@foolisses profile picture
ulisses @foolisses

Mathematician gone InfoSec. Interested in the Linux kernel, vulnerability research & reverse engineering.

Joined August 2018
  • Tweets 292
  • Following 653
  • Followers 398
8 Photos and videos
Pinned Tweet
ulisses@foolisses
27 Mar 2024
Just published a post on exploiting CVE-2024-0582, a vulnerability in the Linux kernel that remained unpatched in Ubuntu for over two months. Hope you enjoy it! blog.exodusintel.com/2024/03…

Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu - Exodus Intelligence

By Oriol Castejón Overview This post discusses a use-after-free vulnerability, CVE-2024-0582, in io_uring in the Linux kernel. Despite the vulnerability being patched in the stable kernel in December...

blog.exodusintel.com
1
91
239
65,799
ulisses retweeted
c1bero@c1bero
Jun 8
If you want to see how one incorrectly placed exclamation mark in the Linux kernel's nftables subsystem can lead to a local privilege escalation, have a look at my blog post. It covers a technical analysis of the bug I found and how it can be exploited blog.exodusintel.com/2026/06…
12
21
2,641
ulisses retweeted
sam4k@sam4k1
May 8
here's a technical write-up i wrote on one of the kernel bugs we've found :)
bynario
@bynar_io
May 8
In the first of a three-part series, @sam4k1 does a technical deep dive on CVE-2026-31532: a race condition in the Linux kernel's SocketCAN subsystem discovered, validated, and patched by our pipeline. bynar.io/blog/discovery-vali…
2
14
67
10,908
ulisses retweeted
Gyorgy Miru (Gym)@gymiru
Feb 4
CFP is open for SAFACon Party! This is your chance to share your coolest research at an exclusive, invite-only conference. Sunshine, spanish vibes, food, drinks, party, heated VR debates are guaranteed. All your favorite VR folks will be there, so should you. Ping me for details
9
34
4,692
ulisses retweeted
SinSinology
@SinSinology
30 Dec 2025
🤌🔥 "Build a Fake Phone, Find Real Bugs Qualcomm GPU Emulation and Fuzzing with LibAFL QEMU" media.ccc.de/v/39c3-build-a-…

Build a Fake Phone, Find Real Bugs

Mobile phones are central to everyday life: we communicate, entertain ourselves, and keep vast swaths of our digital lives on them. That ...

media.ccc.de
1
55
290
26,564
ulisses retweeted
SAFA Team@SAFATeamApS
23 Dec 2025
It's official - #SAFACon 2026 will be held on the 8th of May in a secret location around Barcelona. Invites coming out from January, stay tuned for more info...
1
6
18
5,855
ulisses retweeted
SAFA Team@SAFATeamApS
4 Dec 2025
Our team discovered CVE-2025-13032, an LPE in the Avast sandbox driver! Read the story of a SYSTEM token heist involving a break-in and escape from the antivirus sandbox. Full details: safateam.com/intelligence-hu… #CVE #LPE #Antivirus #KernelExploit #WindowsSecurity

CVE-2025-13032: Entering and Breaking the Avast Antivirus Sandbox Part 1

Uncovering CVE-2025-13032: 4 kernel heap overflows in Avast Antivirus. Part 1 details the challenging sandbox manipulation of the $aswSnx$ kernel driver required to reach the vulnerability attack...

safateam.com
30
61
5,831
ulisses retweeted
Faith 🇧🇩🇦🇺@farazsth98
27 Oct 2025
Honey wake up, a new alternative to userfaultfd / FUSE for lengthening race windows just dropped!! github.com/google/security-r…
2
24
137
13,627
ulisses retweeted
Dmitry Vyukov@dvyukov
14 Oct 2025
First mention of x86 memory tagging (aka MTE) by both Intel and AMD (codename ChkTag): community.intel.com/t5/Blogs… amd.com/en/blogs/2025/amd-an… 🤘🤘🤘

ChkTag: x86 Memory Safety

ChkTag: x86 Memory Safety   Memory safety violations due to programming errors have long afflicted software. Industry and academia have been searching for solutions to this problem. As first noted in...

community.intel.com
2
28
129
32,293
ulisses retweeted
Crusaders of Rust@cor_ctf
14 Sep 2025
Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) willsroot.io/2025/09/ksmbd-0… Cheers to @u1f383 for finding these CVEs the OffensiveCon talk from gteissier & @laomaiweng for inspiration!
1:13
11
199
753
81,680
ulisses retweeted
Alexander Popov@a13xp0p0v
2 Sep 2025
My new article: "Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel"⚡️ I tell a bug collision story and introduce my pet project kernel-hack-drill, which helped me to exploit the hard bug that received @PwnieAwards 2025 a13xp0p0v.github.io/2025/09/…
4
85
257
34,679
ulisses retweeted
Andrey Konovalov@andreyknvl
28 Jul 2025
Documented instructions for setting up KGDB on Pixel 8. Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc. xairy.io/articles/pixel-kgdb

📲 Debugging the Pixel 8 kernel via KGDB

Instructions for getting kernel log, building custom kernel, and enabling KGDB on Pixel 8

xairy.io
5
144
462
34,804
ulisses retweeted
sam4k@sam4k1
7 May 2025
with offensivecon around the corner, i figured id write another post on linux kernel exploitation techniques - this time i cover the world of page table exploitation! enjoy 🤓 sam4k.com/page-table-kernel-…

Kernel Exploitation Techniques: Turning The (Page) Tables

This post explores attacking page tables as a Linux kernel exploitation technique for gaining powerful read/write primitives.

sam4k.com
5
79
295
16,750
ulisses@foolisses
7 May 2025
A great overview of the Linux Page Allocator 💯 syst3mfailure.io/linux-page-…

A Quick Dive Into The Linux Kernel Page Allocator

In recent years, with the rise of new kernel mitigations - from CFI to Google's SLUB virtual to randomized slab caches - there has been a trend shift from slab-level object exploitation to page-level...

syst3mfailure.io
27
110
5,154
ulisses retweeted
Crusaders of Rust@cor_ctf
6 May 2025
We are back😎 Say hello to our kernelCTF submission for CVE-2025-37752🩸 Who would have thought you could pwn a kernel with just a 0x0000 written 262636 bytes out of bounds? Read the full writeup at: syst3mfailure.io/two-bytes-o… 👀

[CVE-2025-37752] Two Bytes Of Madness: Pwning The Linux Kernel With A 0x0000 Written 262636 Bytes...

CVE-2025-37752 is an Array-Out-Of-Bounds vulnerability in the Linux network packet scheduler, specifically in the SFQ queuing discipline. An invalid SFQ limit and a series of interactions between SFQ...

syst3mfailure.io
55
202
11,515
ulisses retweeted
sam4k@sam4k1
25 Apr 2025
ngl gang i might have got a bit lost in the sauce with this one, but if you're curious about how mmap() is implemented, check out part 2 of my memory management linternals series sam4k.com/linternals-explori…

Linternals: Exploring The mm Subsystem via mmap [0x02]

In this part we'll use our case study to explore how the Linux kernel maps private anonymous memory.

sam4k.com
14
58
4,024
ulisses retweeted
Kuzey Arda Bulut@kuzeyardabulut
16 Apr 2025
🚨 New Blog Post: Exploiting CVE-2024-0582 via the Dirty Page Table Method! Discover how dangling pages can corrupt Page Table Entries (PTEs) and redirect user-space memory to kernel-space. Read the full analysis: kuzey.rs/posts/Dirty_Page_Ta… #ExploitDevelopment #KernelSecurity

Exploiting CVE-2024-0582 via the Dirty Pagetable Method

Introduction This post discusses a popular exploitation method in today’s cybersecurity community. Specifically, we’ll dive into the Dirty Pagetable method by showcasing its use on a real-world page...

kuzey.rs
31
120
6,938
ulisses retweeted
Alexander Popov@a13xp0p0v
14 Apr 2025
Slides of my talk at #Zer0Con2025! ⚡️ Kernel-Hack-Drill: Environment For Developing Linux Kernel Exploits ⚡️ I presented the kernel-hack-drill open-source project and showed how it helped me to exploit CVE-2024-50264 in the Linux kernel. Enjoy! a13xp0p0v.github.io/img/Alex…
3
103
344
28,482
ulisses retweeted
Brad Spengler@spendergrsec
9 Apr 2025
Just saw it mentioned on LWN, handy site for checking which distros enable a certain config option: oracle.github.io/kconfigs/?c…... Just replace UTS_RELEASE with whatever config option name minus CONFIG_, for example: oracle.github.io/kconfigs/?c…...
8
29
5,788
ulisses retweeted
Attila Szasz@4ttil4sz1a
18 Mar 2025
CVE-2025-0927 details here! ssd-disclosure.com/ssd-advis…

SSD Advisory - Linux kernel hfsplus slab-out-of-bounds Write - SSD Secure Disclosure

Summary This advisory describes an out-of-bounds write vulnerability in the Linux kernel that achieves local privilege escalation on Ubuntu 22.04 for active user sessions. Credit An independent...

ssd-disclosure.com
41
136
20,256
ulisses retweeted
Anderson Nascimento
@andersonc0d3
16 Feb 2025
The Linux Memory Manager preorder and early access book nostarch.com/linux-memory-ma…
2
66
308
19,087
Load more