Exploit Development
-
Pixel GPU Exploit: A kernel exploit for Pixel7/8 Pro with Android 14
github.com GitHub - 0x36/Pixel_GPU_Exploit: A kernel exploit for Pixel7/8 Pro with Android 14A kernel exploit for Pixel7/8 Pro with Android 14 - GitHub - 0x36/Pixel_GPU_Exploit: A kernel exploit for Pixel7/8 Pro with Android 14
- qriousec.github.io Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991
Introduction Hi, I am Trung (xikhud). Last month, I joined Qrious Secure team as a new member, and my first target was to find and reproduce the security bugs that @bienpnn used at the Pwn2Own Vancouver 2023 to escape the VirtualBox VM. Since VirtualBox is an open-source software, I can just downloa...
- blog.solidsnail.com From Terminal Output to Arbitrary Remote Code Execution
It was the year of the Linux desktop 1978. Old yellowed computers were not yet old, nor yellowed. Digital Equipment Corporation released the first popular terminal to support a standardized in-band encoding for control functions, the VT100.
cross-posted from: https://infosec.pub/post/2466014
> This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.
-
No More Speculation: Exploiting CPU Side-Channels for Real
bughunters.google.com Blog: No More Speculation: Exploiting CPU Side-Channels for RealCPU vulnerabilities are a widespread problem, yet they are not well understood and are generally hard to mitigate. Some of these vulnerabilities affect nearly all modern processors, regardless of running software. This blog explores their impact on real-life systems.
-
iOS 17: New Version, New Acronyms
www.df-f.com iOS 17: New Version, New Acronyms — Dataflow ForensicsOur goal at DFF is to reveal any threats on mobile devices, and that requires us to keep up to date with every single version of Android and iOS, including the beta and "Developer Preview" phases. Often, these are the under-the-hood, undocumented changes which have the real impact on opera
-
CVE-2023-2033
github.com GitHub - mistymntncop/CVE-2023-2033Contribute to mistymntncop/CVE-2023-2033 development by creating an account on GitHub.
- blog.isosceles.com An Introduction to Exploit Reliability
Earlier this year I was invited to give a talk at University of California San Diego (UCSD) for Nadia Heninger's CSE 127 ("Intro to Computer Security"). I chose to talk about modern exploit development, stepping through the process of finding and exploiting some of the memory corruption bugs that th...
- securityintelligence.com MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis
Unpack the remote code execution vulnerability impacting the Microsoft Message Queueing service — CVE-2023-21554, a.k.a. QueueJumper.
- googleprojectzero.blogspot.com Summary: MTE As Implemented
By Mark Brand, Project Zero In mid-2022, Project Zero was provided with access to pre-production hardware implementing the ARM MTE specifi...
-
CVE-2023-3389 - Exploiting a vulnerability in the io_uring subsystem of the Linux kernel
qyn.app CVE-2023-3389 - LinkedPollExploiting a vulnerability in the io_uring subsystem of the Linux kernel.
- h0mbre.github.io Escaping the Google kCTF Container with a Data-Only Exploit
IntroductionI’ve been doing some Linux kernel exploit development/study and vulnerability research off and on since last Fall and a few months ago I had some downtime on vacation to sit and challenge myself to write my first data-only exploit for a real bug that was exploited in kCTF. io_ring has be...
- blog.isosceles.com The Legacy of Stagefright
Introduction Every so often a piece of security research will generate a level of excitement and buzz that's palpable. Dan Kaminsky's DNS bug, Barnaby Jack's ATM Jackpotting, Chris Valasek and Charlie Miller's Jeep hacking escapades. There's something special about the overheard conversations, the ...
- starlabs.sg prctl anon_vma_name: An Amusing Linux Kernel Heap Spray
TLDR prctl PR_SET_VMA (PR_SET_VMA_ANON_NAME) can be used as a (possibly new!) heap spray method targeting the kmalloc-8 to kmalloc-96 caches. The sprayed object, anon_vma_name, is dynamically sized, and can range from larger than 4 bytes to a maximum of 84 bytes. The object can be easily allocated a...
-
CVE-2023-35086 POC - ASUS routers format string vulnerability
github.com GitHub - tin-z/CVE-2023-35086-POC: POC of CVE-2023-35086 only DoSPOC of CVE-2023-35086 only DoS. Contribute to tin-z/CVE-2023-35086-POC development by creating an account on GitHub.
- starlabs.sg A new method for container escape using file-based DirtyCred
Recently, I was trying out various exploitation techniques against a Linux kernel vulnerability, CVE-2022-3910. After successfully writing an exploit which made use of DirtyCred to gain local privilege escalation, my mentor Billy asked me if it was possible to tweak my code to facilitate a container...
- vulncheck.com Exploiting MikroTik RouterOS Hardware with CVE-2023-30799 - Blog - VulnCheck
VulnCheck develops an exploit that gets a root shell on MikroTik RouterOS.
- blog.exodusintel.com Shifting boundaries: Exploiting an Integer Overflow in Apple Safari - Exodus Intelligence
By Vignesh Rao Overview In this blog post, we describe a method to exploit an integer overflow in Apple WebKit due to a vulnerability resulting from incorrect range computations when optimizing Javascript code. This research was conducted along with Martin Saar in 2020. We show how to convert this i...
- starlabs.sg TheHole New World - how a small leak will sink a great browser (CVE-2021-38003)
Introduction CVE-2021-38003 is a vulnerability that exists in the V8 Javascript engine. The vulnerability affects the Chrome browser before stable version 95.0.4638.69, and was disclosed in October 2021 in google’s chrome release blog, while the bug report was made public in February 2022. The vulne...
- docs.google.com V8 Sandbox - Code Pointer Sandboxing
V8 Sandbox - Code Pointer Sandboxing Author: saelo@ First Published: December 2022 Last Updated: July 2023 Status: Living Doc Visibility: PUBLIC This document is part of the V8 Sandbox Project and discusses the design of code pointer sandboxing to ensure secure control-flow transfers into and ...