Bonfee

28 posts

Bonfee

@Bonfee1

Security researcher | CTF @aboutblankets

EL3 Katılım Aralık 2020

264 Takip Edilen794 Takipçiler

Bonfee retweetledi

Marco Bonelli@mebeim·11 Eki

Pwners in Paris

Bonfee retweetledi

ECSC2024@ecsc2024·10 Eki

Hi @discord! We are hosting @ecsc2024 right now and we have our IP banned, we opened a ticket without answers, can you please write us? DM or info@ecsc2024.it ⚠️

English

16.9K

Bonfee retweetledi

mhackeroni@mhackeroni·15 Ağu

New faces + old faces, playing DEF CON CTF and @hack_a_sat in parallel. Proud of us. 🍝

English

201

24.7K

Bonfee@Bonfee1·2 Ağu

Cool kernel pwn challenge from corCTF 2023, CVE-2023-0461 + kCFI + limited set of available syscalls

English

155

16.9K

Bonfee@Bonfee1·29 May

Qualified for DEFCON Finals with @aboutblankets and @mhackeroni

English

12.1K

Bonfee@Bonfee1·29 May

🚩

Marco Bonelli@mebeim

O boi this year we have to play 2 events at the same time :O see you in Vegas! @mhackeroni (🚫🍍)

ART

1.6K

Bonfee@Bonfee1·3 Nis

Lets go 🔥 awesome sleep deprivation weekend 😂

Marco Bonelli@mebeim

GG WP! 2nd place at @hack_a_sat 4 w/ @mhackeroni and @aboutblankets ❤️🇮🇹🛰️ now onto hacking a real satellite I guess :')

English

2.1K

Bonfee@Bonfee1·15 Eki

@hexacon_fr was amazing, congrats to the organizers :)

English

Bonfee@Bonfee1·3 Eki

The challenge was awesome, especially the Hyper-V VM escape part See you in Paris 😄

Hexacon@hexacon_fr

Since we are on the home stretch, we will close the challenge on the 7/10/2022 at 20:00 GMT so you'd better hurry😊 We also have our first winner in the student category: @Bonfee1! A big shout out to him, he won fair and square his entry to Hexacon and hotel stay! #HEXACON2022

English

Bonfee@Bonfee1·27 Mar

The bug was assigned CVE-2022-0995. Here is the exploit: github.com/Bonfee/CVE-202…. 1 bit oob write is all it takes :)

English

134

431

Bonfee@Bonfee1·24 Mar

@BruteBee It's not that one :)

English

Brute Bee@BruteBee·24 Mar

@Bonfee1 It does, CVE-2022-27666 :)

English

Bonfee@Bonfee1·23 Mar

Another Ubuntu 21.10 LPE :) This bug doesn't even have a CVE yet. To pwn it I used the same technique described here: google.github.io/security-resea…. I'll clean the code just a bit, before releasing it

English

243

750

Bonfee@Bonfee1·23 Mar

@alexjplaskett 👀

QME

Alex Plaskett@alexjplaskett·23 Mar

@Bonfee1 Heh does the commit hash fixing the bug end in 2?

English

Bonfee@Bonfee1·23 Mar

@alexjplaskett Nope :)

English

Alex Plaskett@alexjplaskett·23 Mar

@Bonfee1 Nice one! Your vuln object is on the kmalloc-2k cache? Interested to know if I know this bug 😂

English

Bonfee@Bonfee1·23 Mar

@clubby789 yep, it was introduced in 5.x

English

Jamie Hill-Daniel@clubby789·23 Mar

@Bonfee1 Nice one - is this another bug that was introduced in 5.x, or does it go back further?

English

Bonfee@Bonfee1·23 Mar

( Just to be clear, this is not a 0 day, i only saw the commit fixing the bug and developed the exploit for it. )

English

Bonfee@Bonfee1·23 Mar

@raesene @Terenceliqiang With the proper ropchain yes. If you are talking specifically about google kctf, then no because the kernel is compiled without the required CONFIG_ :(

English

Rory McCune@raesene·23 Mar

@Bonfee1 @Terenceliqiang Nice! Does this one do container breakout like 2021-22555 ?

English

Bonfee@Bonfee1·7 Mar

CVE-2022-25636 exploit - LPE on Ubuntu 21.10, using the FUSE technique ( which i first saw from @cor_ctf ). I also developed an exploit which is not using FUSE, but for now: github.com/Bonfee/CVE-202…. I'll soon publish a writeup with the exploitation details.

English

Bonfee@Bonfee1·4 Şub

It finally arrived :)

English

Bonfee@Bonfee1·20 Kas

#nohat @nohatcon

QME

Keşfet

@discord @ecsc2024 @hack_a_sat @aboutblankets @mhackeroni @hexacon_fr @BruteBee @alexjplaskett