@chompie1337@0xBoku I faced the same scenario while writing a GPU exploit for some Android target (though I was successful in manipulating it). I believe after getting restrictions from the States, Anthropic has hardened some guardrails, even on the CVP-approved accounts.
💥 Introducing "Dirty Frag"
A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail.
No race, no panic on failure, fully deterministic. ~9 years latent.
Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more.
Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation.
Details:
https://t.co/9nqku4svkY
I've been seeing posts all over about the state of CTFs post-LLM. I've seen many attempts to explain why this is just a new evolution of CTFs, but I fundamentally disagree. I believe the original spirit is gone and I've written why in my blog.
https://t.co/tgUZOGkhGV
@sirdarckcat Fully agree, AI is going to massively scale VR by exploring at speeds and depths humans can't match alone. However, the real power comes when experienced hunters stay in the loop as expert navigators and mechanics..
Patch your Linux boxes!
https://t.co/VWOUDbLAn2 is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.
Found by the teams at @theori_io and @xint_official
More details below
https://t.co/9f6T96PvPX
@saghul@bnoordhuis@Openwall@solardiz Since nobody's looked into the email and you closed the GH report, I opened this discussion to see if someone else, maybe a more experienced security researcher, can take a look at this bug and offer a perspective.
Extended the Pixel 8 KGDB article with the instructions on how to set up GEF. slub-dump, buddy-dump, and some other commands now work. Huge thanks to @bata_24 for implementing all required pieces.
https://t.co/dgz0HQllmP
pidfd_getfd (Linux 5.6+) can steal file descriptors across processes.
Blog covers the full technique e.g. why obvious approaches fail, kernel internals and shellcode design.
https://t.co/EfLmUQPsoa
#kernel#exploitdev#infosec