Short version: while poking at GitHub Enterprise Server (GHES) for an unrelated reason the day after Christmas, I noticed an unvalidated Kernel#send() call in …
Introduction Wi-Fi routers have always been an attractive target for attackers. When taken over, an attacker may gain access to a victim’s internal …
Introduction The prevalence of memory corruption bugs persists, posing a persistent challenge for exploitation. This increased difficulty arises from …
Back in January 2023, I tasked one of our web security interns, River Koh (@oceankex), to perform n-day analysis of CVE-2022-46164 as part of his internship …
Brief I may have achieved successful exploitation of a SharePoint target during Pwn2Own Vancouver 2023. While the live demonstration lasted only approximately …
During my internship, I have been researching and trying to find bugs within the nftables subsystem. In this blog post, I will talk about a bug I have found, as …
We are excited to embark on a series of teardowns to explore the inner workings of various devices. In this particular teardown, our focus will be on the …
Recently, I was trying out various exploitation techniques against a Linux kernel vulnerability, CVE-2022-3910. After successfully writing an exploit which made …
TLDR prctl PR_SET_VMA (PR_SET_VMA_ANON_NAME) can be used as a (possibly new!) heap spray method targeting the kmalloc-8 to kmalloc-96 caches. The sprayed …
Background The discovery and analysis of vulnerabilities is a critical aspect of cybersecurity research. Today, we will dive into CVE-2023-1829, a vulnerability …