Research

6 readers

1 users here now

/r/netsec's branch in the fediverse.

A community-curated aggregator of technical research. Our mission is to extract signal from the noise.

Only post technical content here. New tools (and major releases of existing ones), novel techniques, deep dives and post mortems are the ideal content. CTF and bug bounty writeups could be acceptable if they showcase lesser known approaches or techniques.

Non-technical content (both beginner and CISO level) will be considered spam.

founded 1 year ago

MODERATORS

execveat@infosec.pub

CS:GO: From Zero to 0-day (neodyme.io)

submitted 1 year ago by execveat@infosec.pub to c/research@infosec.pub

2 comments fedilink hide all child comments

They've chained 4 logic bugs to achieve RCE in CS:GO, pretty impressive. Valve sucks at communication and bug bounty payouts though.

you are viewing a single comment's thread
view the rest of the comments

[–] 21trillionsats@infosec.pub 2 points 1 year ago* (last edited 1 year ago)

Wow that was a fantastic read, love how much detail they went into for how they went about hunting for these.

There were a lot of good sources to get the debug symbols for an old game like CSGO but they were very impressive, comprehensive and meticulous. It’s great to see that in combination with their process transparency.