This article details the process of finding and exploiting a vulnerability in the IN-8401 2K+ IP camera. The author describes steps from firmware extraction to building an ARM ROP chain for unauthenticated remote code execution. It highlights the importance of proper debugging and analysis methods in discovering security flaws.

This article explores how large language models (LLMs) and pyghidra-mcp enhance reverse engineering by analyzing a use-after-free vulnerability in Windows' Common Log File System. It outlines the process of understanding the vulnerability through patch diffs, code flow, and automation with LLMs.

Apple released a security patch for CVE-2025-43300, addressing an out-of-bounds write vulnerability in the ImageIO framework that could be exploited in zero-click attacks. The article provides a detailed root cause analysis of the vulnerability and the changes made in the patch, focusing on the modifications in the RawCamera file and the implications for image processing. Researchers have previously explored the vulnerability, revealing its connections to JPEG Lossless compression in DNG files.