In the spirit of kicking a dead horse while it's down, here's a PoC for what *was* another n_gsm 0day: github.com/roddux/ixode This is patched in newer kernels since 67c3775689, but is probably still 0day for anything <6.6, or anything not on an LTS release. have fun

Ongoing slab hardening efforts Recently, there have been multiple efforts to make the exploitation of slab memory corruptions harder. 🧵[1/5]

Check out our latest post about a vulnerability we disclosed to the Kernel Security Team - “Race conditions in Linux Kernel perf events” binarygecko.com/race-condition…

🚨 New Linux Kernel vulnerability (CVE-2024-27394) discovered & patched by Theori! 🔗 blog.theori.io/deep-dive-into… Our researcher V4bel at #Theori identified a critical #UAF vulnerability in TCP-AO caused by a race condition in the #RCU API. Using techniques from the ExpRace paper,

Gonna be giving a talk "SLUB Internals for Exploit Developers" at LSS (@[email protected]) next week. Plan to cover the basics one needs to know before writing exploits for slab bugs; slides coming along 😁 Also gonna stay around for Linux Plumbers Conference 2024. lsseu2024.sched.com/event/1ebVN

Slides and recording from my "SLUB Internals for Exploit Developers" talk at LSS (@[email protected]) yesterday 🥳 Slides: docs.google.com/presentation/d… Slides PDF: static.sched.com/hosted_files/l… Recording: youtu.be/WWQh4yAoXME?t=…

I've written a post on SELinux and some public bypasses for Android kernel exploitation. It's especially relevant for Samsung and Huawei devices due to their use of hypervisors. Check it out here: klecko.github.io/posts/selinux-…

I published a post describing the exploitation process for CVE-2024-38193, a use-after-free vulnerability in the afd.sys Windows driver. Hope you enjoy it! :) blog.exodusintel.com/2024/12/02/win…

it's been a while, but here's a new post in my linternals series where i attempt to introduce the linux kernel's memory management subsystem 🐧 sam4k.com/linternals-exp…

“My wife complains that open office will never print on Tuesdays” A bizarre sentence; which kicked off one of the most interesting bug hunts in Ubuntu’s history. It all starts with some goofy pattern matching.

I tried my hand at exploiting an nday on the Google Container Optimized OS instance in kCTF but sadly was very late to the party. Here is my exploit write-up for it. I learned a lot during the process, let me know what you think. I'll post TL;DR in thread h0mbre.github.io/Patch_Gapping_…

The Linux Memory Manager preorder and early access book nostarch.com/linux-memory-m…

CVE-2025-0927 details here! ssd-disclosure.com/ssd-advisory-l…

Just saw it mentioned on LWN, handy site for checking which distros enable a certain config option: oracle.github.io/kconfigs/?conf…... Just replace UTS_RELEASE with whatever config option name minus CONFIG_, for example: oracle.github.io/kconfigs/?conf…...

Slides of my talk at #Zer0Con2025! ⚡️ Kernel-Hack-Drill: Environment For Developing Linux Kernel Exploits ⚡️ I presented the kernel-hack-drill open-source project and showed how it helped me to exploit CVE-2024-50264 in the Linux kernel. Enjoy! a13xp0p0v.github.io/img/Alexander_…

🚨 New Blog Post: Exploiting CVE-2024-0582 via the Dirty Page Table Method! Discover how dangling pages can corrupt Page Table Entries (PTEs) and redirect user-space memory to kernel-space. Read the full analysis: kuzey.rs/posts/Dirty_Pa… #ExploitDevelopment #KernelSecurity

ngl gang i might have got a bit lost in the sauce with this one, but if you're curious about how mmap() is implemented, check out part 2 of my memory management linternals series sam4k.com/linternals-exp…

We are back😎 Say hello to our kernelCTF submission for CVE-2025-37752🩸 Who would have thought you could pwn a kernel with just a 0x0000 written 262636 bytes out of bounds? Read the full writeup at: syst3mfailure.io/two-bytes-of-m… 👀

A great overview of the Linux Page Allocator 💯 syst3mfailure.io/linux-page-all…

with offensivecon around the corner, i figured id write another post on linux kernel exploitation techniques - this time i cover the world of page table exploitation! enjoy 🤓 sam4k.com/page-table-ker…