Published inTheori BLOGReviving the modprobe_path Technique: Overcoming search_binary_handler() PatchIntroductionMar 12Mar 12
Published inTheori BLOGFinding Vulnerabilities in Firmware with Static Analysis Platform QueryXQueryX is a program analysis platform under active development at Theori that offers automated variant analysis.Nov 7, 2024Nov 7, 2024
Published inTheori BLOGDeep Dive into RCU Race Condition: Analysis of TCP-AO UAF (CVE-2024–27394)IntroductionSep 4, 2024Sep 4, 2024
Published inTheori BLOGChaining N-days to Compromise All: Part 6 — Windows Kernel LPE: Get SYSTEMThis blog post is the last series about the vulnerabilities used in our 1-day full chain exploit we demonstrated on X. In this blog post…May 22, 20241May 22, 20241
Published inTheori BLOGChaining N-days to Compromise All: Part 5 — VMware Workstation Guest-to-Host EscapeWe will present how we execute arbitrary code on the host OS from the guest. The vulnerability is CVE-2023–20869.May 3, 2024May 3, 2024
Published inTheori BLOGChaining N-days to Compromise All: Part 4 — VMware Workstation Information leakageWe will present how we get the critical information in VMware process running on the host from the guest. (CVE-2023–34044)Apr 18, 20241Apr 18, 20241
Published inTheori BLOGChaining N-days to Compromise All: Part 3 — Windows Driver LPE: Medium to SystemWe will present how we elevate the privilege from user to SYSTEM to chain the vulnerability of VMWare. The vulnerability is CVE-2023–29360.Apr 9, 2024Apr 9, 2024
Published inTheori BLOGChaining N-days to Compromise All: Part 2 — Windows Kernel LPE (a.k.a Chrome Sandbox Escape)We will present how we escaped the Chrome sandbox by exploiting a Windows kernel vulnerability. The vulnerability is CVE-2023–21674.Apr 1, 2024Apr 1, 2024
Published inTheori BLOGChaining N-days to Compromise All: Part 1 — Chrome Renderer RCEThis blog post is first of the series about the vulnerabilities used in our 1-day full chain exploit we demonstrated on X. In this blog…Mar 18, 2024Mar 18, 2024
Published inTheori BLOGFermium-252 : The Cyber Threat Intelligence DatabaseFermium-252 is a comprehensive vulnerability database platform preparing our clients for the state-sponsored cyber attacks by providing…Mar 4, 2024Mar 4, 2024
