• Hrvoje Mišetić Hrvoje Mišetić

Posts

Pwning Minecraft: 4-byte heap overflow to RCE

We achieved RCE in Minecraft Bedrock, turning a 4-byte heap overflow into complete client compromise. Learn how a universal, Bedrock-specific technique is used to bypass ASLR and achieve arbitrary read/write primitives.
Hrvoje Mišetić

Patch gap to mobile renderer RCE: pwning Samsung Internet's V8 on the Galaxy S25

Samsung Internet on the Galaxy S25 shipped a six-month-old version of V8, exposing it to publicly known bugs. Learn how we exploited a bytecode interpreter vulnerability to achieve renderer RCE and universal XSS in the browser.
Hrvoje Mišetić, Jamie Hill-Daniel, William Liu

From virtio-snd 0-day to hypervisor escape: exploiting QEMU with an uncontrolled heap overflow

Turning an uncontrolled heap overflow into a reliable QEMU guest-to-host escape using new glibc allocator behavior and QEMU-specific heap spray techniques.
Hrvoje Mišetić