❌

Normal view

There are new articles available, click to refresh the page.
Before yesterdayPentest/Red Team

CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF

21 December 2022 at 06:00
Introduction In the past few weeks, I worked with @LukeGix (checkout his blog post on the same vulnerability here) to exploit the CVE-2022-2602, a very interesting bug from multiple perspectives without a public exploit, that impacts the io_uring subsystem with an Use-After-Free vulnerability handling registered file descriptors.We used a Data-Only attack against kernel version 5.15.74 […]

Linux Kernel Exploit Development: 1day case study

13 June 2022 at 10:01
Introduction I was searching for a vulnerability that permitted me to practise what I’ve learned in the last period on Linux Kernel Exploitation with a β€œreal-life” scenario. Since I had a week to dedicate my time in Hacktive Security to deepen a specific argument, I decided to search for a public vulnerability without a public […]

KRWX: Kernel Read Write Execute

12 March 2022 at 15:41
Introduction Github project: https://github.com/kiks7/KRWX During the last few months/year I was studying and approaching the Kernel Exploitation subject and during this journey I developed few tools that assissted me (and currently assist) on better understanding specific topics. Today I want to release my favourine one: KRWX (Kernel Read Write Execute). It is a simple LKM […]
❌
❌