So far the most comprehensive & clear post on the topic I've found, go check it out! #linux #internals

Looks like I’ll be speaking at HITBSecConf about kernel (in)security and other exciting stuff!

#HITB2023AMS COMMSEC: The Return of Stack Overflows in the Linux Kernel - Davide Ornaghi - conference.hitb.org/hitbsecconf202…

I will be at HITBSecConf #HITB2023AMS this week, if you are around, pull up, they have a free CommSec track too!

Why is SystemTap so hard to run on custom kernels ☹️

When your UAF read reallocation isn't behaving

Writing CodeQL queries that actually do what you expect feels like magic

#HITB2023AMS #VIDEO #COMMSEC D2 - The Return of Stack Overflows in the Linux Kernel - Davide Ornaghi - conference.hitb.org/hitbsecconf202…

Spent hours trying to mask timer interrupts on gdb to prevent LAPIC events when all I had to do was update QEMU

Great opportunity to have fun with Linux pwning in the beautiful Bergamo!

Quick gdb tip to access per-cpu variables in case lx_per_cpu doesn't work: x __per_cpu_offset[$lx_current().cpu] + (unsigned long) var

CVE-2023-3338 represents a series of issues I found in the Linux DECnet Layer (a 20-year-old protocol) that caused it to be removed from all LTS releases, the most obvious one being this NPD openwall.com/lists/oss-secu…

Experimenting with mappable zero pages and privesc techniques for my DECnet vuln, still a WIP github.com/TurtleARM/CVE-…

Added two less known PE payloads to the project: core_pattern overwrite and syscall hooking (inspired by CVE-2022-0435)! github.com/TurtleARM/CVE-…

Exciting news! 🚀 Just dropped my blogpost unveiling the universal Linux kernel LPE PoC for CVE-2024-1086 (working on v5.14 - v6.7) used for pwning Debian, Ubuntu, and KernelCTF Mitigation instances, including novel techniques like Dirty Pagedirectory 🧵 pwning.tech/nftables

I've written my first blog post on exploiting the Linux kernel, with bonus digressions on internals and rabbit holes. Hope you enjoy the fancy graphics! betrusted.it/blog/64-bytes-… betrusted.it/blog/64-bytes-…

Syzkaller being mad about my custom grammar

🎫 No hat Computer Security Conference 2024 tickets are NOW AVAILABLE on nohat.it 🎫 See you in Bergamo, Italy on Oct 19th! #NoHat #Computer #Security #Conference #Community #Cybersecurity #NoHat2024

While testing and fixing a couple of NPDs in nftables, I found that reusing the subsystem after crashing triggers a UAF read on the previously freed task_struct when reacquiring the commit mutex, maybe worth a look? github.com/torvalds/linux…

Here is a more up-to-date syz description of your favorite subsystem nftables, happy fuzzing! github.com/google/syzkall…