Revisiting CVE-2017-11176 with another Data-Only Attack (CFI 4/4)
Originally exploited by LEXFO, we’ll convert it into a data-only attack by overwriting an in-memory Linux configuration setting (core_pattern), gaining root ...
Recent Posts
Revisiting CVE-2017-7308 with a Data-Only Attack (CFI 3/4)
Originally exploited by Google Project Zero, we’ll convert it into a data-only attack by overwriting the task’s creds to gain root access.
From Crash Report to Root Access: Building a Kernel Exploit (CFI 2/4)
Building a data-only exploit from scratch, from an out-of-bounds bug. We’ll cover heap grooming, privilege escalation, and more.
LLVM-CFI and the Linux Kernel (CFI 1/4)
Exploring how Control-Flow Integrity works in the Linux kernel, why it helps, and where it still falls short, especially against data-only attacks.