0-Day Insights

Zero Day Engineering

Overview

Technical notes on high impact security exploits. Most of information here is research-grade novel at the moment of publication, obtained by either reverse engineering of the security patches/exploits, or by theoretical inference through our knowledge base of experience in first-hand vulnerability discovery. Legend: attack insights: defense-oriented analysis of active attack reports, covering mitigation-relevant aspects which are not covered or covered incorrectly in other sources research tips: technical insights which may be useful for vulnerability researchers deep dive: a longer investigation covering multiple aspects of an 0-day attack, including technical context and background root cause analysis: strict technical analysis of the vulnerability root cause in the code. Notes are listed in reverse chronological order.

Index
Vulnerability ID Title
CVE-2024-4671, CVE-2024-4761 Google Chrome "actively exploited" bug chain on Viz & v8-wasm (May 2024) root cause analysis research tips
CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 VMware Tianfucup 2023 hypervisor exploits attack insights research tips
CVE-2023-7024 Google Chrome WebRTC 0-Day Vulnerability (CVE-2023-7024) attack insights
CVE-2023-33063, CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, CVE-2023-4211 Deep Dive: Qualcomm MSM & ARM Mali Kernel 0-day Exploit Attacks of October 2023 deep dive root cause analysis
CVE-2023-6345 Google Chrome Skia Vulnerability Analysis (CVE-2023-6345) attack insights research tips
Metadata

Categories: 0-Day Insights


Research Training