https://theori.io/blog Empowering Innovation with SecurityExplore expert insights into offensive security and threat intelligence. Thu, 06 Mar 2025 04:09:43 GMT inblog Mon, 06 Apr 2026 20:05:26 GMT https://image.inblog.dev?url=https%3A%2F%2Finblog.ai%2Fapi%2Fog-logo%3FlogoUrl%3Dhttps%253A%252F%252Fsource.inblog.dev%252Flogo%252F2025-03-17T09%253A35%253A07.309Z-f470ea09-7b8a-45da-9dc3-c3c1d22a032b%26title%3D%26description%3DEmpowering%2520Innovation%2520with%2520Security%250AExplore%2520expert%2520insights%2520into%2520offensive%2520security%2520and%2520threat%2520intelligence.&w=1920&q=85 https://theori.io/blog https://theori.io/blog/what-are-business-logic-vulnerabilities Even secure-looking code can hide dangerous flaws. Learn why business logic vulnerabilities are hard to detect and why most scanners miss them. Fri, 06 Mar 2026 05:04:00 GMT https://theori.io/blog/what-are-business-logic-vulnerabilities AI for Security Xint https://theori.io/blog/announcing-xint-code Real Vulnerabilities. Actionable Results. Tue, 16 Dec 2025 00:43:33 GMT https://theori.io/blog/announcing-xint-code AI for Security Xint https://theori.io/blog/building-effective-llm-agents-63446 How we learned to build effective LLM agents for hacking at DARPA's AI Cyber Challenge (AIxCC) Fri, 08 Aug 2025 19:28:00 GMT https://theori.io/blog/building-effective-llm-agents-63446 AI for SecurityAIxCC Xint https://theori.io/blog/aixcc-and-roboduck-63447 An introduction to DARPA's AI Cyber Challnge and Theori's third place cyber reasoning system Fri, 08 Aug 2025 19:27:40 GMT https://theori.io/blog/aixcc-and-roboduck-63447 AI for SecurityAIxCC Xint https://theori.io/blog/exploring-traces-63950 Agent trajectory walkthroughs of a fully autonomous hacking system Fri, 08 Aug 2025 19:25:46 GMT https://theori.io/blog/exploring-traces-63950 AI for SecurityAIxCC Xint https://theori.io/blog/How-to-Identify-Phishing-Scams Learn how to spot phishing scams with expert tips recognizing suspicious emails, SMS, and fraudulent request for personal information. Mon, 28 Apr 2025 23:00:00 GMT https://theori.io/blog/How-to-Identify-Phishing-Scams Vulnerability Research Frontier Squad https://theori.io/blog/web2-security-over-web3-ecosystem-what-were-missing-in-the-bybit-case-48821 In this article, we briefly look at the circumstances of the Bybit incident and discuss what countermeasures could have been implemented. Then, we discuss the limitations of current solutions and how Xint resolves them. Thu, 27 Mar 2025 06:38:06 GMT https://theori.io/blog/web2-security-over-web3-ecosystem-what-were-missing-in-the-bybit-case-48821 AI for Security Xint https://theori.io/blog/reviving-the-modprobe-path-technique-overcoming-search-binary-handler-patch A new approach to the Overwriting modprobe_path technique is introduced, addressing changes in the Upstream kernel that prevent triggering via dummy files. Sat, 15 Mar 2025 08:52:16 GMT https://theori.io/blog/reviving-the-modprobe-path-technique-overcoming-search-binary-handler-patch Vulnerability Research Frontier Squad https://theori.io/blog/four-ways-to-protect-your-legacy-with-theoris-cybersecurity-solutions Discover the top cybersecurity threats for 2025 and how Theori's innovative solutions can safeguard your business from evolving cyber risks and costly data breaches. Sun, 16 Feb 2025 15:00:00 GMT https://theori.io/blog/four-ways-to-protect-your-legacy-with-theoris-cybersecurity-solutions Web2 Security Frontier Squad https://theori.io/blog/deepseek-security-privacy-and-governance-hidden-risks-in-open-source-ai This post examines DeepSeek's security gaps, privacy practices, and open-source AI risks, offering practical advice for users and developers. Thu, 06 Feb 2025 15:00:00 GMT https://theori.io/blog/deepseek-security-privacy-and-governance-hidden-risks-in-open-source-ai Security for AI αprism https://theori.io/blog/the-true-cost-of-siloed-security-tools-48551 Security silos occur when different security tools, teams, or systems operate in isolation, unable to effectively share data or communicate. Fri, 20 Dec 2024 09:00:00 GMT https://theori.io/blog/the-true-cost-of-siloed-security-tools-48551 AI for Security Xint https://theori.io/blog/finding-vulnerabilities-in-firmware-with-static-analysis-platform-queryx QueryX, Theori’s program analysis platform, automates variant analysis for vulnerability detection. Learn how its taint analysis module uncovered CVE-2023-39471. Wed, 06 Nov 2024 15:00:00 GMT https://theori.io/blog/finding-vulnerabilities-in-firmware-with-static-analysis-platform-queryx Vulnerability Research Frontier Squad https://theori.io/blog/side-effects-when-continuous-development-introduces-security-threats-48550 Dive into five significant security risks that emerged as unintended consequences of new feature development. Mon, 04 Nov 2024 09:00:00 GMT https://theori.io/blog/side-effects-when-continuous-development-introduces-security-threats-48550 Web2 Security Xint https://theori.io/blog/top-5-features-your-asm-solution-must-have-48548 So you know what ASM is and why you need it — but which features are crucial? Here’s the run down. Thu, 24 Oct 2024 09:00:00 GMT https://theori.io/blog/top-5-features-your-asm-solution-must-have-48548 AI for Security Xint https://theori.io/blog/offensive-security-with-large-language-models-2-48547 How LLMs are changing the game for static analysis — especially when source code is available. Mon, 30 Sep 2024 09:00:00 GMT https://theori.io/blog/offensive-security-with-large-language-models-2-48547 AI for Security Xint https://theori.io/blog/offensive-security-with-large-language-models-1-48546 Applications of larage language models in offensive security Fri, 27 Sep 2024 09:00:00 GMT https://theori.io/blog/offensive-security-with-large-language-models-1-48546 AI for Security Xint https://theori.io/blog/winning-the-aixcc-qualification-round Theori’s Cyber Reasoning System (CRS) “Robo Duck” not only cleared the bar to get us $2M and a spot at the AIxCC finals in 2025, it also got the first place among all the submissions in the highly competitive event. Mon, 23 Sep 2024 15:00:00 GMT https://theori.io/blog/winning-the-aixcc-qualification-round AI for Security Xint https://theori.io/blog/top-penetration-testing-solutions-for-it-security-2024-guide-48545 The top 7penetration testing tools of 2024 for hackers and for businesses. Wed, 11 Sep 2024 09:00:00 GMT https://theori.io/blog/top-penetration-testing-solutions-for-it-security-2024-guide-48545 AI for Security Xint https://theori.io/blog/deep-dive-into-rcu-race-condition-analysis-of-tcp-ao-uaf-cve-2024-27394 CVE-2024-27394 is a TCP-AO Use-After-Free vulnerability caused by improper RCU API usage. Read the in-depth analysis and reliable triggering technique. Tue, 03 Sep 2024 15:00:00 GMT https://theori.io/blog/deep-dive-into-rcu-race-condition-analysis-of-tcp-ao-uaf-cve-2024-27394 Vulnerability Research Frontier Squad https://theori.io/blog/offensive-security-vs-defensive-security-navigating-the-two-pillars-of-cybersecurity Explore how offensive and defensive security strategies work together to protect against cyber threats. Fri, 30 Aug 2024 09:00:00 GMT https://theori.io/blog/offensive-security-vs-defensive-security-navigating-the-two-pillars-of-cybersecurity Web2 Security Xint https://theori.io/blog/a-deep-dive-into-the-cososys-endpoint-protector-exploit-remote-code-execution Four critical RCE vulnerabilities (CVE-2024-36072 to CVE-2024-36075) in CoSoSys Endpoint Protector were identified, allowing full server and client compromise. Read the full analysis. Thu, 29 Aug 2024 15:00:00 GMT https://theori.io/blog/a-deep-dive-into-the-cososys-endpoint-protector-exploit-remote-code-execution Web2 Security Frontier Squad https://theori.io/blog/chaining-n-days-to-compromise-all-part-6-windows-kernel-lpe-get-system The final part of the N-day exploit series analyzes CVE-2023-36802, a privilege escalation vulnerability in mskssrv.sys, used to gain SYSTEM access on a VMware host. Tue, 21 May 2024 15:00:00 GMT https://theori.io/blog/chaining-n-days-to-compromise-all-part-6-windows-kernel-lpe-get-system Vulnerability Research Frontier Squad https://theori.io/blog/chaining-n-days-to-compromise-all-part-5-vmware-workstation-host-to-guest-escape CVE-2023-20869 was exploited to achieve arbitrary code execution on a VMware host from a guest system. Read the full technical analysis. Thu, 02 May 2024 15:00:00 GMT https://theori.io/blog/chaining-n-days-to-compromise-all-part-5-vmware-workstation-host-to-guest-escape Vulnerability Research Frontier Squad https://theori.io/blog/chaining-n-days-to-compromise-all-part-4-vmware-workstation-information-leakage CVE-2023-34044, a variant of CVE-2023-20870, was exploited to extract critical information from a VMware host process. Read the in-depth analysis. Wed, 17 Apr 2024 15:00:00 GMT https://theori.io/blog/chaining-n-days-to-compromise-all-part-4-vmware-workstation-information-leakage Vulnerability Research Frontier Squad https://theori.io/blog/chaining-n-days-to-compromise-all-part-3-windows-driver-lpe-medium-to-system CVE-2023-29360, a logic bug in the mskssrv.sys driver, was exploited to escalate privileges to SYSTEM in a 1-day full chain attack. Read the detailed breakdown. Mon, 08 Apr 2024 15:00:00 GMT https://theori.io/blog/chaining-n-days-to-compromise-all-part-3-windows-driver-lpe-medium-to-system Vulnerability Research Frontier Squad https://theori.io/blog/chaining-n-days-to-compromise-all-part-2-windows-kernel-lpe-a-k-a-chrome-sandbox-escape CVE-2023-21674, a Windows kernel UAF vulnerability, was used to escape the Chrome sandbox in a 1-day full chain exploit. Read the detailed analysis. Sun, 31 Mar 2024 15:00:00 GMT https://theori.io/blog/chaining-n-days-to-compromise-all-part-2-windows-kernel-lpe-a-k-a-chrome-sandbox-escape Vulnerability Research Frontier Squad https://theori.io/blog/chaining-n-days-to-compromise-all-part-1-chrome-renderer-rce This post begins our series on the 1-day exploit chain demoed on X, focusing on a Chrome renderer exploit, CVE-2023-3079, a type confusion bug in V8. Sun, 17 Mar 2024 15:00:00 GMT https://theori.io/blog/chaining-n-days-to-compromise-all-part-1-chrome-renderer-rce Vulnerability Research Frontier Squad https://theori.io/blog/fermium-252-the-cyber-threat-intelligence-database Fermium-252 is a premier vulnerability intelligence platform providing real-time tracking of 1-day exploits, PoCs, and in-depth reports. Stay ahead of cyber threats with our expert analysis. Sun, 03 Mar 2024 15:00:00 GMT https://theori.io/blog/fermium-252-the-cyber-threat-intelligence-database Vulnerability Research Frontier Squad https://theori.io/blog/a-deep-dive-into-v8-sandbox-escape-technique-used-in-in-the-wild-exploit We bypassed the V8 sandbox using a raw pointer in WasmIndirectFunctionTable, enabling arbitrary write and code execution. Read our deep dive into the exploit. Thu, 25 Jan 2024 15:00:00 GMT https://theori.io/blog/a-deep-dive-into-v8-sandbox-escape-technique-used-in-in-the-wild-exploit Vulnerability Research Frontier Squad https://theori.io/blog/exploiting-windows-kernel-wild-copy-with-user-fault-handling-cve-2023-28218 At Hexacon 2023, we presented our Windows kernel security research, uncovering CVE-2023-28218, a heap overflow in afd.sys. Read our exploit analysis and methodology. Thu, 09 Nov 2023 15:00:00 GMT https://theori.io/blog/exploiting-windows-kernel-wild-copy-with-user-fault-handling-cve-2023-28218 Vulnerability Research Frontier Squad https://theori.io/blog/neat-and-nes-algorithms We reverse-engineered NEAT and NES, two unpublished symmetric encryption algorithms from South Korea’s GPKI cryptography library. Read our analysis and implementations. Thu, 20 Apr 2023 15:00:00 GMT https://theori.io/blog/neat-and-nes-algorithms Vulnerability Research Frontier Squad https://theori.io/blog/linux-kernel-exploit-cve-2022-32250-with-mqueue We exploited CVE-2022-32250, a use-after-free vulnerability in Linux Netfilter, to achieve root on Ubuntu 22.04. Learn how we bypassed KASLR and modified modprobe_path. Tue, 23 Aug 2022 15:00:00 GMT https://theori.io/blog/linux-kernel-exploit-cve-2022-32250-with-mqueue Vulnerability Research Frontier Squad https://theori.io/blog/binary-searching-into-cvmserver While analyzing the patch for CVE-2021-30724, we discovered a new uninitialized memory vulnerability (CVE-2022-26721) in macOS's CVMServer. Read our exploitation insights. Thu, 16 Jun 2022 15:00:00 GMT https://theori.io/blog/binary-searching-into-cvmserver Vulnerability Research Frontier Squad https://theori.io/blog/exploiting-safaris-angle-component We discovered CVE-2022-26717, an exploitable bug in WebKit's WebGL component affecting Safari on macOS and iOS. Read our analysis and exploitation methodology. Tue, 17 May 2022 15:00:00 GMT https://theori.io/blog/exploiting-safaris-angle-component Vulnerability Research Frontier Squad https://theori.io/blog/patch-gapping-a-safari-type-confusion Safari 14.1 introduced AudioWorklets, but a newly patched type confusion bug left iOS versions vulnerable for weeks. We share our root cause analysis and exploit details. Mon, 24 May 2021 15:00:00 GMT https://theori.io/blog/patch-gapping-a-safari-type-confusion Vulnerability Research Frontier Squad https://theori.io/blog/compromising-virtualization-without-attacking-the-hypervisor Discover CVE-2020-27675 (XSA-331), a denial-of-service and potential out-of-bounds write vulnerability in the Xen paravirtualization driver, and learn how it can impact virtualization security. Tue, 20 Oct 2020 15:00:00 GMT https://theori.io/blog/compromising-virtualization-without-attacking-the-hypervisor Vulnerability Research Frontier Squad https://theori.io/blog/cleanly-escaping-the-chrome-sandbox Learn how we discovered and exploited Issue 1062091, a use-after-free (UAF) vulnerability in Chrome and Chromium-based Edge, leading to a sandbox escape. Sun, 19 Apr 2020 15:00:00 GMT https://theori.io/blog/cleanly-escaping-the-chrome-sandbox Vulnerability Research Frontier Squad https://theori.io/blog/receiving-nrsc-5 We have implemented an NRSC-5-C digital radio receiver and released it as open source on GitHub. Explore IBOC-based hybrid broadcasting and security research opportunities. Thu, 08 Jun 2017 15:00:00 GMT https://theori.io/blog/receiving-nrsc-5 Vulnerability Research Frontier Squad https://theori.io/blog/chakra-jit-cfg-bypass Learn how attackers bypassed Microsoft's Control Flow Guard (CFG) in Internet Explorer and Edge. We break down our PoC exploit, mitigation bypass, and the MS16-119 patch details. Tue, 13 Dec 2016 15:00:00 GMT https://theori.io/blog/chakra-jit-cfg-bypass Vulnerability Research Frontier Squad https://theori.io/blog/patch-analysis-of-ms16-063-jscript9-dll Microsoft's MS16-063 patch fixed a critical memory corruption vulnerability in jscript9.dll (TypedArray & DataView) affecting Internet Explorer. Read our analysis, vulnerability breakdown, and PoC exploit. Sun, 26 Jun 2016 15:00:00 GMT https://theori.io/blog/patch-analysis-of-ms16-063-jscript9-dll Vulnerability Research Frontier Squad https://theori.io/blog/patch-analysis-of-cve-2016-0189 Microsoft's MS16-051 patch addressed a critical Internet Explorer vulnerability (CVE-2016-0189) exploited in South Korea. Explore our in-depth analysis, patch breakdown, and proof-of-concept exploit. Tue, 21 Jun 2016 15:00:00 GMT https://theori.io/blog/patch-analysis-of-cve-2016-0189 Vulnerability Research Frontier Squad