Anthony
@darkfloyd1216.bsky.social
VXRL/VXCON/Blackhat Asia & USA review board/Browser vulnerability & exploitation
We are going to hold VXCON
www.vxcon.hk
www.vxcon.hk
VXCON
VXCON, we are glad to invite a few prominent speakers and researchers all over the world. They are frequent speakers of Blackhat, DEF CON, HITCON and in various global hacker and security conference. ...
www.vxcon.hk
October 5, 2025 at 8:28 AM
We are going to hold VXCON
www.vxcon.hk
www.vxcon.hk
This time is a real thrilling announcement as our paper about template-based fuzzing for JavaScript engine is accepted in OOPSLA24-25.
Thank you so much to every co-authors including Ken Wong, Dongwei Xiao, Dr. Daoyuan Wu Dr. Shuai Wang and Yiteng Peng.
What a good evening!
Thank you so much to every co-authors including Ken Wong, Dongwei Xiao, Dr. Daoyuan Wu Dr. Shuai Wang and Yiteng Peng.
What a good evening!
August 13, 2025 at 12:10 PM
This time is a real thrilling announcement as our paper about template-based fuzzing for JavaScript engine is accepted in OOPSLA24-25.
Thank you so much to every co-authors including Ken Wong, Dongwei Xiao, Dr. Daoyuan Wu Dr. Shuai Wang and Yiteng Peng.
What a good evening!
Thank you so much to every co-authors including Ken Wong, Dongwei Xiao, Dr. Daoyuan Wu Dr. Shuai Wang and Yiteng Peng.
What a good evening!
Congratulations to Carl Smith from v8 Security team and join Blackhat USA review board as guest reviewer. He is willing to share, open-minded, and a hardcore researcher and developer.
@rwx.page
@rwx.page
February 20, 2025 at 2:12 PM
Congratulations to Carl Smith from v8 Security team and join Blackhat USA review board as guest reviewer. He is willing to share, open-minded, and a hardcore researcher and developer.
@rwx.page
@rwx.page
… Threat actors will expose more about their plans when they get in only, and let them get into our matrix. This is more interactive with threat actor, and it is the art.
January 29, 2025 at 3:13 PM
… Threat actors will expose more about their plans when they get in only, and let them get into our matrix. This is more interactive with threat actor, and it is the art.
… the back-end system is all fabricated, when particular threat actor is detected. We can differentiate who is the threat actor or not with provision of different security level of backend systems.
January 29, 2025 at 3:12 PM
… the back-end system is all fabricated, when particular threat actor is detected. We can differentiate who is the threat actor or not with provision of different security level of backend systems.
The countries always attempt to hack into vendor platforms or apps, my idea is making a “Realistic Honeypot Platform” and let them in, capture as much as information about them and …
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Adversarial Misuse of Generative AI | Google Cloud Blog
We share our findings on government-backed and information operations threat actor use of the Gemini web application.
cloud.google.com
January 29, 2025 at 3:12 PM
The countries always attempt to hack into vendor platforms or apps, my idea is making a “Realistic Honeypot Platform” and let them in, capture as much as information about them and …
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Our first Chrome VRP bounty, it is an inspiration and keep going.
January 11, 2025 at 3:57 AM
Our first Chrome VRP bounty, it is an inspiration and keep going.
We got our first Google Chrome bounty for minimum wage or McDonalds before Christmas 🎄.
Getting money from Google is mission impossible.
Getting money from Google is mission impossible.
December 19, 2024 at 2:07 AM
We got our first Google Chrome bounty for minimum wage or McDonalds before Christmas 🎄.
Getting money from Google is mission impossible.
Getting money from Google is mission impossible.
Reposted by Anthony
Here's another V8 sandbox design document, this time discussing how sensitive ("trusted") V8-internal objects (such as BytecodeArrays) can be protected: docs.google.com/document/d/1...
This should be one of the last pieces of infrastructure required for the sandbox.
This should be one of the last pieces of infrastructure required for the sandbox.
V8 Sandbox - Trusted Space
V8 Sandbox - Trusted Space Author: saelo@ First Published: October 2023 Last Updated: October 2023 Status: Living Doc Visibility: PUBLIC This document is part of the V8 Sandbox Project and discusses...
docs.google.com
October 20, 2023 at 1:34 PM
Here's another V8 sandbox design document, this time discussing how sensitive ("trusted") V8-internal objects (such as BytecodeArrays) can be protected: docs.google.com/document/d/1...
This should be one of the last pieces of infrastructure required for the sandbox.
This should be one of the last pieces of infrastructure required for the sandbox.
Reposted by Anthony
Finally got around to publishing the slides of my talk @offensivecon.bsky.social from ~two weeks ago. Sorry for the delay!
The V8 Heap Sandbox: saelo.github.io/presentation...
Fantastic conference, as usual! :)
The V8 Heap Sandbox: saelo.github.io/presentation...
Fantastic conference, as usual! :)
May 22, 2024 at 7:01 PM
Finally got around to publishing the slides of my talk @offensivecon.bsky.social from ~two weeks ago. Sorry for the delay!
The V8 Heap Sandbox: saelo.github.io/presentation...
Fantastic conference, as usual! :)
The V8 Heap Sandbox: saelo.github.io/presentation...
Fantastic conference, as usual! :)
Reposted by Anthony
Another big step towards becoming a security boundary: today we’re expanding the VRP for the V8 Sandbox
* No longer limited to d8
* Rewards for controlled writes increased to $20k
* Any memory corruption outside the sandbox is now in scope
bughunters.google.com/about/rules/...
Happy hacking!
* No longer limited to d8
* Rewards for controlled writes increased to $20k
* Any memory corruption outside the sandbox is now in scope
bughunters.google.com/about/rules/...
Happy hacking!
Chrome Vulnerability Reward Program Rules | Google Bug Hunters
ATTENTION As of 4 February 2024, Chromium has migrated to a new issue tracker, please report security bugs to the new issue tracker using this form . Please see the Chrome VRP News and FAQ page for mo...
bughunters.google.com
November 13, 2024 at 6:05 PM
Another big step towards becoming a security boundary: today we’re expanding the VRP for the V8 Sandbox
* No longer limited to d8
* Rewards for controlled writes increased to $20k
* Any memory corruption outside the sandbox is now in scope
bughunters.google.com/about/rules/...
Happy hacking!
* No longer limited to d8
* Rewards for controlled writes increased to $20k
* Any memory corruption outside the sandbox is now in scope
bughunters.google.com/about/rules/...
Happy hacking!
VXCON finished and thank you so much to everyone.
November 19, 2024 at 11:56 AM
VXCON finished and thank you so much to everyone.