#exploitdevelopment — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #exploitdevelopment, aggregated by home.social.
-
Drupal Rushes Security Fix to Plug High-Risk Bug
Drupal is rushing out a critical security update today to fix a high-risk bug that could be exploited by hackers within hours of the patch being released. The update is a core security release aimed at plugging a vulnerability that poses a significant threat to users.
#DrupalSecurityUpdate #HighRiskVulnerability #CoreSecurityRelease #EmergingThreats #ExploitDevelopment
-
Security Researchers Uncover 47 Zero-Days at Pwn2Own Berlin
In a thrilling three-day competition, security researchers at Pwn2Own Berlin uncovered a staggering 47 zero-day vulnerabilities, raking in nearly $1.3 million in prize money, with the Devcore Research Team taking home a whopping $505,000. The top prizes included a $200,000 award for a VMware ESXi exploit and a $100,000 prize for a…
#ZeroDay #Pwn2ownBerlin #VulnerabilityResearch #ExploitDevelopment #Trendai
-
Autonomous Teaming Closes Defenders' Speed Gap
The alarmingly rapid pace of cyber threats has left defenders scrambling to keep up, with the time from vulnerability disclosure to working exploit dwindling from 56 days in 2024 to a staggering 10 hours in 2026. Meanwhile, defenders are still stuck on human time, struggling to match the lightning-fast speed of attackers who now operate…
#VulnerabilityManagement #ExploitDevelopment #AutonomousTeaming #Cve #EmergingThreats
-
Exploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03)
Today I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a comprehensive roadmap for vulnerability exploitation:
https://exploitreversing.com/2026/04/28/exploiting-reversing-er-series-article-09/
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit editions built on the cldflt.sys heap overflow.
[+] PreviousMode Edition: Exploit cldflt.sys via WNF OOB + Pipe Attributes + ALPC + _KTHREAD.PreviousMode flip: elevation of privilege of a regular user to SYSTEM.
[+] PPL Bypass Edition: Exploit cldflt.sys via WNF OOB + PreviousMode flip + _EPROCESS.Protection strip + MiniDumpWriteDump: elevation of regular user to SYSTEM.
[+] Solid Reliability: Two complete, stable exploits, including a multi-step cleanup phase that restores the corrupted pipe attribute Flink and _KTHREAD.PreviousMode before process exit, preventing crash on cleanup.This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
The following articles will continue the miniseries about iOS and Chrome, which are my areas of research.
Enjoy the reading and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow
-
Exploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03)
Today I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a comprehensive roadmap for vulnerability exploitation:
https://exploitreversing.com/2026/04/28/exploiting-reversing-er-series-article-09/
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit editions built on the cldflt.sys heap overflow.
[+] PreviousMode Edition: Exploit cldflt.sys via WNF OOB + Pipe Attributes + ALPC + _KTHREAD.PreviousMode flip: elevation of privilege of a regular user to SYSTEM.
[+] PPL Bypass Edition: Exploit cldflt.sys via WNF OOB + PreviousMode flip + _EPROCESS.Protection strip + MiniDumpWriteDump: elevation of regular user to SYSTEM.
[+] Solid Reliability: Two complete, stable exploits, including a multi-step cleanup phase that restores the corrupted pipe attribute Flink and _KTHREAD.PreviousMode before process exit, preventing crash on cleanup.This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
The following articles will continue the miniseries about iOS and Chrome, which are my areas of research.
Enjoy the reading and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow
-
Exploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03)
Today I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a comprehensive roadmap for vulnerability exploitation:
https://exploitreversing.com/2026/04/28/exploiting-reversing-er-series-article-09/
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit editions built on the cldflt.sys heap overflow.
[+] PreviousMode Edition: Exploit cldflt.sys via WNF OOB + Pipe Attributes + ALPC + _KTHREAD.PreviousMode flip: elevation of privilege of a regular user to SYSTEM.
[+] PPL Bypass Edition: Exploit cldflt.sys via WNF OOB + PreviousMode flip + _EPROCESS.Protection strip + MiniDumpWriteDump: elevation of regular user to SYSTEM.
[+] Solid Reliability: Two complete, stable exploits, including a multi-step cleanup phase that restores the corrupted pipe attribute Flink and _KTHREAD.PreviousMode before process exit, preventing crash on cleanup.This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
The following articles will continue the miniseries about iOS and Chrome, which are my areas of research.
Enjoy the reading and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow
-
Exploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03)
Today I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a comprehensive roadmap for vulnerability exploitation:
https://exploitreversing.com/2026/04/28/exploiting-reversing-er-series-article-09/
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit editions built on the cldflt.sys heap overflow.
[+] PreviousMode Edition: Exploit cldflt.sys via WNF OOB + Pipe Attributes + ALPC + _KTHREAD.PreviousMode flip: elevation of privilege of a regular user to SYSTEM.
[+] PPL Bypass Edition: Exploit cldflt.sys via WNF OOB + PreviousMode flip + _EPROCESS.Protection strip + MiniDumpWriteDump: elevation of regular user to SYSTEM.
[+] Solid Reliability: Two complete, stable exploits, including a multi-step cleanup phase that restores the corrupted pipe attribute Flink and _KTHREAD.PreviousMode before process exit, preventing crash on cleanup.This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
The following articles will continue the miniseries about iOS and Chrome, which are my areas of research.
Enjoy the reading and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow
-
Exploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03)
Today I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a comprehensive roadmap for vulnerability exploitation:
https://exploitreversing.com/2026/04/28/exploiting-reversing-er-series-article-09/
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit editions built on the cldflt.sys heap overflow.
[+] PreviousMode Edition: Exploit cldflt.sys via WNF OOB + Pipe Attributes + ALPC + _KTHREAD.PreviousMode flip: elevation of privilege of a regular user to SYSTEM.
[+] PPL Bypass Edition: Exploit cldflt.sys via WNF OOB + PreviousMode flip + _EPROCESS.Protection strip + MiniDumpWriteDump: elevation of regular user to SYSTEM.
[+] Solid Reliability: Two complete, stable exploits, including a multi-step cleanup phase that restores the corrupted pipe attribute Flink and _KTHREAD.PreviousMode before process exit, preventing crash on cleanup.This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
The following articles will continue the miniseries about iOS and Chrome, which are my areas of research.
Enjoy the reading and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow
-
AI Models Accelerate Vulnerability Discovery, Pressing Defenders to Adapt
The double-edged sword of AI: while it's being used to help developers, it's also become a powerful tool for attackers to rapidly discover and exploit software flaws, forcing defenders to scramble to keep up. As AI-powered vulnerability discovery accelerates, the pressure is on for defenders to adapt and…
#VulnerabilityDiscovery #AiModels #EmergingThreats #ExploitDevelopment #ThreatIntelligence
-
"Our internal evaluations showed that Opus 4.6 generally had a near-0% success rate at autonomous #ExploitDevelopment But #MythosPreview is in a different league.
For example, Opus 4.6 turned the vulnerabilities it had found in Mozilla’s Firefox 147 JavaScript engine—all patched in Firefox 148—into JavaScript shell exploits only two times out of several hundred attempts. We re-ran this experiment as a benchmark for Mythos Preview, which developed working #exploits 181 times, and achieved register control on 29 more."
-
The eighth article of the Exploiting Reversing Series (ERS) is now live. Titled “Exploitation Techniques | CVE-2024-30085 (Part 02)” this 91-page technical guide offers a comprehensive roadmap for vulnerability exploitation:
https://exploitreversing.com/2026/03/31/exploiting-reversing-er-series-article-08/
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit versions leveraging the I/O Ring mechanism.
[+] Exploit ALPC + WNF OOB + Pipe Attributes + I/O Ring: elevation of privilege of a regular user to SYSTEM.
[+] Replaced ALPC one-shot write with Pipe Attribute spray for I/O Ring RegBuffers corruption: more reliable adjacency control.
[+] Exploit WNF OOB + I/O Ring Read/Write: elevation of privilege of a regular user to SYSTEM.
[+] Pure I/O Ring primitive: eliminated ALPC dependency entirely. WNF overflow directly corrupts I/O Ring RegBuffers for arbitrary kernel read/write.
[+] Solid Reliability: Two complete, stable exploits, including an improved cleanup stage.This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
Enjoy the read and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow #ioring
-
The eighth article of the Exploiting Reversing Series (ERS) is now live. Titled “Exploitation Techniques | CVE-2024-30085 (Part 02)” this 91-page technical guide offers a comprehensive roadmap for vulnerability exploitation:
https://exploitreversing.com/2026/03/31/exploiting-reversing-er-series-article-08/
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit versions leveraging the I/O Ring mechanism.
[+] Exploit ALPC + WNF OOB + Pipe Attributes + I/O Ring: elevation of privilege of a regular user to SYSTEM.
[+] Replaced ALPC one-shot write with Pipe Attribute spray for I/O Ring RegBuffers corruption: more reliable adjacency control.
[+] Exploit WNF OOB + I/O Ring Read/Write: elevation of privilege of a regular user to SYSTEM.
[+] Pure I/O Ring primitive: eliminated ALPC dependency entirely. WNF overflow directly corrupts I/O Ring RegBuffers for arbitrary kernel read/write.
[+] Solid Reliability: Two complete, stable exploits, including an improved cleanup stage.This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
Enjoy the read and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow #ioring
-
The eighth article of the Exploiting Reversing Series (ERS) is now live. Titled “Exploitation Techniques | CVE-2024-30085 (Part 02)” this 91-page technical guide offers a comprehensive roadmap for vulnerability exploitation:
https://exploitreversing.com/2026/03/31/exploiting-reversing-er-series-article-08/
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit versions leveraging the I/O Ring mechanism.
[+] Exploit ALPC + WNF OOB + Pipe Attributes + I/O Ring: elevation of privilege of a regular user to SYSTEM.
[+] Replaced ALPC one-shot write with Pipe Attribute spray for I/O Ring RegBuffers corruption: more reliable adjacency control.
[+] Exploit WNF OOB + I/O Ring Read/Write: elevation of privilege of a regular user to SYSTEM.
[+] Pure I/O Ring primitive: eliminated ALPC dependency entirely. WNF overflow directly corrupts I/O Ring RegBuffers for arbitrary kernel read/write.
[+] Solid Reliability: Two complete, stable exploits, including an improved cleanup stage.This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
Enjoy the read and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow #ioring
-
The eighth article of the Exploiting Reversing Series (ERS) is now live. Titled “Exploitation Techniques | CVE-2024-30085 (Part 02)” this 91-page technical guide offers a comprehensive roadmap for vulnerability exploitation:
https://exploitreversing.com/2026/03/31/exploiting-reversing-er-series-article-08/
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit versions leveraging the I/O Ring mechanism.
[+] Exploit ALPC + WNF OOB + Pipe Attributes + I/O Ring: elevation of privilege of a regular user to SYSTEM.
[+] Replaced ALPC one-shot write with Pipe Attribute spray for I/O Ring RegBuffers corruption: more reliable adjacency control.
[+] Exploit WNF OOB + I/O Ring Read/Write: elevation of privilege of a regular user to SYSTEM.
[+] Pure I/O Ring primitive: eliminated ALPC dependency entirely. WNF overflow directly corrupts I/O Ring RegBuffers for arbitrary kernel read/write.
[+] Solid Reliability: Two complete, stable exploits, including an improved cleanup stage.This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
Enjoy the read and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow #ioring
-
The eighth article of the Exploiting Reversing Series (ERS) is now live. Titled “Exploitation Techniques | CVE-2024-30085 (Part 02)” this 91-page technical guide offers a comprehensive roadmap for vulnerability exploitation:
https://exploitreversing.com/2026/03/31/exploiting-reversing-er-series-article-08/
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit versions leveraging the I/O Ring mechanism.
[+] Exploit ALPC + WNF OOB + Pipe Attributes + I/O Ring: elevation of privilege of a regular user to SYSTEM.
[+] Replaced ALPC one-shot write with Pipe Attribute spray for I/O Ring RegBuffers corruption: more reliable adjacency control.
[+] Exploit WNF OOB + I/O Ring Read/Write: elevation of privilege of a regular user to SYSTEM.
[+] Pure I/O Ring primitive: eliminated ALPC dependency entirely. WNF overflow directly corrupts I/O Ring RegBuffers for arbitrary kernel read/write.
[+] Solid Reliability: Two complete, stable exploits, including an improved cleanup stage.This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
Enjoy the read and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow #ioring
-
Master the "Gets()Buster" strategy: bypass strcpy() null-byte limits using partial return address overwrites and the Zero'ed Wall research methodology. https://hackernoon.com/the-house-of-gets-a-practical-bypass-for-the-null-byte-barrier #exploitdevelopment
-
34 zero-days in one day—hackers at Pwn2Own Ireland 2025 broke records and left no stone unturned, from browsers to mobile devices. Are our digital defenses ready for what’s coming?
#pwn2own2025
#zeroday
#cybersecurity
#vulnerabilityresearch
#infosec
#ethicalhacking
#securitytrends
#exploitdevelopment
#bugbounty -
For experienced hardware hackers: an advanced guide to fun with microcontrollers. Learn to pull firmware from single-chip computers, even when they're configured against extraction.
This book details a wide variety of techniques, so you can reproduce real-world chip exploits in your own lab. Plus, find encyclopedic coverage of vulnerabilities for your hardware security work.
https://nostarch.com/microcontroller-exploits
#HardwareSecurity #ReverseEngineering #Microcontroller #ExploitDevelopment #InfoSec
-
🇧🇪 Belgian Roots. Global Impact. 🌍
Corelan is more than just 🍟, 🍺 & 👶🏼🚿.
We offer world-class Exploit Development Training for Windows:
🔹 Stack-based Exploit Dev
🔹 Heap Exploit Development MasterclassCrafted in 🇪🇺, respected worldwide 🌐.
Built by a researcher, for researchers 🧠.
Support European excellence in cybersecurity!
🎯 Sign up here → https://bit.ly/corelan-training
#CyberSecurity #ExploitDevelopment #Corelan #InfoSec #InvestInEurope #MadeInBelgium #Heap #Stack #Windows
-
New Encoding Technique Jailbreaks ChatGPT-4o To Write Exploit Codes https://cybersecuritynews.com/encoding-technique-jailbreaks-chatgpt-4o/ #CyberSecurityResearch #CybersecurityTrends #ExploitDevelopment #CyberSecurityNews #cybersecuritynews #CyberSecurity #AISecurity #Exploit
-
We’ve just published the third and final part in our new series on Windows kernel driver vulnerability research and exploitation.
Exploiting AMD atdcm64a.sys arbitrary pointer dereference - Part 3:
https://security.humanativaspa.it/exploiting-amd-atdcm64a-sys-arbitrary-pointer-dereference-part-3/In the previous articles, we covered the discovery of an arbitrary MSR read and an arbitrary pointer dereference vulnerability, and successfully confirmed them by putting together two PoCs. This time, we will craft a full exploit that chains both vulnerabilities to enable all privileges on Windows. Happy hacking!
#HumanativaGroup #HNSecurity #VulnerabilityResearch #ExploitDevelopment #Windows
-
Here’s a collection of the #SecurityAdvisories that I’ve published over the years:
https://github.com/0xdea/advisories
If you’re interested in #VulnerabilityResearch and #ExploitDevelopment, on @github and on the @hnsec blog you can also find a trilogy of talks on these topics that I delivered between 2019 and 2021:
https://github.com/0xdea/raptor_infiltrate19
https://github.com/0xdea/raptor_infiltrate20
https://github.com/0xdea/raptor_romhack21
I hope you’ll enjoy them!
-
Sometimes you write a quick, dirty & fugly thing and immediately feel disgusted by it. But it works, so does it matter in the end?
-
I implemented Ken Thompson’s Reflections on Trusting Trust (1984 Turing Award Lecture) compiler #backdoor for the GNU Compiler Collection (GCC). The backdoor maintains persistence by re-injecting itself to any new versions of the compiler built. The secondary payload modifies a test application by adding a backdoor password to allow authentication bypass:
$ cat testapp.c
#include <string.h>
#include <stdio.h>
#include <stdlib.h>int main(int argc, char **argv)
{
if (argc == 2 && !strcmp(argv[1], "secret"))
{
printf("access granted!\n");
return EXIT_SUCCESS;
}
else
{
printf("access denied!\n");
return EXIT_FAILURE;
}
}
$ gcc -Wall -O2 -o testapp.c -o testapp
$ ./testapp kensentme
access granted!
$I spent most time (around two hours) writing the generalized tooling that produces the final quine version of the malicious payload. Now that this is done, the actual code can be adjusted trivially to exploit more target code without any need to adjust the self-reproducing section of the code. This method of exploitation could be extended to target various binaries: SSH Server, Linux Kernel, Setuid binaries and similar. While itself written in C, the secondary payloads can target any programming languages supported by GCC.
It should be noted that GCC build checks for malicious compiler changes such as this. This check can – of course – also be bypassed. However, most serious projects have measures in place to avoid hacks of this nature.
Some links:
- Ken Thompson's "Reflections on Trusting Trust" paper: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
- David A. Wheeler: "Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers" https://dwheeler.com/trusting-trust/#hacking #exploitdevelopment #kenthompson #infosec #cybersecurity @vegard
-
@FrankGevaerts In this case I opted for replacing a root executed binary with a script that injects ssh pubkey to /root/.ssh/authorized_keys and then executes the real binary - this should be quite self-explanatory as the attacker can now just ssh as root. I also wanted to keep this as simple as possible to avoid 4th day of explaining basic concepts to #hackerone analyst. #exploit #ExploitDevelopment
-
SonicWall next-gen firewall (NGFW) series 6 and 7 devices are affected by 2 DoS #vulnerabilities that can lead to remote code execution (RCE): #CVE-2022-22274 and CVE-2023-0656. Bishop Fox research revealed that these issues are fundamentally the same, but exploitable at different HTTP URI paths. Read more & download our test script at our blog.
-
Your face when you realise that the #vulnerability you initially thought was only local is also remotely exploitable... #infosec #exploitdevelopment
-
I have an #exploit that takes 4 hours to trigger, with no obvious way to speed it up. Oh well, at least it should still give me #privesc to local SYSTEM. #infosec #hacking #exploitdevelopment
-
I once had a dilemma: I had found a stack buffer overflow from a system I could only access in highly restricted environment. Yet I wanted to develop a proper #exploit for it.
Reversing revealed that the #vulnerability itself was a really simple string copy buffer overflow. It was trivial to reproduce it in my own stand-in program with a function that would strcpy a command line argument string to fixed size char array. This would lead to the identical crash at the function epilogue.
At this stage I was just missing the gadgets. Analyzing the loaded DLLs revealed multiple libraries without ASLR, a prime candidate for the gadgets. But there was a problem: I would not have access to these DLLs: Even though the files were from a common software package, they were some really old and obscure version and I would not have access to them outside of the target environment. I then had a bright idea of actually calculating hashes of these files. I could then hunt the files from Virustotal and similar sources. I did find the DLLs (from some dubious FTP, as you do) and I adjusted the stand-in program to load the DLL libraries. I could then use normal tooling to hunt the necessary gadgets to produce the classic VirtualProtect + jmp to esp ropchain to execute arbitrary shellcode.
TL;DR; I created a working 0-day #RCE exploit without ever executing the attack against the actual target environment.
-
✨ Do you know what this is?
If so, answer the meaning of it in a single word.
Otherwise, simplify reply Nop.
-
DirtyCred Remastered: how to turn an UAF into Privilege Escalation
Articles:
https://exploiter.dev/blog/2022/CVE-2022-2602.htmlPoc:
https://github.com/LukeGix/CVE-2022-2602Credits: @kiks7_7 @LukeGix
#exploitdevelopment #infosec #binaryexploit
#kernelexploit #privilegeescalation #linux -
Lessons on Linux kernel exploit development:
https://breaking-bits.gitbook.io/breaking-bits/exploit-development/linux-kernel-exploit-development
https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/
#exploitdevelopment #infosec #exploit #exploitation
#kernelexploit #ring0 #privilegeescalation #linux -
💻 A Noob's Guide To ARM Exploitation
https://ad2001.gitbook.io/a-noobs-guide-to-arm-exploitation/introduction-to-stack-buffer-overflows
👉 ARM Basics
👉 Buffer overflows
👉 Integer overflows
👉 Rop chains
👉 Heap exploitation
👉 ARM64 exploitation and much more.#infosec #exploitation #binaryexploitation #ExploitDevelopment #reverseengineering
-
✨ Intro To Use Of ROP Gadgets To Bypass DEP
👉 DEP(Data Execution Prevention),a memory protection to mark memory pages as non-executable
👉 ROP(Return-oriented programming),technique to execute shellcode with protections such as DEP enabled
https://cybergeeks.tech/a-step-by-step-introduction-to-the-use-of-rop-gadgets-to-bypass-dep/ -
Exploiting CVE-2022-42703 - Bringing back the stack attack
#ExploitDevelopment #exploitation #linux #ProjectZero #KernelExploitation
-
Remote Code Execution in JXPath Library (CVE-2022-41852):
https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/