Dropped my slide for POC2024 on Linux kernel exploitation, including a journal from Pwn2Own Vancouver earlier this year. Enjoy 🙂. u1f383.github.io/slides/talks/2…

Earlier this year, I used a 1day to exploit the kernelCTF VRP LTS instance. I then used the same bug to write a universal exploit that worked against up-to-date mainstream distros for approximately 2 months. osec.io/blog/2024-11-2…

Timelines like this (from: osec.io/blog/2024-11-2…) are why companies use #grsecurity, where the ROP, DirtyPipe, msg_msg, modprobe_path, etc techniques are all long dead:

ITS EXPLOITS CLUB DAY 🗞️ 0xTen with Linux 1-day carnage Lots of Windows internals (cc: Petr Beneš, Exodus Intelligence, @wetw0rk_bot) Lessons in Android Bulletins from calc when?? Indoor camera 5 bug chain + Jobs and MORE 👇 blog.exploits.club/exploits-club-…

I have posted the slides for the talk chompie and I gave this past weekend at H2HC -> The Kernel Hacker’s Guide to the Galaxy: Automating Exploit Engineering Workflows #H2HC github.com/FuzzySecurity/…

Great writeup on exploiting Linux kernel nf_tables subsystem osec.io/blog/2024-11-2… Credits Pedro Pinto #infosec #Linux

Diving into Linux kernel security Alexander Popov Alexander Popov published his H2HC talk slides that describe how to get started with learning Linux kernel security and knowingly configure the security parameters of Linux-based systems a13xp0p0v.github.io/img/Alexander_…

code auditing for exploitable bugs is a lot of labor. building fuzzers to find exploitable bugs is a lot of labor. stop trying to find shortcuts. expect to put in a lot of time and sustained effort. can’t be frustrated when you haven’t put in the effort

Full kernel read/write with CVE-2023-32434 using a deterministic exploit strategy (100% success rate)! arm64e is certainly not as easy, but for now all of arm64 should be doable with this strategy. Shoutout to staturnz and TheRealClarity for lots of help and ideas.

Blog post I wrote about an unexpectedly vulnerability we discovered in the TCP subsystem of the Linux kernel. This one is interesting because it can lead to a UAF even with the reference counter saturation mechanism present. I hope you enjoy it.

I've just published a new blog post detailing how I developed a deterministic kernel exploit for iOS. Enjoy! alfiecg.uk/2025/03/01/Tri…

Big day

No mention of Qualys, Vigilant? Smh

We are back😎 Say hello to our kernelCTF submission for CVE-2025-37752🩸 Who would have thought you could pwn a kernel with just a 0x0000 written 262636 bytes out of bounds? Read the full writeup at: syst3mfailure.io/two-bytes-of-m… 👀

Knowledge sharing and relaxing with the team!

Bypassing MTE with CVE-2025-0072 (by Man Yue Mo of GitHub Security) #infosec #android github.blog/security/vulne…

🚨🚨🚨We just broke everyone’s favorite CTF PoW🚨🚨🚨 Our teammate managed to achieve a 20x SPEEDUP on kctf pow through AVX512 on Zen 5. Full details here: anemato.de/blog/kctf-vdf The Sloth VDF is dead😵 This is why kernelCTF no longer has PoW!

Oops, we just pwned the kernelCTF mitigation instance with a 0day😳 Our fellow pwner syst3mfailure has picked up pigeon feeding as a hobby to help him cope with the insanity

First userland ropchain exploit on the Switch 2 Source: bsky.app/profile/retr0.…

Exploit write-ups for our 🚨latest 0-day🚨and the tragedy that swept the red black tree family dropping soon 👀 Here is a tiktok style video for those of you with no attention span thanks to slop and social media. Turn on the audio!!!