Category: Exploitation

This article details two bugs discovered in the NVIDIA Linux Open GPU Kernel Modules and demonstrates how they can be exploited. The bugs can be triggered by an attacker controlling a local unprivileged process. Their security implications were confirmed via a proof of concept that achieves kernel read and write primitives.

In this blog post we explain the consequences of asking our R&D boss for a Steam Deck as a Christmas gift. It involves a couple of vulnerabilities, limited primitives, challenging exploitation and a long disclosure process.

This is a writeup of a heap pwn challenge at HitconCTF Qualifiers 2024, which explains some glibc malloc internals and some heap exploitation tricks that can be used for getting a shell!

In this blog post we'll see a technique to gain code execution in SMM from a very limited write primitive.

This blog post presents a post-exploitation approach to inject code into KeePass without process injection. It is performed by abusing the cache resulting from the compilation of PLGX plugin.

This article introduces a kind of eBPF program that may be used to monitor userspace programs. It first introduces you to eBPF and uprobes and then explores the flaws that we found in uprobes.

This blog post analyzes the vulnerability known as "Bad Neighbor" or CVE-2020-16898, a stack-based buffer overflow in the IPv6 stack of Windows, which can be remotely triggered by means of a malformed Router Advertisement packet.

On September 2018, FreeBSD published the security advisory FreeBSD-SA-18:12, fixing a kernel memory disclosure vulnerability affecting all the supported versions of this operating system.

On February 9, 2017, Natalie Silvanovich from Google Project Zero unrestricted access to P0's issue #983 [1], titled "Microsoft Edge: Use-after-free in TypedArray.sort", which got assigned CVE-2016-7288 and was patched as part of Microsoft security bulletin MS16-145 [2] during December 2016. In this blog post we discuss how I managed to exploit this UAF issue to obtain remote code execution on MS Edge.

This is the last part of our blogpost series about Xen security [1] [2]. This time we write about a vulnerability we found (XSA-182) [0] (CVE-2016-6258) and his exploitation on Qubes OS [3] project.