Theori Vulnerability ResearchinTheori BLOGChaining N-days to Compromise All: Part 5 — VMware Workstation Guest-to-Host EscapeWe will present how we execute arbitrary code on the host OS from the guest. The vulnerability is CVE-2023–20869.11 min read·May 3, 2024----
Theori Vulnerability ResearchinTheori BLOGChaining N-days to Compromise All: Part 4 — VMware Workstation Information leakageWe will present how we get the critical information in VMware process running on the host from the guest. (CVE-2023–34044)11 min read·Apr 18, 2024--1--1
Theori Vulnerability ResearchinTheori BLOGChaining N-days to Compromise All: Part 3 — Windows Driver LPE: Medium to SystemWe will present how we elevate the privilege from user to SYSTEM to chain the vulnerability of VMWare. The vulnerability is CVE-2023–29360.16 min read·Apr 9, 2024----
Theori Vulnerability ResearchinTheori BLOGChaining N-days to Compromise All: Part 2 — Windows Kernel LPE (a.k.a Chrome Sandbox Escape)We will present how we escaped the Chrome sandbox by exploiting a Windows kernel vulnerability. The vulnerability is CVE-2023–21674.17 min read·Apr 1, 2024----
Theori Vulnerability ResearchinTheori BLOGChaining N-days to Compromise All: Part 1 — Chrome Renderer RCEThis blog post is first of the series about the vulnerabilities used in our 1-day full chain exploit we demonstrated on X. In this blog…12 min read·Mar 18, 2024----
Theori Vulnerability ResearchinTheori BLOGFermium-252 : The Cyber Threat Intelligence DatabaseFermium-252 is a comprehensive vulnerability database platform preparing our clients for the state-sponsored cyber attacks by providing…3 min read·Mar 4, 2024----
Theori Vulnerability ResearchinTheori BLOGA Deep Dive into V8 Sandbox Escape Technique Used in In-The-Wild ExploitThe details of how we achieved arbitrary write and code execution primitives using a raw pointer in WasmIndirectFunctionTable object.9 min read·Jan 26, 2024--1--1
Theori Vulnerability ResearchinTheori BLOGExploiting Windows Kernel Wild Copy With User Fault Handling (CVE-2023–28218)Intro10 min read·Nov 10, 2023----
Theori Vulnerability ResearchinTheori BLOGLinux Kernel Exploit (CVE-2022–32250) with mqueueBackground11 min read·Aug 24, 2022----
Theori Vulnerability ResearchinTheori BLOGBinary-searching into CVMServerDuring the analysis of the patch for CVE-2021–30724 while writing a Fermium-252 report, our researcher (@jinmo123) discovered a…7 min read·Jun 17, 2022----