The last vulnerability I found was related to the driver of one of the Asus services that allowed reading and writing on the physical memory. This vulnerability was patched and I will probably publish a writeup about it in the future.
#vulnerability#0day#zeroday
Beginners intro to Linux kernel fuzzing and vulnerability research by @slava_moskvin_
Part 1: https://t.co/b61r4je69j
Part 2: https://t.co/DQ8j6YfN2C
Part 3: https://t.co/Myjt0BpsPy
#Linux#cybersecurity
A great write-up of a VMware Workstation guest-to-host escape (CVE-2023-20870/CVE-2023-34044 and CVE-2023-
20869) exploit by Alex Zaviyalov has just been published!
Eternal-Tux: Crafting a Linux Kernel KSMBD 0-Click RCE Exploit from N-Days
William Liu @cor_ctf posted an article about exploiting a slab object overflow (CVE-2023-52440) and remote infoleak (CVE-2023-4130) in the kernel SMB3 daemon to gain RCE
https://t.co/kqvwX9NbSK
Bootchain exploit for MediaTek devices
PoC exploit for a vulnerability in the Nothing Phone (2a) / CMF Phone 1 secure boot chain (and possibly other MediaTek devices).
https://t.co/XM7Ausg6gs
Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130)
https://t.co/Cbk9MBo91v
Cheers to @u1f383 for finding these CVEs + the OffensiveCon talk from gteissier & @laomaiweng for inspiration!
ksmbd - Fuzzing Improvements and Vulnerability Discovery
Another article by @73696e65 about fuzzing the ksmbd module with syzkaller.
https://t.co/0xVehcOrYu
The #POC published in this repository for the vulnerability with ID #CVE-2023-23415 is actually a #Trojan!
#> Repository: hxxps://github.com/wh-gov/CVE-2023-23415
#> IP: 106.12.252. 10
#APT#CVE_2023_23415