0-Day Insights

Independent security advisory, technical deep dives, root cause analyses & tips


Technical notes about vulnerabilities under active exploitation "in the wild". Most of information here is novel at the moment of publication, and derived by either reverse engineering of the security patches/exploits, or by theoretical inference through our knowledge base of experience in first-hand vulnerability discovery. Legend: attack insights: defense-oriented analysis of active attack reports, covering mitigation-relevant aspects which are not covered or covered incorrectly in other sources research tips: technical insights which may be useful for vulnerability researchers deep dive: a longer investigation covering multiple aspects of an 0-day attack, including technical context and background root cause analysis: strict technical analysis of the vulnerability root cause in the code. Notes listed published in reverse chronological order.

Vulnerability ID Title
CVE-2023-7024 Google Chrome WebRTC 0-Day Vulnerability (CVE-2023-7024) attack insights
CVE-2023-33063, CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, CVE-2023-4211 Deep Dive: Qualcomm MSM & ARM Mali Kernel 0-day Exploit Attacks of October 2023 deep dive root cause analysis
CVE-2023-6345 Google Chrome Skia Vulnerability Analysis (CVE-2023-6345) attack insights research tips

Categories: 0-Day Insights

Research Training