https://duasynt.com/feed.atomRecent Posts2020-09-04T00:00:00+10:05DUASYNT Information Security-https://duasynt.com/training_registerTraining session - Linux kernel exploitation techniques on x86_642022-04-03T09:00:00+10:05trainings@duasynt.com6 - 9 June 2022 (7am - 3pm UTC) / ONLINE delivery2022-04-03T09:00:00+10:05https://duasynt.com/blog/linux-kernel-heap-feng-shui-2022Linux kernel heap feng shui in 20222022-05-10T14:50:00+10:05Michael S, Vitaly NikolenkoLinux kernel heap feng shui in 20222022-05-10T14:50:00+10:05https://duasynt.com/blog/android-pgd-page-tablesLocating the kernel PGD on Android/arm642020-12-21T18:40:00+10:05Vitaly NikolenkoLocating the kernel PGD / swapper_pg_dir on Android/arm64 as a post-exploitation technique2020-12-21T18:40:00+10:05https://duasynt.com/blog/android-uao-kernel-expl-mitigationUAO (User Access Override) as a mitigation against addr_limit overwrites2020-09-04T18:10:00+10:05Vitaly NikolenkoUAO (User Access Override) implementation details in the Linux/Android kernel as mitigation against the addr_limit overwrite kernel exploitation technique2020-09-04T18:10:00+10:05https://duasynt.com/blog/samsung-s20-rkp-selinux-disableSELinux RKP misconfiguration on S20 devices2020-08-13T20:50:00+10:05Vitaly NikolenkoSamsung S20 RKP misconfiguration allowing trivial SELinux bypass2020-08-13T20:50:00+10:05https://duasynt.com/blog/google-pixel-uart-serial-cableGoogle Pixel UART serial cable2017-01-10T19:10:00+10:05Vitaly Nikolenko2017-01-10T19:10:00+10:05https://duasynt.com/blog/ms14-068-exploitation-pentestExploiting MS14-068 - just another pentest2014-12-10T20:46:00+10:05Vitaly NikolenkoMS14-068 exploitation to gain domain Administrator privileges2014-12-10T20:46:00+10:05https://duasynt.com/blog/linux-kernel-heap-sprayLinux Kernel universal heap spray2018-10-23T21:38:00+10:05Vitaly NikolenkoUniversal Linux kernel heap spray2018-10-23T21:38:00+10:05https://duasynt.com/blog/cve-2016-6187-heap-off-by-one-exploitCVE-2016-6187: Exploiting Linux kernel heap off-by-one2016-10-16T20:38:00+10:05Vitaly NikolenkoCVE-2016-6187 heap off-by-one exploit2016-10-16T20:38:00+10:05https://duasynt.com/blog/vmware-linux-pocVMware + Linux 3.x PoC2016-06-13T12:10:00+10:05Vitaly NikolenkoVMware + Linux 3.x 0day2016-06-13T12:10:00+10:05https://duasynt.com/blog/cve-2016-0728-poc-not-workingLatest and greatest PoC CVE-2016-0728 not working?2016-01-22T11:38:00+10:05Vitaly NikolenkoPublic CVE-2016-0728 exploit not working?2016-01-22T11:38:00+10:05https://duasynt.com/blog/linux-kernel-rop-part1Linux Kernel ROP (Part 1) - Ropping your way to #2016-01-17T17:39:00+10:05Vitaly NikolenkoIn part 1 of this tutorial we demonstrate how a Linux kernel ROP chain can be constructed to elevate user privileges2016-01-17T17:39:00+10:05https://duasynt.com/blog/cve-2014-4699-linux-kernel-ptrace-sysret-analysisCVE-2014-4699: Linux Kernel ptrace/sysret vulnerability analysis2014-07-21T18:52:00+10:05Vitaly NikolenkoExploitation of the CVE-2014-4699 sysret Linux kernel vulnerability2014-07-21T18:52:00+10:05https://duasynt.com/blog/cve-2014-4014-local-privilege-escalationCVE-2014-4014: Linux Kernel Local Privilege Escalation "exploitation"2014-06-19T18:23:00+10:05Vitaly NikolenkoExploitation of CVE-2014-4014: incorrect use of inode_capable() in user namespaces2014-06-19T18:23:00+10:05https://duasynt.com/blog/vmware-hardware-version-exploit-devDifferences in VMware hardware versions for exploit writers2014-06-07T14:19:00+10:05Vitaly NikolenkoVMware hardware versions prior to 9 do not support SMEP even if the CPU supports it2014-06-07T14:19:00+10:05https://duasynt.com/blog/linux-kernel-exploit-not-workingLinux kernel root exploit not working?2014-06-04T21:21:00+10:05Vitaly NikolenkoIf your Linux kernel exploit not working, check if SMEP is supported by your CPU2014-06-04T21:21:00+10:05https://duasynt.com/blog/cve-2014-2851-group_info-use-after-free-exploitationCVE-2014-2851 group_info UAF Exploitation2016-01-02T00:10:00+10:05Vitaly NikolenkoThis is a case study for the use-after-free vulnerability which was assigned CVE-2014-2851 and affected Linux kernels through 3.14.12016-01-02T00:10:00+10:05https://duasynt.com/blog/cve-2014-4943-pppol2tp-dos-analysisCVE-2014-4943 - PPPoL2TP DoS Analysis2015-10-01T18:38:00+10:05Vitaly NikolenkoCVE-2014-4943 PPPoL2TP vulnerability DoS analysis - exploiting differences between PPPoL2TP and UDP sockets2015-10-01T18:38:00+10:05https://duasynt.com/blog/linux-kernel-module-autoloadingLinux kernel module autoloading2019-07-23T14:29:00+10:05Michael SBrief introduction to the Linux kernel autoloading process which significantly increases the kernel attack surface2019-07-23T14:29:00+10:05https://duasynt.com/blog/cve-2019-2215-android-binder-uaf-s9CVE-2019-2215 Android Binder Use-after-free on Samsung S92020-01-04T12:21:00+10:05Michael SBinder exploit on Samsung S9 devices2020-01-04T12:21:00+10:05https://duasynt.com/blog/ubuntu-centos-redhat-privescCVE-2019-15666 Ubuntu / CentOS / RHEL Linux Kernel 4.4 - 4.18 privilege escalation2020-01-15T16:38:00+10:05Vitaly NikolenkoUbuntu 18.04 16.04 14.04 / CentOS 8 / RHEL 8 kernel local privilege escalation2020-01-15T16:38:00+10:05