Xen exploitation part 3: XSA-182, Qubes escape

This is the last part of our blogpost series about Xen security . This time we write about a vulnerability we found (XSA-182) (CVE-2016-6258) and his exploitation on Qubes OS project.

more ...

Xen exploitation part 2: XSA-148, from guest to host

This blog post describes the exploitation of Xen Security Advisory 148 (XSA-148) (CVE-2015-7835). It has been discovered by Shangcong Luan of Alibaba and publicly disclosed in October 2015. At the time, we were working on writing an exploit and no public proof of concept nor exploit were available. Today, the security researcher responsible of the vulnerability disclosure has given a public talk and will give conferences explaining his approach . We decided to publish this blogpost anyway because our exploitation strategy is a little bit different.

more ...

A brief survey of Fully Homomorphic Encryption, computing on encrypted data


Xen exploitation part 1: XSA-105, from nobody to root

This blog post describes the exploitation of Xen Security Advisory 105 (XSA-105) (CVE-2014-7155). This post explains the environment setup and shows the development of a fully working exploit on Linux 4.4.5.

more ...

Reversing a Finite Field Multiplication Optimization


Implementing a Custom Directive Handler in Clang


Binmap: a system scanner


Windows Filtering Platform: Persistent state under the hood


IRMA v1.3.0


Clang Hardening Cheat Sheet