chompie
@chompie1337
hacker, weird machine mechanic, X-Force Offensive Research (XOR)
I’m thrilled to share my latest blog post! This one focuses on the bug hunting process: inspiration, approach, and execution. I also provide a retrospective on how the bug was introduced and analyze the insufficient “patch”. Check it out: securityintelligence.com/x-force/little…
Hiring a junior/mid role on my team for a Red Team operator, feel free to DM me with any questions or anything nvidia.wd5.myworkdayjobs.com/NVIDIAExternal…
We now have a (draft) @metasploit exploit module in the pull queue for the recent Microsoft SharePoint Server unauthenticated RCE zero-day (CVE-2025-53770), based on the in-the-wild exploit published a few days ago. Check it out here: github.com/rapid7/metaspl…
Two notes about this interview: * I think in pictures, so when I'm talking about something I'm visualizing it at the moment. If another topic comes up the previous picture goes away and I forget what I was talking about. * ...I curse a lot 😅
Elvis Collado, @b1ack0wl, cancer survivor, offensive security engineer, and zero-day researcher, joins SquidSec Podcast to share his remarkable journey. youtu.be/tOfwNtA_je0 Come sit with Elvis and @DotNetRussell as we dive in to the @b1ack0wl origin story... #Infosec…
Elvis Collado, @b1ack0wl, cancer survivor, offensive security engineer, and zero-day researcher, joins SquidSec Podcast to share his remarkable journey. youtu.be/tOfwNtA_je0 Come sit with Elvis and @DotNetRussell as we dive in to the @b1ack0wl origin story... #Infosec…
I’ll be keynoting “Break Systems, Not Promises: I Promised to do a Keynote at DEF CON” at @DEFCON 33 @MalwareVillage on Friday, Aug 8 2025! 🎤 I’m looking forward to seeing you all there! 🤩 #MalwareVillage #dc33
Excited to announce I will be presenting my hypervisor research journey at Hitcon 2025 in Taipei! See y’all there? hitcon.org/2025/en-US/age…
A bit late, but I just published my blog post on bypassing Ubuntu’s sandbox! Hope you enjoy it! u1f383.github.io/linux/2025/06/…
CASE CLOSED: CVE-2025-29824 0 public samples, 0 information Suspect: Windows CLFS driver Crime: UAF leading to Privilege Escalation Status: ACTIVELY EXPLOITED ITW Investigation: Debugged and documented Case files: starlabs.sg/blog/2025/07-m… Done by our intern, Ong How Chong
Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can it be identified in an enterprise and misconfigurations that could allow it to be used for out-of-band execution and persistence. ibm.com/think/x-force/…
How are you leveraging AI to advance offensive security? We want to hear about it at OAIC in October. CFP open now... only ONE MORE WEEK left to submit your talk(s)! sessionize.com/offensive-ai-c…
BYOVD is no longer required on modern Windows. a bunch of recent msft kernel patches just shove vulnerable kernel code behind a privilege check. I wonder if we will see threat actors leveraging this like they did BYOVD. no bringing along a driver and loading also means less IOCs
Today MSRC fixed two vulnerabilities I reported a couple months ago. EoP in Windows Update service (affects only windows 11/10 with at least 2 drives) msrc.microsoft.com/update-guide/v… EoP in Microsoft PC Manager msrc.microsoft.com/update-guide/v… PoC for CVE-2025-48799: github.com/Wh04m1001/CVE-…
We’re proud to announce the Review Board for DistrictCon’s call for papers! Our CFP will open next month, and we're excited to receive all your submissions! districtcon.org/cfp @perribus @bsdaemon @sergeybratus @chompie1337 @__winn @rmspeers @mdowd @jaylagorio
We've already received many high-quality submissions to our CFP, thank you! 🚀 Don't miss your chance to submit before July 14! 📅 hexacon.fr/conference/cal…