0xor0ne

SCOMmand and Conquer - Attacking System Center Operations Manager (Part 1) - SpecterOps TL:DR; SCOM suffers from similar insecure default configurations as its SCCM counterpart, enabling attackers to escalate privileges, harvest credentials, and ultimately compromise the entire managemen...

Two part series on attacking System Center Operations Manager (SCOM): management group takeover via NTLM relay and RunAs credential recovery (2025)

Part 1: specterops.io/blog/2025/12...
Part 2: specterops.io/blog/2025/12...

Research by Matt Johnson and Garrett Foster

#infosec

GitHub - emproof-com/workshop_firmware_reverse_engineering: Workshop on firmware reverse engineering Workshop on firmware reverse engineering. Contribute to emproof-com/workshop_firmware_reverse_engineering development by creating an account on GitHub.

Emproof's workshop material to get started with embedded firmware reverse engineering

github.com/emproof-com/...

#infosec #embedded

Recovering LUKS decryption key by passively monitoring the SPI bus between the SoC and the discrete TPM 2.0 device (Moxa UC-1222A)

www.cyloq.se/en/research/...

#infosec

Three-part series Binarly on Supermicro BMC firmware authentication bypasses

Part 1: www.binarly.io/blog/ghost-i...
Part 2: www.binarly.io/blog/broken-...
Part 3: www.binarly.io/blog/have-yo...

#infosec

Binary Ninja - Defeating Anti-Reverse Engineering: A Deep Dive into the 'Trouble' Binary Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.

Reverse engineering Linux anti-RE tricks (ELF headers, segment gaps, XOR layers, RC4 encryption)

binary.ninja/2026/01/23/r...

Credits: Xusheng Li

#infosec

Bruteforcing ECC and dumping firmware from a Potensic Atom 2 drone

neodyme.io/en/blog/dron...

#infosec

Great 3-parts series on 0-click exploit chain targeting Android Pixel 9

Part 1: projectzero.google/2026/01/pixe...
Part 2: projectzero.google/2026/01/pixe...
Part 3: projectzero.google/2026/01/pixe...

Research by Natalie Silvanovich and Seth Jenkins

#infosec

Not To Be Trusted - A Fiasco in Android TEEs Trusted Execution Environments (TEEs) based on ARM TrustZone form the backbone of modern Android devices' security architecture. The wor...

Escalate privileges from a rooted user space (N-EL0) to the highest privilege level in the Secure World (S-EL3) (Android Xiaomi Redmi 11s) (CCC 2025)

media.ccc.de/v/39c3-not-t...

#infosec

Airoha Bluetooth RACE vulnerabilities (CVE-2025-20700/20701/20702)

Blog post: insinuator.net/2025/12/blue...

White paper: static.ernw.de/whitepaper/E...

Credits Dennis Heinze, Frieder Steinmetz

#infosec #bluetooth

Clang Hardening Cheat Sheet (2026)

blog.quarkslab.com/clang-harden...

#infosec

GitHub - 0xor0ne/awesome-list: Cybersecurity oriented awesome list Cybersecurity oriented awesome list. Contribute to 0xor0ne/awesome-list development by creating an account on GitHub.

Curated list of cybersecurity research, RE material, exploitation write-ups, and tools.

github.com/0xor0ne/awes...

#infosec

Bypassing secure boot on Raspberry RP2350 (paper)

www.usenix.org/system/files...

#infosec #embedded

Breaking Into a Brother (MFC-J1010DW): Three Security Flaws in a Seemingly Innocent Printer The Target: Brother MFC-J1010DW Affected Models: Brother Printer MFC-J1010DW Vulnerable Firmware: Version <= 1.18 TL;DR: The Vulnerability Chain We discovered three vulnerabilities that when chained...

Unauthenticated remote code execution on a Brother Printer MFC-J1010DW by chaining three vulnerabilities

starlabs.sg/blog/2025/11...

Credits Nguyên Đăng Nguyên, Manzel Seet and Amos Ng

#infosec #iot

A look at an Android ITW DNG exploit.
Quram library exploit technical details (CVE-2025-21042)

googleprojectzero.blogspot.com/2025/12/a-lo...

#infosec

Getting remote code execution on a Brother Printer (MFC-J1010DW) by chaining three vulnerabilities

starlabs.sg/blog/2025/11...

#infosec

1-click exploit chain over Bluetooth stack used in automotive industry (PerfektBlue) (slides)

powerofcommunity.net/2025/slide/m...

Credits Mikhail Evdokimov

#infosec

Synology Beestation Plus pre-auth exploitation and full system takeover

www.synacktiv.com/en/publicati...

Write up Arnaud Gatignol and Théo Fauché

#infosec

Abusing page table entries for exploiting Linux

ptr-yudai.hatenablog.com/entry/2025/0...

#Linux #infosec

Interesting short blog post on how electronic passports cryptography works

blog.trailofbits.com/2025/10/31/t...

Credits Joop van de Pol

#infosec #embedded

Analysis and exploitation of a Use-After-Free vulnerability in the Linux network packet schedule (CVE-2025-38001)

syst3mfailure.io/rbtree-famil...

#infosec #Linux

Leveraging Generative AI to Reverse Engineer XLoader Check Point Research succeeded in understanding the infamous malware family, Xloader, by leveraging Generative AI

XLoader malware analysis with generative AI

research.checkpoint.com/2025/generat...

#infosec #malware

Valve Anti-Cheat (VAC) reverse engineering

codeneverdies.github.io/posts/gh-2/

#cybersecurity

Offensive Security - Researcher - Jobs - Careers at Apple Apply for a Offensive Security - Researcher job at Apple. Read about the role and find out if it’s right for you.

Apple SEAR is hiring offensive security researchers!

We’re looking for talented researchers across multiple areas of security.

Check out the job description here:
jobs.apple.com/en-us/detail...

Feel free to reach out if you have any questions.

#infosec

Great deep-dive on AMD Zen microcode hacking and a signature-validation flaw

bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking

#infosec

GitHub - 0xor0ne/awesome-list: Cybersecurity oriented awesome list Cybersecurity oriented awesome list. Contribute to 0xor0ne/awesome-list development by creating an account on GitHub.

Collection of blog posts, write-ups, papers and tools related to cybersecurity, reverse engineering and exploitation

github.com/0xor0ne/awes...

#cybersecurity #infosec

Presentations about getting started with Linux kernel exploitation

"Linux Kernel Exploitation for Beginners" by Kevin Massey:
rvasec.com/slides/2025/...

"Control Flow Hijacking in the Linux Kernel" by Valeriy Yashnikov
pt-phdays.storage.yandexcloud.net/Yashnikov_Va...

#Linux #infosec

Hacking the Nokia Beacon 1 Router: UART, Command Injection, and Password Generation with Qiling The Nokia Beacon 1 proved to be an interesting journey covering the full spectrum of techniques from hardware debug interfaces to firmware extraction and finally both static and dynamic analysis. I wa...

Teardown and exploitation of the Nokia Beacon 1 Router

spaceraccoon.dev/nokia-beacon...

#iot #infosec

Synology TC500 smart camera: Remote code execution (RCE) vulnerability

blog.infosectcbr.com.au/2025/08/01/e...

#infosec #embedded

Excellent blog post on bypassing Ubuntu’s Unprivileged Namespace Restriction

u1f383.github.io/linux/2025/0...

#infosec

Windows Heap Exploitation - From Heap Overflow to Arbitrary R/W TLDR I was unable to find some good writeups/blogposts on Windows user mode heap exploitation which inspired me to write an introductory but practical post on Windows heap internals and exploitati

Short introduction to Windows heap exploitation

mrt4ntr4.github.io/Windows-Heap...

#infosec