Independent security advisory, technical deep dives, root cause analyses & tips
Technical notes about vulnerabilities under active exploitation "in the wild". Most of information here is novel at the moment of publication, and derived by either reverse engineering of the security patches/exploits, or by theoretical inference through our knowledge base of experience in first-hand vulnerability discovery. Legend: attack insights: defense-oriented analysis of active attack reports, covering mitigation-relevant aspects which are not covered or covered incorrectly in other sources research tips: technical insights which may be useful for vulnerability researchers deep dive: a longer investigation covering multiple aspects of an 0-day attack, including technical context and background root cause analysis: strict technical analysis of the vulnerability root cause in the code. Notes listed published in reverse chronological order.
|Google Chrome WebRTC 0-Day Vulnerability (CVE-2023-7024) attack insights
|CVE-2023-33063, CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, CVE-2023-4211
|Deep Dive: Qualcomm MSM & ARM Mali Kernel 0-day Exploit Attacks of October 2023 deep dive root cause analysis
|Google Chrome Skia Vulnerability Analysis (CVE-2023-6345) attack insights research tips