PageJack: A Powerful Exploit Technique With Page-Level UAF blackhat.com/us-24/briefing… Slides: i.blackhat.com/BH-US-24/Prese… Repository: github.com/Lotuhu/Page-UAF WP: arxiv.org/abs/2401.17618 Zhiyun Qian, Jiayi Hu, Jinmeng Zhou, Qi Tang & Wenbo Shen Zhiyun Qian

EC #37 is out and it's stacked 🗞️ hypr (find me on bluesky) pops the same bug 4 different ways A Linux LPE from ii4gsp Pwn2Own Automative exploits from Sector 7 Chrome and Windows ITW bugs ft S K, j j, 1377 High-yield Nukes, DARKNAVY + Jobs and more 👇 blog.exploits.club/exploits-club-…

CVE-2020-27786 ( Race Condition + Use-After-Free ) ii4gsp.github.io/cve-2020-27786/ #Pentesting #CyberSecurity #Infosec

🚨 New Linux Kernel vulnerability (CVE-2024-27394) discovered & patched by Theori! 🔗 blog.theori.io/deep-dive-into… Our researcher V4bel at #Theori identified a critical #UAF vulnerability in TCP-AO caused by a race condition in the #RCU API. Using techniques from the ExpRace paper,

Found a 0-day in the Linux Kernel TCP a while back and finally sharing the details!

finally had some spare time to publish the exploit code and a short explanation. you can see it here: b17fr13nds.github.io/posts/kernel_e…

Slides and recording from my "SLUB Internals for Exploit Developers" talk at LSS (@[email protected]) yesterday 🥳 Slides: docs.google.com/presentation/d… Slides PDF: static.sched.com/hosted_files/l… Recording: youtu.be/WWQh4yAoXME?t=…

Updates for the Linux kernel exploitation collection 😋 github.com/xairy/linux-ke…

Earlier this year, I used a 1day to exploit the kernelCTF VRP LTS instance. I then used the same bug to write a universal exploit that worked against up-to-date mainstream distros for approximately 2 months. osec.io/blog/2024-11-2…

I just released our kernelCTF VSock 0-day write-up with qwerty . (exp196/exp197, CVE-2024-50264) github.com/google/securit… We made history by being the first to exploit VSock in kernelCTF, expanding its known attack vectors. 🥳 It’s a pretty *simple* race condition, right?

KernelSnitch: Side-Channel Attacks on Kernel Data Structures Paper by Lukas Maar et al. about using a timing side-channel for leaking addresses of exploitation-relevant kernel structures. lukasmaar.github.io/papers/ndss25-…

More interesting than the previous one I guess. Still one left to do, it's a stable race vulnerability, but idk whether I can reduce the race time actually😶‍🌫️ github.com/nightuhu/secur…

I tried my hand at exploiting an nday on the Google Container Optimized OS instance in kCTF but sadly was very late to the party. Here is my exploit write-up for it. I learned a lot during the process, let me know what you think. I'll post TL;DR in thread h0mbre.github.io/Patch_Gapping_…

🚨 New advisory was just published! 🚨 An out-of-bounds write vulnerability in the Linux kernel achieves local privilege escalation on Ubuntu 22.04 for active user sessions: ssd-disclosure.com/ssd-advisory-l…

If you ever think there are no more bugs left to find… this Linux kernel bug was just patched yesterday and existed for 5 YEARS

Exploiting an OOB write vulnerability in Netfiler Ipset u1f383.github.io/linux/2025/01/… Credits Pumpkin 🎃 #cybersecurity

Slides of my talk at #Zer0Con2025! ⚡️ Kernel-Hack-Drill: Environment For Developing Linux Kernel Exploits ⚡️ I presented the kernel-hack-drill open-source project and showed how it helped me to exploit CVE-2024-50264 in the Linux kernel. Enjoy! a13xp0p0v.github.io/img/Alexander_…

I've released a blog series about modern Linux kernel exploitation, where you can learn some advanced techniques used in real-world kernel exploits. Enjoy! r1ru.github.io/categories/lin…

We are back😎 Say hello to our kernelCTF submission for CVE-2025-37752🩸 Who would have thought you could pwn a kernel with just a 0x0000 written 262636 bytes out of bounds? Read the full writeup at: syst3mfailure.io/two-bytes-of-m… 👀

Linux >=6.9: broken AF_UNIX MSG_OOB handling causes UAF read+write project-zero.issues.chromium.org/issues/4230239…