Had a lot of fun reversing Coruna over the last couple weeks and decided it would be worth to write it all up before I forget - so enjoy :)
https://t.co/DWld4SWgf6
this is so insane. kCTF has a first-come-first-serve policy when it comes to 0day bounties when an instance releases. this team hand crafted a proof of work solver with avx-512 instructions to beat everyone else with an 0day to the flag: https://t.co/98hBSAFLum
[CVE-2025-37752] Two Bytes Of Madness: Pwning The Linux Kernel With A 0x0000 Written 262636 Bytes Out-Of-Bounds
Great article by D3vil about exploiting a type confusion in the network scheduler subsystem and pwning all kernelCTF instances.
https://t.co/lpZyXYFM3w
Just saw it mentioned on LWN, handy site for checking which distros enable a certain config option: https://t.co/vIJhYoqSXQ... Just replace UTS_RELEASE with whatever config option name minus CONFIG_, for example: https://t.co/L8QGPAYwGF...
In 2020, I solved a gnarly reverse engineering challenge in PlaidCTF. Only 9 teams solved.
It's a huge pile of Typescript. Everything is named after a fish.
The catch? There's no code, only types. How do they perform computation using just the type system?
(Spoiler: Circuits!)
🤯 The depth of our core team's debugging skills never ceases to amaze us.
ClickHouse Cloud instances on GCP were freezing with maxed-out CPU—but only in GCP?! 🧩
https://t.co/Vpj0mhEc1q
🔍 To fix it, Sergei Trifonov had to go deep into the Linux kernel with eBPF tracing & flame graphs to uncover a hidden livelock in memory management.
I tried my hand at exploiting an nday on the Google Container Optimized OS instance in kCTF but sadly was very late to the party. Here is my exploit write-up for it. I learned a lot during the process, let me know what you think. I'll post TL;DR in thread
https://t.co/dmLfonmkc4
RULECOMPILE - Undocumented Ghidra decompiler rule language. A blog post about how frustration with poor decompilation led me to dive deep into Ghidra's decompiler to discover (and reverse-engineer) - an obscure, undocumented DSL
https://t.co/Xh107IknTa
#reverseengineering#ghidra
The award-winning Qualys Threat Research Unit (TRU) has discovered a critical vulnerability in OpenSSH, designated CVE-2024-6387 and aptly named "regreSSHion." This Remote Code Execution bug grants full root access, posing a significant exploitation risk. https://t.co/uDHHSuzd5f
Better late than never!
The slides of our talk "Attacking Samsung Galaxy A* Boot Chain" at @offensive_con can be found here: https://t.co/P6gtwDftBp
The video is also available: https://t.co/RnGuJHOIJA
A detailed analysis of a Samsung in-the-wild exploit, attributed by TAG to a commercial surveillance vendor. All 3 bugs were 0-day at the time of the discovery of the sample. 1/3
https://t.co/o972gigMT3
Here are the slides of our @hexacon_fr talk about breaking the privileged components of Huawei's mobile devices.
Thanks to everyone who attended, we hoped you liked it, and stay tuned for the upcoming blog posts!
https://t.co/z2vpMNZQAb
This is probably the most complex exploit I've done so far. A UAF in Android kernel freed by kfree_rcu (introduces a delay) in a tight race + kCFI + Samsung RKP. Yet its still possible to gain arbitrary kernel RW, disable SE and root from untrusted app. https://t.co/u8iD42ZC7B
Today we're publishing a detailed technical writeup of FORCEDENTRY, the zero-click iMessage exploit linked by Citizen Lab to the exploitation of journalists,
activists and dissidents around the world. https://t.co/RYsqpTHF5j
Here is a follow-up blogpost detailing how we attacked Samsung RKP. We reveal 3 vulnerabilities we have used to compromise the security hypervisor and its assurances. We also explain our exploitation paths and look at the patches released by Samsung.
https://t.co/nItABvWMoD