- [Exploit Writing Tutorials](corelan.be/index.php/categor…) - Basic ASM primer for x86: - [x86 Assembly Guide](cs.virginia.edu/~evans/cs216…) - Every ISO on the planet for VMs: - [dl.bobpony](dl.bobpony.com) - [A Guide to KernelExploitation](repo.zenk-security.com/Techn…)

Check out our latest research and blog post: If you are working in offensive security you cannot miss this one out: exploitpack.com/blogs/news/d… #offensivesecurity #kernelexploitation #redteam #kernel #windowssecurity #infosec #cybersecurity #Pentest #cybersec

🚨 Meet #CrackArmor. What happens when vulnerabilities are found in the very security module designed to protect your Linux system? I am incredibly proud to share the latest research from our team at the Qualys Threat Research Unit (TRU). We have uncovered CrackArmor: a set of 9 vulnerabilities in AppArmor, the default Linux Security Module protecting millions of Ubuntu, Debian, and SUSE systems. The TRU team discovered a fundamental "confused-deputy" flaw that allows any unprivileged local user to arbitrarily load, replace, or remove AppArmor profiles. But they didn't stop there. By creatively chaining this logic flaw, the team demonstrated multiple paths for Local Privilege Escalation (LPE) to full ROOT: 🔥 User-Space LPE: Weaponizing AppArmor to force a "fail-open" state in Sudo, leveraging Postfix for root access. (Note: Postfix is not installed by default on modern Ubuntu, and this Sudo issue was independently found and fixed by ZeroPath in Nov 2025.) 🔥Kernel-Space LPEs: Exploiting deeply buried memory corruption bugs (including a Use-After-Free and Double-Free) to achieve root despite modern kernel mitigations like CONFIG_RANDOM_KMALLOC_CACHES and CONFIG_SLAB_BUCKETS. 🔥 Namespace Bypass: A complete bypass of Ubuntu’s unprivileged user-namespace restrictions. ⚠️ Urgent Note for Defenders: Patches officially landed upstream in Linus’s tree today. However, due to the new Linux kernel assignment process, CVEs have not been assigned yet. Do not wait for a CVE ID to trigger your vulnerability scanners—start reviewing your patching strategy now! Qualys customers can use QID 386714 - AppArmor Local Privilege Escalation Vulnerability (CrackArmor), which was just released. 🙏Thank you to the Canonical, Debian, SUSE, and Linux Kernel security teams for their coordination. #CyberSecurity #Linux #AppArmor #CrackArmor #QualysTRU #InfoSec #KernelExploitation #ThreatResearch #Qualys blog.qualys.com/vulnerabilit…

If you're interested in Windows kernel exploitation, there is a new technical post live on our blog exploitpack.com/blogs/news/b… #WindowsInternals #KernelExploitation #CyberSecurity #VBS #HVCI #ReverseEngineering #ExploitDevelopment #MalwareAnalysis #RedTeam #WindowsKernel #InfoSec

A new training just kicked off: Vulnerability Hunting for the Windows Kernel. exploitpack.com/products/vul… #KernelExploitation #WindowsKernel #VulnerabilityResearch #ExploitDevelopment #ReverseEngineering #CyberSecurityTraining #oscp #KernelSecurity #BugHunting #Pentesting #InfoSec

Exploit Pack's New Training: Vulnerability Hunting for the Windows Kernel. exploitpack.com/products/vul… #KernelExploitation #WindowsKernel #ReverseEngineering #CyberSecurityTraining #SecurityResearch #BugHunting #Pentesting #InfoSec

Weaponizing Windows Drivers: A Hacker's Guide for Beginners #WindowsDrivers #KernelExploitation #BYOVD #StaticAnalysis #CybersecurityGuide securityjoes.com/post/weapon…

Kernel memory exposure remains one of the most underestimated attack surfaces. Shell restrictions are meaningless when the kernel is wide open. Read more: versprite.com/blog/the-shell… #CyberSecurity #KernelExploitation #Infosec

From debug tool to jailbreak — Matias Ramirez from our OffSec team escaped a router’s restricted shell using direct kernel memory access. You can now check the blog post! versprite.com/blog/the-shell… #KernelExploitation #IoTSecurity #MIPSAssembly

Threat Actors are now weaponizing #WindowsKernel loaders for more stealthy and flexible attacks. By using signed kernel loaders TA has the ability to adjust their attacks on the fly, leaving minimal forensic traces making it harder to detect. Out of 600 signed #maliciousdrivers (2020-2025), 32% of them were kernel loaders,often retrieving payloads from command-and-control (C2) servers or from the registry or local disk. #KernelExploitation #Infosec

At #NullconGoa2025, Alla Vamsi Krishna and Kandi Abhishek Reddy walked us through Kernel Conquest — a deep dive into a Use-After-Free vulnerability and RCU exploitation techniques. Watch Now: youtu.be/P80azJb95V8?feature… #KernelExploitation #CloudSecurity #Azure #LinuxKernel

Android Kernel Exploitation Lab 🚀 🔥 focused on CVE-2019-2219, a Use-After-Free(UAF) vulnerability in Binder. This lab provides a hands-on environment to analyze, exploit and understand kernel security in Android. github.com/0xbinder/android-… #AndroidSecurity #KernelExploitation

Exciting news! 🚀 Our comprehensive Windows Kernel Exploitation Foundation and Advanced class will be conducted @_ringzer0! This intensive course combines the essentials of both Foundation and Advanced levels, guiding you through the process of kernel exploitation. From exploiting bugs in Windows kernel mode drivers to bypassing advanced exploit mitigations, gain hands-on experience in a wide range of critical topics. 🛠️🖥️ 📅 Week 1: Feb 10-17, 2024 📍 Virtual Training 🕒 32 CPE Hours Key Learning Objectives: * Understand Windows kernel debugging and internals * Master exploit development techniques in kernel mode * Bypass advanced exploit mitigations like kASLR, SMEP, and KPTI/KVA Shadow * Develop Arbitrary Read/Write primitives Who should attend? * InfoSec professionals * Bug hunters & Red teamers * Windows exploit & driver developers * Ethical hackers looking to upgrade to kernel level 🌟 Course culminates in a CTF challenge where you can apply your newly acquired skills! ringzer0.training/trainings/… #WKE #WindowsKernel #Exploitation #Training #ring0 #InfoSec #CyberSecurity #KernelExploitation

This thread is saved to your Notion database. Tags: [Kernelexploitation]

POC for Linux privilege escalation Vulnerability "CVE-2022-2602" Poc: github.com/kiks7/CVE-2022-26… Article: blog.hacktivesecurity.com/in… #infosec #privesc #linux #linuxexploits #kernelexploitation #binaryexploitation #exploitation Credits: @hacktivesec @kiks7_7 @LukeGix

Should have more subs💥💯 youtube.com/playlist?list=PL… resources: github.com/LMS57/TempleOfPwn #pwn #rop #heapexploitation #kernelexploitation

first day of #kernelexploitation training @44CON done! awesome training! thanks @HackSysTeam :)

Soon @HackSysTeam will be again in #Poland to teach Windows #KernelExploitation: x33fcon.com/#!t/ashfaq.md If you are interested in this topic, check it out - I attended his training last year and was really cool. // @x33fcon

RT @hasherezade: Starting with Windows #KernelExploitation – part 3 – stealing the Access Token: hshrzd.wordpress.com/2017/06…