another day, another universal linux LPE

I found the description of Intel Core CPUs hardware straps and the way to override them using JTAG (without any physical rework)

💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: dirtyfrag.io

Time to talk about this one. CopyFail (CVE-2026-31431) — a 732-byte Python script that roots every Linux distro shipped since 2017. 🧵

Our latest post details how we exploited Retbleed (a CPU vulnerability) to compromise a machine from a sandboxed process and VM! Curious? 👇 bughunters.google.com/blog/6…

Check out our first blog post about V8 CVE-2024-12695: bugscale.ch/blog/dissecting-…

looks like the AI MCP-assisted reverse engineering hype train is gaining steam! 🚂✨ in just the past few days, we've seen: • @itszn13 integrating MCP into @vector35’s Binary Ninja (x.com/itszn13/status/1903227…) • @JH_Pointer casually dropping his IDA MCP project, which I had to nerdsnipe myself into trying (github.com/MxIris-Reverse-En…, x.com/bl4sty/status/19046314…) • @mrexodia rolling out a clean (judging by a quick code quality check) MCP implementation for IDA (github.com/mrexodia/ida-pro-…) • @lauriewired dropping GhidraMCP for @NSAGov’s Ghidra (github.com/LaurieWired/Ghidr…) these tools are early-stage but already hint at the potential for interactive RE software running on (semi) autopilot. makes me wonder—should we formalize a set of MCP primitives across RE tools and unify them under one overarching framework? 🤔 of course, these aren’t silver bullets. but much like typical LLM usage, in the right hands, they could be powerful time-savers. curious to see what comes next! might be time for hacking competitions focused on small/constrained binaries to start thinking about countermeasures against AI-assisted cheesing. 👀

I've just published a new blog post detailing how I developed a deterministic kernel exploit for iOS. Enjoy! alfiecg.uk/2025/03/01/Trigon…

I have posted the slides for the talk @chompie1337 and I gave this past weekend at @h2hconference -> The Kernel Hacker’s Guide to the Galaxy: Automating Exploit Engineering Workflows #H2HC github.com/FuzzySecurity/H2H…

Slides for my talk at @h2hconference 2024: Diving into Linux kernel security 🤿 I described how to learn this complex area and knowingly configure the security parameters of your Linux-based system. And I showed my open-source tools for that purpose! a13xp0p0v.github.io/img/Alex…

Earlier this year, I used a 1day to exploit the kernelCTF VRP LTS instance. I then used the same bug to write a universal exploit that worked against up-to-date mainstream distros for approximately 2 months. osec.io/blog/2024-11-25-netf…

Slides & video from our @GrehackConf talk "Attacking Hypervisors - A Practical Case" are online! Learn how we exploited vulnerabilities to escape VirtualBox during Pwn2Own Vancouver 2024: reversetactics.com/publicati…

This research allowed me to find critical bugs in several electron applications by finding public n-day exploits for older versions of chrome and adapting them to the electron framework. github.com/p3rr0x/Blog/tree/… #BugBounty

We needed tools to perform advanced security investigations on iOS. But those tools didn’t exist yet... or weren’t openly available. So we created our own. We’ve fully emulated iOS on #QEMU using only open-source technologies. And this is just the beginning.

My WarCon slides about Ivanti Avalanche are public! I tried to do some mapping of the attack-surface, show the new auth mechanism and present some research ideas (things I didn't try). It also shows my first-ever fuzzing and memory corruption experience😆 github.com/thezdi/presentati…

DMAAUTH: A Lightweight Pointer Integrity-based Secure Architecture to Defeat DMA Attacks Slides usenix.org/system/files/usen… Paper usenix.org/system/files/usen… Video youtu.be/kc3qtpWkrkQ usenix.org/conference/usenix…

Dropped my slide for POC2024 on Linux kernel exploitation, including a journal from Pwn2Own Vancouver earlier this year. Enjoy 🙂. u1f383.github.io/slides/talk…

Today I published my first #Rust #crate to crates.io! crates.io/crates/rhabdomance… I’ll eventually publish an article on the @hnsec blog about it, but first there’s more work to do 💪 Many thanks to @xorpse for accepting my PRs to github.com/binarly-io/idalib…

Did you notice that the techniques used to evade AI censorship are basically the same patterns as the ones used in psychomanipulation? "Boiling the frog", fabricating higher cause to justify the means, etc, etc. [1/2]