A deep-dive technical analysis of CVE-2025-50168, a Windows kernel vulnerability (Type Confusion in DirectComposition) presented at Pwn2Own Berlin 2025. This post details how a 4-byte OOB write is escalated into an AAR/AAW primitive using IoRing to achieve…

This blog post will analyse the exploitability of the temporal safety vulnerabilities in Nginx AIxCC.
AIxCC is a DARPA competition to find vulnerabilities in codebases using AI. The competitors are not looking for 0-days but rather intentionally added vulnerabilities…

Unveiling the Mysteries of Qualcomm's QDSP6 JTAG: A Journey into Advanced Theoretical Reverse Engineering

This talk invites you on an exploration of advanced reverse engineering techniques applied to sophisticated proprietary hardware. Rather than focusing…

Good morning! In this blog I would like to delve into hardware hacking and start expanding my learning.

Showcasing a vulnerability in Windows that causes the Spooler service to crash remotely.

Motivation A couple of years ago, I picked up a few of Samsung S23’s at Pwn2Own.

Recently, I came across this kernelCTF submission where the author mentions a novel technique for extending race windows in the Linux kernel: I learned…

Stealth died 😢 A member of Team-Teso, Phrack staff, and many other groups. A true hacker—perhaps as true as a hacker can ever be. WE MISS YOU. 🩷

More: https://t.co/Jx0JYfrjnG

<stealth> we had joy we had fun we had a rootshell on a sun.

While high entropy ASLR is supposed to prevent ASLR bypasses, ROP can be used to provide a bypass of ASLR. We will explore how - given an existing way to utilize ROP on a 64-bit application, ROP can be used to bypass ASLR for system DLLs, thus expanding the…

Analyzed and wrote PoC for CVE-2022-0847 aka DirtyPipe

By Sergi Martinez Overview It’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux kernel when objects are allocated in a specific slab cache…

Prelude: A Predictable Controversy On December 16, 2025, a peculiar entry appeared in the...

📌 Title
Bug Tamer: Turning Limited Heap Overflow into Full VMware Escape

📌 Speaker
Yongkang Jia, Xiao Lei
(@Singular Security Lab)

#POC #PowerOfCommunity #POC2025

The spyware attack targeting WhatsApp, disclosed in August as an in-the-wild exploit, garnered significant attention. By simply knowing a...

This post was originally written in 2016 for the Project Zero blog. However, in the end it was published separately in the journal PoC||GTFO issue #13 as wel...