Olivia
Online
cleptho
@cleptho
Вечная память
France
Joined November 2010
858 Following
272 Followers
9.4K Posts
another day, another universal linux LPE
I found the description of Intel Core CPUs hardware straps and the way to override them using JTAG (without any physical rework)
💥 Introducing "Dirty Frag"
A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail.
No race, no panic on failure, fully deterministic. ~9 years latent.
Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more.
Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation.
Details:
https://t.co/9nqku4svkY
Time to talk about this one.
CopyFail (CVE-2026-31431) — a 732-byte Python script that roots every Linux distro shipped since 2017. 🧵
https://t.co/j5f6AZq6BI
Our latest post details how we exploited Retbleed (a CPU vulnerability) to compromise a machine from a sandboxed process and VM!
Curious? 👇
https://t.co/CSD8kdlBjD
Check out our first blog post about V8 CVE-2024-12695: https://t.co/Y7e3aU4igb
looks like the AI + MCP-assisted reverse engineering hype train is gaining steam! 🚂✨
in just the past few days, we've seen:
• @itszn13 integrating MCP into @vector35’s Binary Ninja (https://t.co/UubdDGtxOh)
• @JH_Pointer casually dropping his IDA MCP project, which I had to nerdsnipe myself into trying (https://t.co/u8CAlNQnes, https://t.co/0ZmRuNZ5uj)
• @mrexodia rolling out a clean (judging by a quick code quality check) MCP implementation for IDA (https://t.co/fnux2d6gu2)
• @lauriewired dropping GhidraMCP for @NSAGov’s Ghidra (https://t.co/88EPm2z0z6)
these tools are early-stage but already hint at the potential for interactive RE software running on (semi) autopilot.
makes me wonder—should we formalize a set of MCP primitives across RE tools and unify them under one overarching framework? 🤔
of course, these aren’t silver bullets. but much like typical LLM usage, in the right hands, they could be powerful time-savers.
curious to see what comes next! might be time for hacking competitions focused on small/constrained binaries to start thinking about countermeasures against AI-assisted cheesing. 👀
I've just published a new blog post detailing how I developed a deterministic kernel exploit for iOS. Enjoy!
https://t.co/ah8qtW0CG5
I have posted the slides for the talk @chompie1337 and I gave this past weekend at @h2hconference -> The Kernel Hacker’s Guide to the Galaxy: Automating Exploit Engineering Workflows #H2HC
https://t.co/Cl8b58KkAv
Slides for my talk at @h2hconference 2024:
Diving into Linux kernel security 🤿
I described how to learn this complex area and knowingly configure the security parameters of your Linux-based system.
And I showed my open-source tools for that purpose!
https://t.co/5VXLNnuDe5
Earlier this year, I used a 1day to exploit the kernelCTF VRP LTS instance. I then used the same bug to write a universal exploit that worked against up-to-date mainstream distros for approximately 2 months.
https://t.co/vRjyHR9GOA
Slides & video from our @GrehackConf talk "Attacking Hypervisors - A Practical Case" are online! Learn how we exploited vulnerabilities to escape VirtualBox during Pwn2Own Vancouver 2024: https://t.co/c90C2pnmMa
This research allowed me to find critical bugs in several electron applications by finding public n-day exploits for older versions of chrome and adapting them to the electron framework.
https://t.co/kZKmvuABkq
#BugBounty
We needed tools to perform advanced security investigations on iOS. But those tools didn’t exist yet... or weren’t openly available.
So we created our own.
We’ve fully emulated iOS on #QEMU using only open-source technologies.
And this is just the beginning.
My WarCon slides about Ivanti Avalanche are public!
I tried to do some mapping of the attack-surface, show the new auth mechanism and present some research ideas (things I didn't try).
It also shows my first-ever fuzzing and memory corruption experience😆
https://t.co/FBeKGI16nJ
DMAAUTH: A Lightweight Pointer Integrity-based Secure Architecture to Defeat DMA Attacks
Slides
https://t.co/AGNPA3Bdc7
Paper
https://t.co/AeapqgEF86
Video
https://t.co/q72wc8NYtW
https://t.co/OQbMTcAdkS
Dropped my slide for POC2024 on Linux kernel exploitation, including a journal from Pwn2Own Vancouver earlier this year. Enjoy 🙂.
https://t.co/CUKKpErYMG
Did you notice that the techniques used to evade AI censorship are basically the same patterns as the ones used in psychomanipulation? "Boiling the frog", fabricating higher cause to justify the means, etc, etc. [1/2]
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers