You can't stop me anymore Overflow

Writeup for GRUB, from OMH 2021 CTF by p4 scavengersecurity.com/posts/omh-grub/

Linux Internals: How /proc/self/mem writes to unwritable memory offlinemark.com/2021/05/12/an-…

Writeup for optimizeme, from RaRCTF 2021 scavengersecurity.com/posts/rar-opti…

Writeup for "Containers?", from FwordCTF 2021. A journey in Linux namespaces. scavengersecurity.com/posts/fword-co…

I’ve recently published my first writeup for “devprivops” bash challenge from #FWordCTF 2021 (by Fword). Thanks to Scavenger Security for their support. scavengersecurity.com/posts/fwordctf…

Writeup for Paas, from GrabCON CTF 2021 (The Cyber Grabs). Format string exploitation in the Linux kernel. scavengersecurity.com/posts/grabcon-…

Writeup for Flag Checker, from DownUnderCTF scavengersecurity.com/posts/downunde…

Our writeups for ABBR and Beans Talk, from ASIS CTF. We worked with ripp3rs for this CTF, great experience overall! scavengersecurity.com/posts/asisqual… scavengersecurity.com/posts/asisqual…

Writeup for Cloudinspect, from hack_lu CTF 2021. My first VM escape! scavengersecurity.com/posts/hack.lu-…

A beginner's attempt at optimizing GCC developers.redhat.com/articles/2021/…

I wrote a _very_ simple (and hopefully correct) implementation of hazard pointers in pure C89 using GCC atomic builtins: github.com/00xc/libdanger

blog.cloudflare.com/how-to-stop-ru… "How to stop running out of ephemeral ports and start to love long-lived connections" Or "Userspace Connectx() on Linux" Or "This is why we need kernel-side connectx()" Or "Why you can have tops 28K outbound UDP connections?" Code github.com/cloudflare/clo…

CVE-2022-24986: KCron: Insecure temporary file handling: Posted by Carlos López on Feb 25Hello list, Find below our report for CVE-2022-24986: Insecure temporary file handling in KDE KCron dlvr.it/SKf5rd

🧵1 Kc Udonsi and I wanted to say thanks to the people whose CVE discoveries, vulnerability write-ups, and PoCs we used to create the material for #OST2 ost2.fyi/Vulns1001. So thanks go out to the following contributors…

Linear Stack Buffer Overflow: CVE-2021-43579 Carlos López Carlos

Together with my session at #OC3 today I am excited to share that COCONUT-SVSM is now public! 🔒🌴 Check out the announcement at suse.com/c/suse-open-so… or go directly to the GitHub space github.com/coconut-svsm #ConfidentialComputing

This is the kind of thing that makes you appreciate even more Rust's approach to things. Signed overflow is always well defined: it causes a panic in debug builds and wraps as 2's complement in release builds. Plus `wrapping_add()`, `saturating_add()`, `checked_add()`, etc.

Carlos And you can even enable the panics in release mode as well: doc.rust-lang.org/cargo/referenc… :)

Just finished teaching the hypervisor class! Had many good interactions with students and enjoyed it a lot. Hexacon in October is the next opportunity. If you are interested in reading and writing hypervisors, or low-level technologies in general, come to Paris and join us.