Pinned
Was a lot of fun giving this talk with @patateQbool showing off the stupid stupid stuff we do to pop mobile devices at Pwn2Own
Our OffensiveCon talk is now up on YouTube!
youtube.com/watch?v=VDhHSC…
maxpl0it
618 posts
maxpl0it
@maxpl0it
Principal Vulnerability Researcher. Occasional Pwn2Owner
London, England
Joined March 2017
- Here's my exploit for CVE-2020-0674 (Internet Explorer UAF) Bonus: EMET 5.52 (the final EMET version) doesn't appear to detect this (on Windows x64 it seems)
- Wrote an exploit for a very interesting Firefox bug. Gave me a chance to try some new things out! More coming soon!
00:00 - @_manfp’s Firefox renderer bug is a beauty that takes advantage of an optimisation implemented just 3 months ago. Let’s break it down!
- CVE-2020-1350 DoS The hardest part of this was setting up domains!
00:00 - Found three VirtualBox vulnerabilities earlier this year. 2x Heap Overflows and 1x OOB read. Pretty great to get this post out! Come learn about emulated network offload bugs🔥New on SentinelLabs! Inspired by Pwn2Own, researcher @maxpl0it discovered three CVEs, including two privilege escalations, in VirtualBox. Read more here: sentinelone.com/labs/gsoh-no-h… #virtualbox #cybersecurity #threatintelligence #threatresearch #infosec #cve
- Published my exploit for CVE-2019-17026 (Firefox JIT bug): github.com/maxpl0it/CVE-2… No sandbox escape included but if anybody wants a challenge, chain it with CVE-2020-0674 for a neat sandbox escape on Windows!
- My talk's up! If you're curious about the world of browser exploitation, this gives a higher level overview of my process of finding and exploiting two separate n-day vulnerabilities (one in IE and one in Firefox)
- - Use-after-frees from JIT - CodeQL for variant analysis - Never-before-seen exploit primitives - Tenured heap tomfoolery I’ve packed just about everything in this post!🦊New on #SentinelLabs! Learn how to dive into JIT compilers in #JavaScript engines and follow along as we find a new set of exploit primitives in this previously patched bug. By @maxpl0it. Read the blog: sentinelone.com/labs/firefox-j… #firefox #cybersecurity #infosec
- Been working on developing a reliable Internet Explorer exploit for CVE-2020-0674. This one targets 64-bit. I plan to support both 32-bit (got a much more reliable primitive for this one) and other versions of IE in the future. Only needed addrof, read, and exec primitives.
00:00 - Found a fun bug with CodeQL by accident Now there's a bit of a writeup to go with it!🐧New on SentinelLabs! Meet CVE-2021-43267! @maxpl0it has discovered a heap overflow #vulnerability in the #TIPC module of the #Linux Kernel which can allow attackers to compromise an entire system. sentinelone.com/labs/tipc-remo… #CVE #Kernel #HeapOverflow #infosec cc:@LabsSentinel
- Gained two Virtualbox CVEs: zerodayinitiative.com/advisories/ZDI… zerodayinitiative.com/advisories/ZDI… Was hoping to use one with a separate bug at pwn2own but unfortunately time was not on my side :( Funnily enough, it looks like the @starlabs_sg folks were looking in the same area with their entry!
- I’ll be giving a talk on browser exploitation at the end of the month!Actions Speak Browser Than Words (Exploiting n-days for fun and profit) by @maxpl0it @Grayhat_Con Red Team Village Schedule: redteamvillage.io/schedule GrayHat's Website: grayhat.co #infosec #cybersecurity
