Kernel Exploitation

2025

Kernel Exploitation Techniques: Turning The (Page) TablesMay 7, 2025

This post explores attacking page tables as a Linux kernel exploitation technique for gaining powerful read/write primitives.

2024

ZDI-24-821: A Remote UAF in The Kernel's net/tipcJuly 3, 2024

In this post I discuss a vulnerability which allows a local, or remote attacker, to trigger a use-after-free in the TIPC networking stack on affected installations of the Linux kernel.

2023

Exploring Linux's New Random Kmalloc CachesNovember 3, 2023

Let's explore the modern kernel heap exploitation meta and how the new RANDOM_KMALLOC_CACHES tries to address it.

Analysing Linux Kernel CommitsFebruary 7, 2023

Tag along as I talk about a half finished project, looking at analysing Linux kernel commits for interesting security fixes.

2022

So You Wanna Pwn The Kernel?September 1, 2022

My aim for this post is to provide some insights for getting into Linux kernel vulnerability research and exploit development

Kernel Exploitation Techniques: modprobe_pathJuly 4, 2022

Let's kick things off with a modern day staple for local privilege escalation (LPE) in Linux Kernel Exploitation, modprobe_path.

LiKE: A Series on Linux Kernel ExploitationJuly 4, 2022

Thought the Linternals series was hype? Get ready for the even SEO friendlier LiKE, a series on Linux kernel exploitation.

CVE-2022-0435: A Remote Stack Overflow in The Linux KernelFebruary 15, 2022

Recently I discovered a vulnerability in the Linux kernel that's been lurking there since 4.8 (July 2016)! CVE-2022-0435 is a remotely and locally exploitable stack overflow in the TIPC networking module of the Linux kernel