Theori BLOG

Real Vulnerabilities. Actionable Results.

How we learned to build effective LLM agents for hacking at DARPA's AI Cyber Challenge (AIxCC)

An introduction to DARPA's AI Cyber Challnge and Theori's third place cyber reasoning system

Agent trajectory walkthroughs of a fully autonomous hacking system

Learn how to spot phishing scams with expert tips recognizing suspicious emails, SMS, and fraudulent request for personal information.

In this article, we briefly look at the circumstances of the Bybit incident and discuss what countermeasures could have been implemented. Then, we discuss the limitations of current solutions and how Xint resolves them.

A new approach to the Overwriting modprobe_path technique is introduced, addressing changes in the Upstream kernel that prevent triggering via dummy files.

Discover the top cybersecurity threats for 2025 and how Theori's innovative solutions can safeguard your business from evolving cyber risks and costly data breaches.

This post examines DeepSeek's security gaps, privacy practices, and open-source AI risks, offering practical advice for users and developers.

Security silos occur when different security tools, teams, or systems operate in isolation, unable to effectively share data or communicate.

QueryX, Theori’s program analysis platform, automates variant analysis for vulnerability detection. Learn how its taint analysis module uncovered CVE-2023-39471.

Dive into five significant security risks that emerged as unintended consequences of new feature development.

So you know what ASM is and why you need it — but which features are crucial? Here’s the run down.

How LLMs are changing the game for static analysis — especially when source code is available.

Applications of larage language models in offensive security

Theori’s Cyber Reasoning System (CRS) “Robo Duck” not only cleared the bar to get us $2M and a spot at the AIxCC finals in 2025, it also got the first place among all the submissions in the highly competitive event.

The top 7penetration testing tools of 2024 for hackers and for businesses.

CVE-2024-27394 is a TCP-AO Use-After-Free vulnerability caused by improper RCU API usage. Read the in-depth analysis and reliable triggering technique.

Explore how offensive and defensive security strategies work together to protect against cyber threats.

Four critical RCE vulnerabilities (CVE-2024-36072 to CVE-2024-36075) in CoSoSys Endpoint Protector were identified, allowing full server and client compromise. Read the full analysis.

The final part of the N-day exploit series analyzes CVE-2023-36802, a privilege escalation vulnerability in mskssrv.sys, used to gain SYSTEM access on a VMware host.

CVE-2023-20869 was exploited to achieve arbitrary code execution on a VMware host from a guest system. Read the full technical analysis.

CVE-2023-34044, a variant of CVE-2023-20870, was exploited to extract critical information from a VMware host process. Read the in-depth analysis.

CVE-2023-29360, a logic bug in the mskssrv.sys driver, was exploited to escalate privileges to SYSTEM in a 1-day full chain attack. Read the detailed breakdown.

CVE-2023-21674, a Windows kernel UAF vulnerability, was used to escape the Chrome sandbox in a 1-day full chain exploit. Read the detailed analysis.

This post begins our series on the 1-day exploit chain demoed on X, focusing on a Chrome renderer exploit, CVE-2023-3079, a type confusion bug in V8.

Fermium-252 is a premier vulnerability intelligence platform providing real-time tracking of 1-day exploits, PoCs, and in-depth reports. Stay ahead of cyber threats with our expert analysis.

We bypassed the V8 sandbox using a raw pointer in WasmIndirectFunctionTable, enabling arbitrary write and code execution. Read our deep dive into the exploit.

At Hexacon 2023, we presented our Windows kernel security research, uncovering CVE-2023-28218, a heap overflow in afd.sys. Read our exploit analysis and methodology.

We reverse-engineered NEAT and NES, two unpublished symmetric encryption algorithms from South Korea’s GPKI cryptography library. Read our analysis and implementations.

We exploited CVE-2022-32250, a use-after-free vulnerability in Linux Netfilter, to achieve root on Ubuntu 22.04. Learn how we bypassed KASLR and modified modprobe_path.

While analyzing the patch for CVE-2021-30724, we discovered a new uninitialized memory vulnerability (CVE-2022-26721) in macOS's CVMServer. Read our exploitation insights.

We discovered CVE-2022-26717, an exploitable bug in WebKit's WebGL component affecting Safari on macOS and iOS. Read our analysis and exploitation methodology.

Safari 14.1 introduced AudioWorklets, but a newly patched type confusion bug left iOS versions vulnerable for weeks. We share our root cause analysis and exploit details.

Discover CVE-2020-27675 (XSA-331), a denial-of-service and potential out-of-bounds write vulnerability in the Xen paravirtualization driver, and learn how it can impact virtualization security.

Learn how we discovered and exploited Issue 1062091, a use-after-free (UAF) vulnerability in Chrome and Chromium-based Edge, leading to a sandbox escape.

We have implemented an NRSC-5-C digital radio receiver and released it as open source on GitHub. Explore IBOC-based hybrid broadcasting and security research opportunities.

Learn how attackers bypassed Microsoft's Control Flow Guard (CFG) in Internet Explorer and Edge. We break down our PoC exploit, mitigation bypass, and the MS16-119 patch details.

Microsoft's MS16-063 patch fixed a critical memory corruption vulnerability in jscript9.dll (TypedArray & DataView) affecting Internet Explorer. Read our analysis, vulnerability breakdown, and PoC exploit.

Microsoft's MS16-051 patch addressed a critical Internet Explorer vulnerability (CVE-2016-0189) exploited in South Korea. Explore our in-depth analysis, patch breakdown, and proof-of-concept exploit.