 comments

A port of DOOM for a quantum computer! github.com/Lumorti/Quan...

submitted 98 days ago • 1 comment

submitted 99 days ago • 2 comments

If you enjoy programming and lower levels of the stack, this is a talk you want to watch: www.youtube.com/watch?v=WDfr...

submitted 99 days ago • 0 comments

QwQ: Reflect Deeply on the Boundaries of the Unknown QwQ-32B-Preview is an experimental research model developed by the Qwen Team, focused on advancing AI reasoning capabilities. qwenlm.github.io/blog/qwq-32b...

submitted 99 days ago • 0 comments

This a really cool talk by DonjonLedger about using a laser fault injection attack to extract the second share of the seed from a Microchip ATECC secure element hardwear.io/netherlands-... www.youtube.com/embed/Hd_K2y...

submitted 99 days ago • 0 comments

Podcast: risky.biz/RBNEWS367/ Newsletter: news.risky.biz/risky-biz-ne... -Microsoft’s thanksgiving treat: an FTC investigation -Tor needs 200 new bridges to avoid Russian censorship -US court overturns Tornado Cash sanctions -ESET finds first Ubuntu UEFI bootkit -Unpatched Windows LPE

submitted 100 days ago • 1 comment

"The networks are still compromised, and booting the hackers out could involve physically replacing “literally thousands and thousands and thousands of pieces of equipment across the country,” specifically outdated routers and switches" 🕵️‍♂️

submitted 100 days ago • 1 comment

Finding Bugs in Chrome with CodeQL by Google bughunters.google.com/blog/5085111...

submitted 100 days ago • 0 comments

How to develop n-day chrome exploits for electron applications by p3rr0 github.com/p3rr0x/Blog/...

submitted 100 days ago • 0 comments

Firefox, Thunderbird, Tor Browser RCE: www.welivesecurity.c...

submitted 102 days ago • 0 comments

Earlier this year, I used a 1day to exploit the kernelCTF VRP LTS instance. I then used the same bug to write a universal exploit that worked against up-to-date mainstream distros for approximately 2 months. osec.io/blog/2024-11...

submitted 101 days ago • 1 comment

🔥 No fuzz drivers needed. Our paper on injecting greybox fuzzers into running systems at user-defined amplifier points (in-vivo fuzzing) was accepted at #ICSE25! 📝 mboehme.github.io/paper/ICSE25... 🧑‍💻 github.com/OctavioGalla... (subject to AE) //Lead by Octavio Galland (former #MPI_SP intern).

submitted 101 days ago • 1 comment

Linux Kernel 6.12 is here! 🐧 It includes mainline support for PREEMPT_RT, improving the performance of real-time apps by making kernel processes pre-emptible. ⏱️ Plus, enhanced hardware support for AMD, Intel, NVIDIA, new schedulers, file systems, and QR code kernel panics for easier debugging.

submitted 101 days ago • 0 comments

Exxon lobbyist investigated over hack-and-leak of environmentalist emails, sources say by Reuters www.reuters.com/business/ene...

submitted 101 days ago • 0 comments

Anyone experienced with fscrypt forensics/reversing ? I got a firmware with a kernel and UBIFS. Both are encrypted. Kernel self-decrypt just before self-decompression, I managed to recover the key and decrypt it. I see it mounts the UBIFS using fscrypt. It’s embedded so the key must be somewhere…

submitted 102 days ago • 0 comments

Do you brine your turkey for thanksgiving / Xmas?

submitted 101 days ago • 0 comments

Everyday Ghidra: Ghidra Data Types — Creating Custom GDTs From Windows Headers — Part 2 by clearbluejar medium.com/@clearblueja...

submitted 101 days ago • 0 comments

nginx 1.27.3 released yesterday disabled TLS 1.0 and TLS 1.1 protocols by default, nice nginx.org/en/CHANGES

submitted 102 days ago • 0 comments

Lights Out: Covertly turning off the ThinkPad webcam LED indicator by Andrey Konovalov powerofcommunity.net/poc2024/Andr...

submitted 101 days ago • 0 comments

Small QoL feature release to my Shellcoder @binary.ninja plugin. Now every time you run it the architecture is automatically set based on the currently selected binary/database github.com/0xricksanche...

submitted 101 days ago • 0 comments

Bypassing Luks full disk encryption by Remy remyhax.xyz/posts/luks-v...

submitted 101 days ago • 0 comments