Further reading, watching, tooling

Resources

Everything we drew on — peer-reviewed papers, industry analyses, primary advisories, lab environments, and the single best YouTube channel on binary exploitation.

Our paper

PDF
Zero-Click, Old Tricks
The full IEEE-format paper.
PPTX
Presentation slides
Final slide deck from the MCS defense.

Video & channels

Recommended channel

LiveOverflow

The clearest, most honest explanations of binary exploitation on the internet. The heap series and CTF walkthroughs are how many of us first understood the primitives this paper analyzes.

youtube.com/@LiveOverflow →
Channel
Computerphile
Approachable explainers on memory, crypto, OS internals.
Blog
Google Project Zero
Deep dives on iOS/Android zero-click chains, incl. FORCEDENTRY.

Peer-reviewed papers

Phrack
Aleph One — Smashing the Stack for Fun and Profit (1996)
The foundational text on stack-based exploitation.
IEEE S&P
Szekeres et al. — Eternal War in Memory (2013)
Canonical taxonomy of memory-corruption and mitigations.
USENIX
van der Veen et al. — Memory Errors: The Past, the Present, and the Future
A survey of memory error classes across decades.
ACM CSUR
Mobile malware and zero-click attacks — survey (2023)
Survey placing NSO-class chains in context.

Industry analyses

Quarkslab
Analysis of CVE-2025-43300 (ImageIO DNG)
Root-cause reverse engineering of the ImageIO bug.
Lookout
Threat intelligence on the 2025 chain
Telemetry on targeting and deployment.
Citizen Lab
Civil-society targeting disclosures
Victim notifications and attribution context.
Project Zero
A deep dive into an NSO zero-click (FORCEDENTRY)
The 2021 precedent this chain echoes.

Primary sources & standards

Apple
Apple security advisory — iOS 18.6.2 / macOS 15.6.1
Vendor patch notes for CVE-2025-43300.
WhatsApp
WhatsApp security advisories 2025
Vendor disclosure of CVE-2025-55177.
CISA KEV
Known Exploited Vulnerabilities catalog
Both CVEs were added to the KEV list.
MITRE
CWE-787 (OOB Write) & CWE-863 (Incorrect Authorization)
Canonical weakness definitions.

Tools & labs

Recommended platform

Hack The Box

The industry-standard platform for hands-on binary exploitation practice. The Pwn track covers heap overflows, format strings, and kernel exploitation — the same primitive classes this paper analyzes in a real-world zero-click chain.

hackthebox.com →
Lab
Exploit Education — Phoenix heap-two
The pedagogical exercise that mirrors the 2025 primitive.
Tool
pwntools
The de-facto CTF exploitation framework.
Tool
GDB
GNU debugger — used throughout our heap-two walkthrough.
Tool
checksec
Inspect binary mitigations (RELRO, NX, PIE, Canary).
HTB
Hack The Box — Pwn track
Structured heap, stack, and kernel exploitation challenges.