Hacker News
- FORCEDENTRY: Sandbox Escape https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html 48 comments
- Enter the Vault: Authentication Issues in HashiCorp Vault https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html 9 comments
- A survey of recent iOS kernel exploits https://googleprojectzero.blogspot.com/2020/06/a-survey-of-recent-ios-kernel-exploits.html 69 comments
- Escaping the Chrome Sandbox with RIDL https://googleprojectzero.blogspot.com/2020/02/escaping-chrome-sandbox-with-ridl.html 31 comments
- Bad Binder: Android In-the-Wild Exploit https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html 52 comments
- Windows Exploitation Tricks: Spoofing Named Pipe Client PID https://googleprojectzero.blogspot.com/2019/09/windows-exploitation-tricks-spoofing.html 12 comments
- Breaking the Chain https://googleprojectzero.blogspot.com/2016/11/breaking-chain.html 17 comments
Lobsters
- A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html 10 comments security
- Over The Air - Vol. 2, Pt. 2: Exploiting The Wi-Fi Stack on Apple Devices https://googleprojectzero.blogspot.com/2017/10/over-air-vol-2-pt-2-exploiting-wi-fi.html 3 comments security
- Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1) https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html 3 comments security
- When ‘int’ is the new ‘short’ http://googleprojectzero.blogspot.com/2015/07/when-int-is-new-short.html 4 comments compsci , security
- pwn4fun Spring 2014 - Safari - Part II http://googleprojectzero.blogspot.com/2014/11/pwn4fun-spring-2014-safari-part-ii.html 2 comments mac , security , web
- The poisoned NUL byte, 2014 edition http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html 2 comments reversing , security
- A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html 27 comments reverseengineering
- Worth Reading to the End. "A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution" https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html 9 comments programming
- A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html 13 comments privacy
- This shouldn't have happened: A vulnerability postmortem - Project Zero https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html 305 comments programming
- Using Kerberos for Authentication Relay Attacks https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html 2 comments netsec
- 0day Exploit Root Cause Analyses (updated with 7 new exploits discovered in the wild) https://googleprojectzero.blogspot.com/p/rca.html 9 comments netsec
- An iOS zero-click radio proximity exploit odyssey https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html 6 comments netsec
- An iOS zero-click radio proximity exploit odyssey https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html 12 comments reverseengineering
- How a one line change in the Windows kernel broke the Windows Chromium sandbox (and thus Edge and Firefox at the same time) https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html 3 comments netsec
- A very deep dive into iOS Exploit chains found in the wild https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html 59 comments programming
- Injecting Code into Windows Protected Processes by Abusing COM Features https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-protected.html 3 comments netsec
- 365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools https://googleprojectzero.blogspot.com/2018/10/365-days-later-finding-and-exploiting.html 5 comments netsec
- A cache invalidation bug in Linux memory management (CVE-2018-17182) https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html 19 comments programming
- Reading privileged memory with a side-channel https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html 9 comments programming
- Project Zero: Reading privileged memory with a side-channel https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html 21 comments linux
- Over The Air Conclusion: Exploiting The Wi-Fi Stack on Apple Devices https://googleprojectzero.blogspot.com/2017/10/over-air-vol-2-pt-3-exploiting-wi-fi.html 13 comments netsec
- Bypassing VirtualBox Process Hardening on Windows https://googleprojectzero.blogspot.com/2017/08/bypassing-virtualbox-process-hardening.html 7 comments netsec
- How to Compromise the Enterprise Endpoint http://googleprojectzero.blogspot.com/ 3 comments sysadmin
- Google finds 10 buffer overflows in Windows kernel font handling https://googleprojectzero.blogspot.com/2016/06/a-year-of-windows-kernel-font-fuzzing-1_27.html 450 comments programming
- Project Zero: How to Compromise the Enterprise Endpoint http://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html 19 comments netsec
- Kaspersky: Mo Unpackers, Mo Problems. http://googleprojectzero.blogspot.com/2015/09/kaspersky-mo-unpackers-mo-problems.html 24 comments netsec
- Project Zero: Stagefrightened? http://googleprojectzero.blogspot.com/2015/09/stagefrightened.html 10 comments netsec
- Project Zero: When ‘int’ is the new ‘short’ http://googleprojectzero.blogspot.com/2015/07/when-int-is-new-short.html 27 comments cpp
- Project Zero: When ‘int’ is the new ‘short’ http://googleprojectzero.blogspot.com/2015/07/when-int-is-new-short.html 21 comments netsec
- Analysis and Exploitation of an ESET Vulnerability http://googleprojectzero.blogspot.com/2015/06/analysis-and-exploitation-of-eset.html 13 comments netsec
- Project Zero: In-Console-Able http://googleprojectzero.blogspot.com/2015/05/in-console-able.html 3 comments netsec
- Project Zero: Exploiting the DRAM rowhammer bug to gain kernel privileges on linux http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html 23 comments linux
Linking pages
- GitHub - drduh/macOS-Security-and-Privacy-Guide: Guide to securing and improving privacy on macOS https://github.com/drduh/macOS-Security-and-Privacy-Guide 292 comments
- Google researchers detail malicious website exploits that targeted iPhone users for years - 9to5Mac https://9to5mac.com/2019/08/29/google-iphone-website-security-vulnerability/ 159 comments
- GitHub - drduh/macOS-Security-and-Privacy-Guide: Guide to securing and improving privacy on macOS https://github.com/drduh/OS-X-Yosemite-Security-and-Privacy-Guide/blob/master/README.md 108 comments
- How a researcher hacked his own computer and found 'worst' chip flaw | Reuters https://www.reuters.com/article/us-cyber-intel-researcher/how-a-researcher-hacked-his-own-computer-and-found-worst-chip-flaw-idUSKBN1ET1ZR 91 comments
- Google infrastructure security design overview | Documentation | Google Cloud https://cloud.google.com/security/security-design/ 84 comments
- Get root on macOS 13.0.1 with CVE-2022-46689, the macOS Dirty Cow bug | Worth Doing Badly https://worthdoingbadly.com/macdirtycow/ 73 comments
- Fuzzing Ladybird with tools from Google Project Zero https://awesomekling.substack.com/p/fuzzing-ladybird-with-tools-from 61 comments
- Meet 'Project Zero,' Google's Secret Team of Bug-Hunting Hackers | WIRED http://www.wired.com/2014/07/google-project-zero/ 48 comments
- GitHub - drduh/macOS-Security-and-Privacy-Guide: Guide to securing and improving privacy on macOS https://github.com/drduh/OS-X-Security-and-Privacy-Guide 23 comments
- Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy https://www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/amp/ 18 comments
- Apple Admits All Devices Affected by Meltdown and Spectre Flaws https://adamlevin.com/2018/01/05/apple-admits-devices-affected-meltdown-spectre-flaws/ 13 comments
- The Work Diary of Parisa Tabriz, Google’s ‘Security Princess’ - The New York Times https://www.nytimes.com/2019/09/05/business/parisa-tabriz-google-work-diary.html 11 comments
- How the Spectre and Meltdown Hacks Really Worked - IEEE Spectrum https://spectrum.ieee.org/computing/hardware/how-the-spectre-and-meltdown-hacks-really-worked 3 comments
- GitHub - kaizensoze/security-blogs: A list of security blogs. https://github.com/kaizensoze/security-blogs 3 comments
- Funding the vetting of the Software Supply-Chain · Fazal Majid's low-intensity blog https://blog.majid.info/supply-chain-vetting/ 3 comments
- Google, AMD partner to build a more secure future with Confidential Computing | Google Cloud Blog https://cloud.google.com/blog/products/identity-security/google-amd-partner-to-build-a-more-secure-future-with-confidential-computing 2 comments
- Google to Shut Down Counterterrorism Ploy of a US Ally | IE https://interestingengineering.com/google-shuts-down-cyberattack-from-us-ally 2 comments
- Chrome Dev Insider: The year that was - Chrome Developers https://developer.chrome.com/en/blog/insider-dec-22/ 1 comment
- GitHub - foorilla/allinfosecnews_sources: A list of online news & info sources in the InfoSec/Cybersecurity space https://github.com/foorilla/allinfosecnews_sources 1 comment
- GitHub - mrtouch93/awesome-security-feed: A semi-curated list of Security Feeds https://github.com/mrtouch93/awesome-security-feed 0 comments