James Forshaw 

@tiraniddo@infosec.exchange
4.1K Followers
157 Following
311 Posts
Security researcher in Google Project Zero. Author of Attacking Network Protocols. Tweets are my own etc.
Githubhttps://github.com/tyranid
Bloghttps://www.tiraniddo.dev/
James Forshaw Aug 13
While I've always focussed on using Mastodon I did try and give Bluesky a go, but the community doesn't seem there and I never got much engagement on security topics. Bluesky's decisions regarding the stupid UK's Online Safety Act to make DMs locked behind age verification is the final straw, so I've deactivated the account and maybe it'll get deleted eventually. I'll go back to not posting anything exclusively on here :D
James Forshaw Jul 24
David GerardJul 24

so the Bluesky age filtering is absolutely minimal technically-in-compliance - and it's client side!

here are multiple ways around it

https://gist.github.com/mary-ext/6e27b24a83838202908808ad528b3318

I'm still proxying via Germany, but might try some of these

Bluesky's age assurance sucks, here's how to work around it.

Bluesky's age assurance sucks, here's how to work around it. - bluesky-osa.md

Gist
James Forshaw Jul 9
Samuel GroßJul 9

If you have a machine with PKEY support and somewhat recent Linux kernel you can now play around with hardware support for the V8 sandbox. When active, JS + Wasm code has no write permissions outside the sandbox address space. To enable, simply set `v8_enable_sandbox_hardware_support = true` at build time.

It's not (yet) meant for production use, but should offer a preliminary look at where things might be heading. See https://crbug.com/350324877 for more details.

Feedback welcome! :)

Chromium

James Forshaw Jun 27
I love finding bugs which only work because of the introduction of a security mitigation. No good deed, etc.
James Forshaw Jun 12
RedTeam PentestingJun 11

🚨 Our new blog post about Windows CVE-2025-33073 which we discovered is live:

🪞The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos:

https://blog.redteam-pentesting.de/2025/reflective-kerberos-relay-attack/

A Look in the Mirror - The Reflective Kerberos Relay Attack

It is a sad truth in IT security that some vulnerabilities never quite want to die and time and time again, vulnerabilities that have long been fixed get revived and come right back at you. While researching relay attacks, the bane of Active …

RedTeam Pentesting - Blog
James Forshaw May 21

Pretty neat research, the fact that MSRC doesn't want to fix it is pretty disappointing. https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory

It's not like the LDAP server hasn't had "fixes" in the past for potentially abusing object classes, like it was hard to create gMSAs as there was an explicit block in the code. Even more so for a new feature, when they already have a privilege block to prevent migration alone, they could have applied that to creation as well.

James Forshaw May 20
Ivan FratricMay 20
...and now the video of my talk "Finding and Exploiting 20-year-old bugs in Web Browsers" is live too https://www.youtube.com/watch?v=U1kc7fcF5Ao
OffensiveCon25 - Ivan Fratric - Finding and Exploiting 20-Year-Old Bugs in Web Browsers

YouTube
James Forshaw May 9
dillonfrankeMay 9

Thrilled to announce my new Project Zero blog post is LIVE! 🎉 I detail my knowledge-driven fuzzing process to find sandbox escape vulnerabilities in CoreAudio on MacOS.

I'll talk about this and the exploitation process next week
@offensive_con

https://googleprojectzero.blogspot.com/2025/05/breaking-sound-barrier-part-i-fuzzing.html

Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages

Guest post by Dillon Franke, Senior Security Engineer ,  20% time on Project Zero Every second, highly-privileged MacOS system daemons...

James Forshaw May 8
No Starch PressMay 7

James Forshaw @tiraniddo , author of Attacking Network Protocols & Windows Security Internals, will be at Off-by-One as a Keynote Speaker: https://offbyone.sg/conference/james-forshaw

Eugene Lim, author of From Day Zero to Zero Day, will also be at Off-by-One running a smart device hacking village: https://offbyone.sg/activities/smart-weighing-machine-hacking

Off-by-One Conference 2025

Off-by-One Conference is a cybersecurity conference where like-minded professionals gather and exchange technical insights while gaining knowledge from one another. As the offensive security landscape continues to evolve, the Conference will also serve as a community to nurture and showcase new and uprising local and regional researchers.

James Forshaw Apr 29
Is anyone unlucky enough to be at RSA tomorrow (Tuesday)? I might head down to SF in the afternoon and wander the expo area to find the best AI security products, so if anyone wants to say hi let me know :)