Recent Posts 2020-09-04T00:00:00+10:05 DUASYNT Information Security - Locating the kernel PGD on Android/arm64 2020-12-21T18:40:00+10:05 Vitaly Nikolenko Locating the kernel PGD / swapper_pg_dir on Android/arm64 as a post-exploitation technique 2020-12-21T18:40:00+10:05 UAO (User Access Override) as a mitigation against addr_limit overwrites 2020-09-04T18:10:00+10:05 Vitaly Nikolenko UAO (User Access Override) implementation details in the Linux/Android kernel as mitigation against the addr_limit overwrite kernel exploitation technique 2020-09-04T18:10:00+10:05 SELinux RKP misconfiguration on S20 devices 2020-08-13T20:50:00+10:05 Vitaly Nikolenko Samsung S20 RKP misconfiguration allowing trivial SELinux bypass 2020-08-13T20:50:00+10:05 Google Pixel UART serial cable 2017-01-10T19:10:00+10:05 Vitaly Nikolenko 2017-01-10T19:10:00+10:05 Exploiting MS14-068 - just another pentest 2014-12-10T20:46:00+10:05 Vitaly Nikolenko MS14-068 exploitation to gain domain Administrator privileges 2014-12-10T20:46:00+10:05 Linux Kernel universal heap spray 2018-10-23T21:38:00+10:05 Vitaly Nikolenko Universal Linux kernel heap spray 2018-10-23T21:38:00+10:05 CVE-2016-6187: Exploiting Linux kernel heap off-by-one 2016-10-16T20:38:00+10:05 Vitaly Nikolenko CVE-2016-6187 heap off-by-one exploit 2016-10-16T20:38:00+10:05 VMware + Linux 3.x PoC 2016-06-13T12:10:00+10:05 Vitaly Nikolenko VMware + Linux 3.x 0day 2016-06-13T12:10:00+10:05 Latest and greatest PoC CVE-2016-0728 not working? 2016-01-22T11:38:00+10:05 Vitaly Nikolenko Public CVE-2016-0728 exploit not working? 2016-01-22T11:38:00+10:05 Linux Kernel ROP (Part 1) - Ropping your way to # 2016-01-17T17:39:00+10:05 Vitaly Nikolenko In part 1 of this tutorial we demonstrate how a Linux kernel ROP chain can be constructed to elevate user privileges 2016-01-17T17:39:00+10:05 CVE-2014-4699: Linux Kernel ptrace/sysret vulnerability analysis 2014-07-21T18:52:00+10:05 Vitaly Nikolenko Exploitation of the CVE-2014-4699 sysret Linux kernel vulnerability 2014-07-21T18:52:00+10:05 CVE-2014-4014: Linux Kernel Local Privilege Escalation "exploitation" 2014-06-19T18:23:00+10:05 Vitaly Nikolenko Exploitation of CVE-2014-4014: incorrect use of inode_capable() in user namespaces 2014-06-19T18:23:00+10:05 Differences in VMware hardware versions for exploit writers 2014-06-07T14:19:00+10:05 Vitaly Nikolenko VMware hardware versions prior to 9 do not support SMEP even if the CPU supports it 2014-06-07T14:19:00+10:05 Linux kernel root exploit not working? 2014-06-04T21:21:00+10:05 Vitaly Nikolenko If your Linux kernel exploit not working, check if SMEP is supported by your CPU 2014-06-04T21:21:00+10:05 CVE-2014-2851 group_info UAF Exploitation 2016-01-02T00:10:00+10:05 Vitaly Nikolenko This is a case study for the use-after-free vulnerability which was assigned CVE-2014-2851 and affected Linux kernels through 3.14.1 2016-01-02T00:10:00+10:05 CVE-2014-4943 - PPPoL2TP DoS Analysis 2015-10-01T18:38:00+10:05 Vitaly Nikolenko CVE-2014-4943 PPPoL2TP vulnerability DoS analysis - exploiting differences between PPPoL2TP and UDP sockets 2015-10-01T18:38:00+10:05 Linux kernel module autoloading 2019-07-23T14:29:00+10:05 Michael S Brief introduction to the Linux kernel autoloading process which significantly increases the kernel attack surface 2019-07-23T14:29:00+10:05 CVE-2019-2215 Android Binder Use-after-free on Samsung S9 2020-01-04T12:21:00+10:05 Michael S Binder exploit on Samsung S9 devices 2020-01-04T12:21:00+10:05 CVE-2019-15666 Ubuntu / CentOS / RHEL Linux Kernel 4.4 - 4.18 privilege escalation 2020-01-15T16:38:00+10:05 Vitaly Nikolenko Ubuntu 18.04 16.04 14.04 / CentOS 8 / RHEL 8 kernel local privilege escalation 2020-01-15T16:38:00+10:05