I solved the Blue Frost Security linux kernel challenge they published for Ekoparty 2022 and loved it! Blue Frost Security Here's my writeup: klecko.github.io/posts/bfs-ekop…

Introducing the world to our teammate's latest CVE: EntryBleed, a Linux bug that allows low privileged attackers to break KASLR under KPTI/KAISER for Intel based systems. willsroot.io/2022/12/entryb…

Excited to share our upcoming IEEE S&P 2023 paper on efficiently discovering speculative vulnerabilities in x86 CPUs (implemented in the latest version of the Revizor testing tool) (1/5)

I have a PhD opening in system security (focus on fuzzing/symbolic execution for microarchitectural leaks) at IMDEA Software: software.imdea.org/open_positions… The position is fully funded. Please spread the word!

Using their own example code, I made a simple demonstration of how horrible "Clean Code" ideas are for software performance: computerenhance.com/p/clean-code-h…

CVE-2023-2008 - Analyzing and exploiting a bug in the udmabuf driver by Manuel Blanco and Eloi Sanfelix labs.bluefrostsecurity.de/blog/cve-2023-…

I just released a blog post on an Android ITW exploit chain: googleprojectzero.blogspot.com/2023/09/analyz… A big thanks to Google TAG and the other members of Project Zero who participated in the creation of this blog post and analysis of the chain!

Although it's nothing new, Inés and I are pleased to publish our own ROP-based implementation of the code fluctuation technique. We've tried to keep it simple and functional, avoiding to use common features like Timers, HWBP or APCs. github.com/Kudaes/Shelter

#Lazarus exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools.CVE-2024-21338 Beyond BYOVD with an Admin-to-Kernel Zero-Day decoded.avast.io/janvojtesek/la…

The xz backdoor was the final part of a campaign that spanned two years of operations. These operations were predominantly HUMINT style agent operations. There was an approach that lasted months before the Jia Tan persona was well positioned to be given a trusted role.

Thrilled to announce that our paper on finding side-channels in crypto implementations running on future microarchitectures has been accepted at @ACM_CCS'24! 📄: arxiv.org/pdf/2402.00641… (Preprint) 🧑‍💻: github.com/hw-sw-contract… (Tool)

I just released the blog explaining how I leveraged CVE-2022-22265 in the Samsung npu driver. Double free to achieve UAF over signalfd + cross cache + Dirty Page Table + code inject into libbase.so for execution by init. Hope you can enjoy it soez.github.io/posts/CVE-2022…

Congratulations to all the winners of yesterday’s CTF! Top 5, please come by the Gecko booth to pick up your prizes! 🎉🦎 Hexacon #hexacon 1. Test 2. Klecko 3. Fs 4. Themaks 5. Red0xff

I've written a post on SELinux and some public bypasses for Android kernel exploitation. It's especially relevant for Samsung and Huawei devices due to their use of hypervisors. Check it out here: klecko.github.io/posts/selinux-…

🚀 We're back with a fresh blog redesign! Dive into DiegoAltF4's latest post, which offers an in-depth analysis of CVE-2023-22098, including a reliable PoC to escape VirtualBox. 🛠️ Unleash your virtualization magic now! Link below ⬇️

Excited to be mentioned in the new exploits.club Newsletter! 🎉 It’s an honor to be featured alongside such skilled hackers, including my friend Klecko. If you haven’t checked out the posts yet, don’t miss out!

Dropped my slide for POC2024 on Linux kernel exploitation, including a journal from Pwn2Own Vancouver earlier this year. Enjoy 🙂. u1f383.github.io/slides/talks/2…

Earlier this year, I used a 1day to exploit the kernelCTF VRP LTS instance. I then used the same bug to write a universal exploit that worked against up-to-date mainstream distros for approximately 2 months. osec.io/blog/2024-11-2…

I tried my hand at exploiting an nday on the Google Container Optimized OS instance in kCTF but sadly was very late to the party. Here is my exploit write-up for it. I learned a lot during the process, let me know what you think. I'll post TL;DR in thread h0mbre.github.io/Patch_Gapping_…