Ritam Dey

Kernel-Exploit-Dojo 📍 Curated archive of 100+ Linux kernel exploitation CTF challenges, organized by bug class, exploitation primitive, final technique, difficulty, and solve count. The goal is to organize practical kernel pwn techniques such as UAF, heap spraying, pipe_buffer abuse, msg_msg, modprobe_path overwrite, and cred overwrite. Resource: https://t.co/h1F2CD70Oc

SYSTEM isn't really kernel. HVCI wins. A writeup based on everything I've read with the sources I read them from. Options are limited. If anyone has HVCI research I haven't read, please dm me. Old cat needs new tricks. Making this shit default fucking killed half my will to live, even with 9 lives. https://t.co/xor8it7PA6

APC vs APC_LEVEL in Windows Kernel: APCs (Asynchronous Procedure Calls) are callbacks queued to execute in the context of a specific thread. - User APC: Runs in user mode when the thread enters an alertable wait. - Kernel APC: Runs in kernel mode for operations like I/O completion and thread management. - Special Kernel APC: Higher-priority kernel APC used for critical operations such as thread suspension or termination. *APC_LEVEL* is not an APC. It's an IRQL (Interrupt Request Level) in the Windows kernel. Used while processing kernel APCs. Prevents normal kernel APC delivery during sensitive operations. Represents the CPU's execution priority, not a queued callback.

If you have ever read the Linux kernel source code and have come across READ_ONCE(), WRITE_ONCE(), and barrier() macros without fully understanding them, the articles below will help clarify how they work. These are excellent resources to learn about memory barriers and different memory models. An introduction to lockless algorithms https://t.co/Itmz9262KA Lockless patterns: relaxed access and partial memory barriers https://t.co/VLhcIuyTVN Lockless patterns: full memory barriers https://t.co/mBWJdNyGdo Linux Kernel Memory Barriers https://t.co/x5t9imNTDE Memory Model and Synchronization Primitive - Part 1: Memory Barrier https://t.co/Wy6EMF7w63 Memory Model and Synchronization Primitive - Part 2: Memory Model https://t.co/Aa7c2ynqH1

Fun fact: Redis, or any database. does not just stop when you hit `Ctrl+C` or when the OS decides to shut down. Databases need to handle termination with extreme care. This happens by trapping operating system signals like `SIGINT` and `SIGTERM` to ensure that active client commands finish executing and a final snapshot is safely persisted to disk before it says goodbye. Today, we dive into the source code of Redis to look at how production-grade databases implement graceful shutdown using signal handling. This is the 19th video in the Redis Internals series. Like always, we keep our focus on execution and not just theory, looking closely at how an open-source database coordinates with the operating system kernel to maintain data integrity and data consistency during its final moments. In the video, I talk about standard POSIX signals (`SIGINT`, `SIGTERM`, and even edge-case signals like `SIGSEGV`), how native processes trap these interrupts, and the critical problem of preventing abrupt connection termination We also dive directly into the Redis source code to see where it registers its signal handlers, and then we re-implement this exact graceful termination routine from scratch in Go. By the way, 19 videos are now live: 1. Why Single-Threaded Redis Is Fast 2. Writing a TCP Echo Server 3. Wire Protocols 4. Implementing RESP 5. Implementing PING 6. Understanding Event Loops 7. Implementing Event Loops 8. Implementing GET, SET, and TTL 9. Implementing DEL, EXPIRE, and Cleanup 10. Evictions and Implementing first-eviction 11. Implementing Command Pipelining 12. Implementing AOF Persistence 13. Objects, Encodings, and Implementing INCR 14. Implementing INFO and allkeys-random Eviction 15. The Approximated LRU Algorithm 16. Implementing the Approx LRU Algorithm 17. How Redis Caps Its Memory Usage 18. How and Why Redis Overrides Malloc 19. Graceful Shutdown using Signal Handling Hope this helps you better understand database internals and spark that engineering curiosity. Give it a watch.

【AIセキュリティ・脆弱性研究】月300ドルとAIエージェントで「自動N-day製造ライン」が完成、1人の研究者が実証した現実 「Claude Mythos Previewのような能力は、特別な機関だけの話ではない」——セキュリティ研究者Tyler Holmwoodが構築したパッチ差分解析パイプラインは、この命題を費用明細付きで証明した。毎月第2火曜日のMicrosoft Patch Tuesdayを自動処理し、AIエージェントがN-dayエクスプロイトのPoC（概念実証コード）を自律生成するこのシステム「PatchWatch + Pocsmith」の総コストは、APIトークン代約300ドルとTeamサブスクリプションのみだ。 システムの核心は2段構成だ。PatchWatchはMSRC APIからCVEリストを取得し、GhidriffでWindowsバイナリのパッチ前後の差分を解析して「どの関数に脆弱性が存在するか」をLLM用レポートに変換する。そのレポートを受け取ったPocsmithは、Claude Agent SDKで動作するエージェントがHyper-V仮想マシン上でカーネルデバッガを操作しながら仮説検証サイクルを回し、実際に動作するエクスプロイトを生成する。2026年4月のCVE（Microsoft Management ConsoleにおけるMOTWバイパスによる権限昇格）では「完全なコード実行」レベルのPoC生成に成功した。 Holmwoodが強調するのは「モデルではなくシステムがモートになる」という点だ。単一のフロンティアモデルの性能よりも、ツール・環境・自動化ループの組み合わせが実用性を左右する。PatchTuesdayからエクスプロイト生成までの時間軸が1人の研究者に手が届く水準にある今、防御側に残された現実的な回答はパッチ速度の最大化と攻撃到達面の最小化の徹底にある。 https://t.co/aSvQ6RK23i

So some subreddits which you can join to see their conversation are - r/selfhosted - r/Compilers - r/EmuDevs (emulator dev and reverse engineering stuffs) - r/GraphicsProgramming - r/EmuLangs (all the stuffs related to esoteric programming languages) - r/AskComputerScience - r/badcode (now its private) - r/ReverseEngineering - r/privacy checkout these sub reddits, their questions and their conversations are just goldmine ....

Here is the mystery of Coempt and why the tenders were modified to suit Coempt... 1. The Manipal Group (primarily through its division Manipal Global Education Services) holds a majority stake and controls the Coempt as its EdTech and digital examination arm. 2. T.V. Mohandas Pai - a highly prominent and vocal supporter of BJP - serves as the chairman of Manipal Global Education Services 3. Former BJP Union Minister Rajeev Chandrasekhar is a prominent alumnus of the Manipal Institute of Technology (MIT), which is a crown jewel of the Manipal Academy of Higher Education (MAHE)

This is an unbelievable piece of work by Sarthak and something that requires amplification. Let me explain what he found, in simple terms. Sarthak is a Class 12 student from the 2025-26 batch, one of the 17 lakh students whose answer sheets went through CBSE's new On-Screen Marking system. He spent days reading through CBSE's evaluation tenders, scraped all 576 tenders CBSE has issued, and tracked how the rules changed across three versions of the same tender. The core finding is that the company that won the contract to scan and grade 17 lakh students' answer sheets is Coempt Eduteck. Coempt used to be called Globarena Technologies. Globarena was the company behind the 2019 Telangana intermediate exam disaster, where software failures led to 3.8 lakh students getting wrong or missing marks, and 23 students died by suicide. A government committee found systemic failure and negligence. Six months later, Globarena rebranded to Coempt Eduteck. So a company with that track record won a contract to handle 17 lakh CBSE students. Sarthak's investigation is about how the rules were rewritten to let that happen. The tender was issued three times. > First tender, February 2025. It existed, then disappeared from the public GeM portal. Sarthak scraped all 576 CBSE tenders and this one was missing from the archive entirely. > Second tender, May 2025. Four companies applied including TCS and Coempt. All four failed the technical evaluation. Cancelled. > Third tender, August 2025. Coempt won. Between the second and third tender, a series of rule changes happened, and every single one made it easier for Coempt to qualify. Here is what changed, one by one. 01. The old rules disqualified any company with a history of abandoning work, failing to complete contracts, or financial weakness. The new rules deleted this clause entirely. Coempt's Telangana history stopped being a barrier. 02. The old rules disqualified any company that was "blacklisted earlier." The new rules changed this to "currently blacklisted." Because Globarena rebranded after Telangana, removing the word "earlier" effectively erased their past. 03. The rules required Rs 50 crore average turnover over three years. Coempt's exact average came to Rs 50.86 crore. They cleared the bar by less than 1%. Earlier, a smaller company had asked CBSE to lower the bar to Rs 30 crore for fairer competition. CBSE refused. So the bar was kept high enough to block small players, but sat exactly low enough for Coempt to scrape through. 04. Software maturity is measured on the CMMI scale, 1 to 5. The old rules required Level 5. The new rules dropped it to Level 3. Coempt is a Level 3 company. 05. The cooling-off period for engaging retired CBSE officials was cut from two years to one. This makes it easier to use recently retired insiders to influence the process. 06. The old rules required experience with large projects of at least 5 lakh students each. The new rules removed the student count and counted cumulative answer-book volume across small projects instead. Coempt has many small fragmented university contracts. This helped Coempt and hurt TCS. 07. The old rules required bidders to own their own data centre and disaster recovery centre on Indian soil. The new rules allowed third-party MeitY-empanelled cloud hosting. Coempt runs on AWS and Azure. This helped Coempt and hurt TCS, which owns its own data centres. It also means student data is no longer on sovereign, Indian infrastructure. 08. The old rules required the bidder to own or control the complete source code of its software. The new rules deleted this. Coempt's platform runs on Microsoft's proprietary IIS, which they don't own. 09. A last-minute corrigendum, issued right before bid submission, removed CBSE's own power to blacklist the firm if its software failed catastrophically. So even a Telangana-scale failure couldn't get Coempt banned from future government tenders. 10. The penalty structure shifted from punishing mistakes to punishing delays. The old rules fined the vendor for wrong scanning, merged pages, and unscanned books. The new rules dropped those and instead levied Rs 50,000 per day for delays. This incentivises rushed scanning over accurate scanning. 11. The old rules had a hard accuracy threshold, error rate not to exceed 0.5%. The new rules removed this number entirely. 12. The old rules specified proper book and robotics scanners. The new rules just say "sufficient scanners." The definition was vague enough that, as Sarthak notes, the scanning could be done with a phone on a stand. 13. On the security side, the contract required a VAPT (vulnerability and penetration test) certified by CERT-In before go-live, and a restricted beta phase before launch. The system clearly wasn't restricted, because the other researcher, Nisarga, was able to access it and find vulnerabilities four days before go-live. So the mandatory security audit appears to have been bypassed. These are more than a dozen rule changes, all between the failed tender and the winning tender, all pushing in the same direction, all benefiting the one company with the worst track record in the field. The security holes Nisarga found last week now have an explanation. The system was built by a vendor that was specifically allowed to skip the security certification, the source code ownership, the data sovereignty, and the quality thresholds the original rules demanded. Following things need to happen immediately; 1. An immediate CAG audit of the tender process. 2. A parliamentary debate on the topic. 3. An independent investigation into > Why the first tender vanished? > Why the disqualification clauses were deleted? > Why the turnover bar was held exactly where it was? > Why the security level was dropped? > Why the blacklisting power was removed at the last moment? Sarthak, this is genuinely exceptional investigative work. Far better than most journalists with full resources ever manage. Take a bow. :)

a professor at Illinois got frustrated with existing systems programming textbooks so he started a wikibook project and had students help write it it covers C, processes, threads, synchronization, memory allocation, networking, filesystems, scheduling and security all in one free PDF it eventually became the official textbook for CS 241 at UIUC with more than 1000 students taking the course every year written for people who already know how to code and want to understand what actually happens underneath