ZDI-24-821: A Remote UAF in The Kernel's net/tipc
In this post I discuss a vulnerability which allows a local, or remote attacker, to trigger a use-after-free in the TIPC networking stack on affected installations of the Linux kernel.…
Exploring Linux's New Random Kmalloc Caches
Let's explore the modern kernel heap exploitation meta and how the new RANDOM_KMALLOC_CACHES tries to address it.…
Analysing Linux Kernel Commits
Tag along as I talk about a half finished project, looking at analysing Linux kernel commits for interesting security fixes.…
Linternals: The Slab Allocator
This time we're going to build on that and introduce another memory allocator found within the Linux kernel, the slab allocator, and it's various flavours. So buckle up as we dive into the exciting world of SLABs, SLUBs and SLOBs.…
So You Wanna Pwn The Kernel?
My aim for this post is to provide some insights for getting into Linux kernel vulnerability research and exploit development…
Kernel Exploitation Techniques: modprobe_path
Let's kick things off with a modern day staple for local privilege escalation (LPE) in Linux Kernel Exploitation, modprobe_path.…
LiKE: A Series on Linux Kernel Exploitation
Thought the Linternals series was hype? Get ready for the even SEO friendlier LiKE, a series on Linux kernel exploitation.…
Linternals: Introducing Memory Allocators & The Page Allocator
I know you've all been waiting for it, that's right, we're going to be taking a dive into another exciting aspect of Linux internals: memory allocators!…