| Tweetovi |
| renorobert proslijedio/la je tweet | ||
|
Andrea Fioraldi
@andreafioraldi
|
14. pro |
|
I repropose my notes about x86, Linux and virtualization in a single text file (~2500 lines only) for my fellow students in Sapienza.
gist.githubusercontent.com/andreafioraldi…
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
Brandon Falk
@gamozolabs
|
23. stu |
|
Pro-tip. Ever wonder what a structure _actually_ looks like in memory when it's full of unions, typedefs, etc? The `pahole` command (from the `dwarves` package) can take in an ELF with DWARF symbols and output the structures unrolled recursively. Example: gist.github.com/gamozolabs/0ec…
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
David Chiang
@david942j
|
23. lis |
|
Published the write-up of PoE - Path of Exploitation for HITCON CTF! Includes why and how I designed these challenges and how to exploit from the userspace program, the kernel, to QEMU!
david942j.blogspot.com/2019/10/offici…
|
||
|
|
||
|
renorobert
@renorobertr
|
18. lis |
|
@bsdaemon can I DM you regarding a submission to Intel?
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
Sebastian Österlund
@sirmc
|
17. lis |
|
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
Giuseppe `N3mes1s`
@gN3mes1s
|
13. ruj |
|
bhyvearm64: cpu and memory virtualization on ARMv8.0-A - papers.freebsd.org/2019/bsdcan/el…
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
Federico Bento
@uid1000
|
13. ruj |
|
"Control-Flow Integrity for the Linux kernel: A Security Evaluation" is the work I've done for my Masters thesis where I analyze how the PaX Team's (public) RAP holds up to stop ROP when applied to the Linux kernel. You may want to check out chapter 3.
alunos.dcc.fc.up.pt/~up201407890/T…
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
grsecurity
@grsecurity
|
11. ruj |
|
Patch-gapping is also highly relevant to the Linux kernel, where known vulns sit in the syzkaller dashboard or wait months for batches of fixes to be deployed in distro kernels twitter.com/XI_Research/st…
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
VUSec
@vu5ec
|
10. ruj |
|
More information on our project page: vusec.net/projects/netca…
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
Andrey Konovalov
@andreyknvl
|
4. ruj |
|
A Linux kernel CTF task that relies on a double-fetch/data-race introduced by the compiler for exploitation: rpis.ec/blog/tokyowest…
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
K³
@gr4yf0x
|
30. kol |
|
Short follow-up blog post about the #FreeBSD research on reference counter overflows. This time: Exploiting mqueuefs and how an #0day was identified during this. Full exploit included ;-) secfault-security.com/blog/FreeBSD-S…
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
teambi0s
@teambi0s
|
20. kol |
|
Writeup for #QEMU VM Escape found by our team member @vishnudevtj : blog.bi0s.in/2019/08/20/Pwn…
In the writeup, Vishnu describes how he found and exploited CVE-2019-14378 that was a pointer miscalculation bug in network backend of QEMU to get code execution!
#Exploitation pic.twitter.com/TzvSWZ9W67
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
Brandon Falk
@gamozolabs
|
19. kol |
|
Sushi Roll: A CPU research kernel with minimal noise for cycle-by-cycle micro-architectural introspection gamozolabs.github.io/metrology/2019…
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
Mehdi Talbi
@abu_y0ussef
|
25. srp |
|
Some of my notes on exploiting a FreeBSD Kernel vulnerability.
Thanks @Synacktiv
twitter.com/Synacktiv/stat…
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
night_f0x
@vishnudevtj
|
17. srp |
|
Here we go! My first VM Escape in qemu with default configuration. Will publish the exploit and more details when its fixed. Thanks @renorobertr @Th3_M3nt0r and @teambi0s for the inspiration and support ! pic.twitter.com/v6ptSgNM6z
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
Francisco Falcon
@fdfalcon
|
15. srp |
|
I wrote about CVE-2018-6924, a FreeBSD kernel memory disclosure vulnerability affecting the code that parses the ELF header of a binary prior to its execution:
blog.quarkslab.com/cve-2018-6924-…
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
Matthew Garrett
@mjg59
|
9. srp |
|
Longer form thoughts on bug bounties, NDAs and why you shouldn't complain about people turning them down: mjg59.dreamwidth.org/52432.html
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
RET2 Systems
@ret2systems
|
26. lip |
|
During #DEFCON Quals we discovered CPU-level errata... and then we exploited it: blog.ret2.io/2019/06/26/att…
#Intel #TSX #shellcoding pic.twitter.com/HNYCB1hR2S
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
Tony “Abolish ICE” Arcieri 🦀
@bascule
|
25. lip |
|
AMD-SEV: Platform DH key recovery via invalid curve attack (CVE-2019-9836) seclists.org/fulldisclosure…
|
||
|
|
||
| renorobert proslijedio/la je tweet | ||
|
Kira
@0xKira233
|
13. lip |
|
VM escape exploit for CVE-2019-6778 in QEMU. I'm too lazy to write an English version writeup, sorry for the inconvenience😅
github.com/Kira-cxy/qemu-…
|
||
|
|
||