Theori Vulnerability ResearchinTheori BLOGDeep Dive into RCU Race Condition: Analysis of TCP-AO UAF (CVE-2024–27394)IntroductionSep 4Sep 4
Theori Vulnerability ResearchinTheori BLOGChaining N-days to Compromise All: Part 6 — Windows Kernel LPE: Get SYSTEMThis blog post is the last series about the vulnerabilities used in our 1-day full chain exploit we demonstrated on X. In this blog post…May 221May 221
Theori Vulnerability ResearchinTheori BLOGChaining N-days to Compromise All: Part 5 — VMware Workstation Guest-to-Host EscapeWe will present how we execute arbitrary code on the host OS from the guest. The vulnerability is CVE-2023–20869.May 3May 3
Theori Vulnerability ResearchinTheori BLOGChaining N-days to Compromise All: Part 4 — VMware Workstation Information leakageWe will present how we get the critical information in VMware process running on the host from the guest. (CVE-2023–34044)Apr 181Apr 181
Theori Vulnerability ResearchinTheori BLOGChaining N-days to Compromise All: Part 3 — Windows Driver LPE: Medium to SystemWe will present how we elevate the privilege from user to SYSTEM to chain the vulnerability of VMWare. The vulnerability is CVE-2023–29360.Apr 9Apr 9
Theori Vulnerability ResearchinTheori BLOGChaining N-days to Compromise All: Part 2 — Windows Kernel LPE (a.k.a Chrome Sandbox Escape)We will present how we escaped the Chrome sandbox by exploiting a Windows kernel vulnerability. The vulnerability is CVE-2023–21674.Apr 1Apr 1
Theori Vulnerability ResearchinTheori BLOGChaining N-days to Compromise All: Part 1 — Chrome Renderer RCEThis blog post is first of the series about the vulnerabilities used in our 1-day full chain exploit we demonstrated on X. In this blog…Mar 18Mar 18
Theori Vulnerability ResearchinTheori BLOGFermium-252 : The Cyber Threat Intelligence DatabaseFermium-252 is a comprehensive vulnerability database platform preparing our clients for the state-sponsored cyber attacks by providing…Mar 4Mar 4
Theori Vulnerability ResearchinTheori BLOGA Deep Dive into V8 Sandbox Escape Technique Used in In-The-Wild ExploitThe details of how we achieved arbitrary write and code execution primitives using a raw pointer in WasmIndirectFunctionTable object.Jan 261Jan 261
Theori Vulnerability ResearchinTheori BLOGExploiting Windows Kernel Wild Copy With User Fault Handling (CVE-2023–28218)IntroNov 10, 2023Nov 10, 2023