@0xnull007 SMEP only prevents execution of userspace codes. ROP is a code reuse technique, we're not putting actual codes, just addresses of codes that we want the kernel to return to. Those are still kernel codes.
Will post more later but: please check out @theori_io's landing page for AIxCC! We've got source code, agent traces, and blog posts to understand the system we built!
https://t.co/7IXCuj37EP
It's been 2 years since I last updated my blog, and 12 hours until the final result of AIxCC. This is a recap of my journey with @42_b3yond_6ug, our CRS, and a peek into other teams' CRSs thanks to @ctfradiooo.
https://t.co/KYsqS4jhAa
Team 42-b3yond-6ug successfully broke through in #AIxCC, advancing to the finals and winning a $2,000,000 prize provided by DARPA. During #DefCon, we had frank and in-depth exchanges with various teams. Keep up the good work, looking forward to seeing you again in 2025!
So #flareon9 has ended. It took me exactly 1 week to solve all the challenges this year. I've published all the short writeups with solve scripts for each challenge on my github: https://t.co/X18eZQCzGY
Some of the challenges were fun. My favorites are 7, 8, 9.
Check out corCTF kernel writeups!
FizzBuzz101's challenge shows a novel leakless + data-only technique to pwn Linux with a 6 byte overflow: https://t.co/CSlHt3GAI9
D3v17's CoRJail shows a novel technique used on kctf to achieve arb free with poll_list : https://t.co/SWcQe1aiQR
This Thursday @BlackHatEvents , I will be presenting our research on a kernel exploitation method named #DirtyCred. With DirtyCred, you could write an #DirtyPipe liked exploit that works on different kernels and ARCHs without code changes. Check it out https://t.co/Qip23PSHl7
Writeups for GoogleCTF 2022 "eldar" challenge. Probably one of the best reversing challenge I've ever solved! It's very complex and frustrating at times but also super interesting.
https://t.co/6EhQFzSdMy
"io_uring - new code, new bugs, and a new exploit technique" is a blog post made by our intern, @junr0n , today is his last day of internship
We wish him all the best for his future endeavors
Thanks to everyone on proof-reading it. We hope you enjoy it
https://t.co/BDsEGrTJX9
🔥 1/ In the last 6 months working on Linux kernel bug hunting/exploitation there has been a number of key resources which have been super useful (coming from a macOS/Windows background) to understand the state of things in 2022 🚀.
Here's a short🧵 to recognise this + thoughts:
Happy to finally publish my work on the two vulnerabilities in the Linux kernel I've found: CVE-2022-1015 and CVE-2022-1016! I'll be talking some background, a deeper look into nf_tables, and a local privilege escalation PoC! (code on my github)
https://t.co/8cummKtTHT
4th place at TetCTF 2022, nice start to the year! I spent most of the time writing a control flow de-obfuscator for the crackme challenge by @_lkmidas and @luibo_efiens using Angr and Binary Ninja. Here's the writeup: https://t.co/jCEi7aBn5j