Publications

Publication Apr 21, 2022

A Journey of Hunting macOS Kernel Vulnerabilities

A researcher's account of hunting macOS kernel vulnerabilities — methodology, dead ends, and the bugs that made it through.

By Peter Nguyễn Vũ Hoàng VenueZer0Con 2022 Slides →

Publication Apr 06, 2022

A Case Study of an Incorrect Bitwise AND Optimization in V8

How a subtle JIT compiler optimization error in V8 became an exploitable vulnerability — CVE-2021-30599 dissected.

By Lucas Tay VenueNUS GreyHats Security Wednesday Slides →

Publication Apr 06, 2022

An Introduction to Manual Source Code Review

A practical primer on manual source code review — how to read code like an attacker and find what automated tools miss.

By Poh Jia Hao VenueNUS GreyHats Security Wednesday Slides →

Publication Dec 04, 2021

VM Escape Case Study: VirtualBox Bug Hunting and Exploitation

A practical case study in hunting and exploiting VM escape vulnerabilities in VirtualBox.

By Muhammad Alifa Ramdhan VenueIDSECCONF 2021 Slides →

Publication Nov 26, 2021

The Great Escape: A Case Study of VM Escape and EoP Vulnerabilities

Chaining VM escape and elevation-of-privilege vulnerabilities into a full compromise — a case study from competition and research.

By Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan VenueHITCON 2021 Slides →