Zero Day Engineering
Technical notes on high impact security exploits. Most of information here is research-grade novel at the moment of publication, obtained by either reverse engineering of the security patches/exploits, or by theoretical inference through our knowledge base of experience in first-hand vulnerability discovery. Legend: attack insights: defense-oriented analysis of active attack reports, covering mitigation-relevant aspects which are not covered or covered incorrectly in other sources research tips: technical insights which may be useful for vulnerability researchers deep dive: a longer investigation covering multiple aspects of an 0-day attack, including technical context and background root cause analysis: strict technical analysis of the vulnerability root cause in the code. Notes are listed in reverse chronological order.
| Vulnerability ID | Title |
|---|---|
| CVE-2024-4671, CVE-2024-4761 | Google Chrome "actively exploited" bug chain on Viz & v8-wasm (May 2024) root cause analysis research tips |
| CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 | VMware Tianfucup 2023 hypervisor exploits attack insights research tips |
| CVE-2023-7024 | Google Chrome WebRTC 0-Day Vulnerability (CVE-2023-7024) attack insights |
| CVE-2023-33063, CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, CVE-2023-4211 | Deep Dive: Qualcomm MSM & ARM Mali Kernel 0-day Exploit Attacks of October 2023 deep dive root cause analysis |
| CVE-2023-6345 | Google Chrome Skia Vulnerability Analysis (CVE-2023-6345) attack insights research tips |