Research [CVE-2025-37752] Two Bytes Of Madness: Pwning The Linux Kernel With A 0x0000 Written 262636 Bytes Out-Of-Bounds CVE-2025-37752 is an Array-Out-Of-Bounds vulnerability in the Linux network packet scheduler, specifically in the SFQ queuing discipline. An invalid SFQ limit and a series of interactions between SFQ and the TBF Qdisc can …
Research A Quick Dive Into The Linux Kernel Page Allocator In recent years, with the rise of new kernel mitigations - from CFI to Google’s SLUB virtual to randomized slab caches - there has been a trend shift from slab-level object exploitation to page-level exploitation.
Research First Blooding Google's kernelCTF VRP Exploiting The Experimental Mitagation Instance In 2023 Google launched a new Vulnerability Reward Program (VRP) called kernelCTF. I was fortunate enough to get first blood by compromising the instance with experimental mitigations. In this article, after providing a brief …
CTF, Research [corCTF 2022] CoRJail: From Null Byte Overflow To Docker Escape Exploiting poll_list Objects In The Linux Kernel CoRJail is a kernel exploitation challenge designed for corCTF 2022. Players were asked to escape from a hardened Docker container with custom seccomp filters exploiting a Off-By-Null vulnerability in a Linux Kernel Module …
Research [CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver CVE-2021-42008 is a Slab-Out-Of-Bounds Write vulnerability in the Linux 6pack driver caused by a missing size validation check in the decode_data function. A malicious input from a process with CAP_NET_ADMIN capability can …
CTF, Research [corCTF 2021] Wall Of Perdition: Utilizing msg_msg Objects For Arbitrary Read And Arbitrary Write In The Linux Kernel Wall of Perdition is the second and harder part of a two part series of kernel exploitation challenges designed by FizzBuzz101 and me for corCTF 2021. You can find the writeup for the first part, Fire of Salvation, on his …
Research [CVE-2021-3156] Exploiting Sudo Heap Overflow On Debian 10 Recently the Qualys Research Team did an amazing job discovering a Heap overflow vulnerability in Sudo. In the next sections, we will analyze the bug and we will write an exploit to gain root privileges on Debian 10.
CTF [CUCTF 2020] Hotrod: Exploiting timerfd_ctx Objects In The Linux Kernel Hotrod is a kernel exploitation challenge created by my friend FizzBuzz101 for CUCTF 2020. I tested the challenge before it was released and since the exploitation process was very interesting, I decided to write this …
Research ret2dl_resolve x64: Exploiting Dynamic Linking Procedure In x64 ELF Binaries In this article, we will start analyzing the lazy binding process, we will proceed dissecting dl-runtime, understanding when it is possible to use this technique without a leak, and finally we will build our exploit.