Zhongyu Pei

@bestswngs could u teach me, master swing?

这周一个同学和我一起学习了下 CVE-2024-21762 这个漏洞，感觉整体利用起来还是蛮有意思的。🧐

@cxm95 😅

🤡

@bestswngs swing ddw!

关于 CVE-2022-0847 这个漏洞的另外一个影响： 1. 昨天 ph 师傅在 Docker 里复现这个漏洞的时候发现： 如果修改了容器内的文件，重启一个新的容器发现文件也被修改了 2. 那么这个有什么影响呢？ 对！这个漏洞可以影响同一个镜像的不同容器，即他可以在各个容器内横向移动！

@CodeColorist 《Going home》

@CodeColorist 美食推主

Really enjoy defcon ctf 29 finals and excellent challenges! We would all remember @oooverflow's effort to make this game awesome. I write a small retrospective blog (in Chinese) to memorize this last masterpiece from OOO. brieflyx.me/2021/dc29-memo/

@CodeColorist why are you so diao

@f1yYY__ ddw

Looking for a new job. Remote or in Chengdu. :)

@CodeColorist cc ddw

@bestswngs swing yyds

#RealWorldCTF bestwing.me/RWCTF-3rd-writ…

@f1yYY__ writeup gkd :aaa1aa:

Hope you enjoy it :) And the home challenge is not my idea😂

@bestswngs success

write exploit for CVE-2020-15257

@r3tr0sp3ct2019 Well I guess there is no 'oops=panic' parameter when booting kernel, thus the GFP as a non-fatal exception just makes the process die, instead of making kernel panic.

@BrieflyX I think it is due to some compilation flag of this specific kernel image, which makes it process the fault without rebooting the system.

Trigger a crash in kernel to leak the addresses...I am quite surprised by this technique...😂Since in my impression a crash in kernel always causes reboot...

@changochen11 @david942j Ne0, paper reaper!

@BrieflyX @david942j BrieflyX, yyds

I solved spark in HITCON CTF 2020. The CONFIG_SLAB_FREELIST_HARDENED made it hard to exploit via a single UAF and costs much of my time. Eventually another out-of-bound bug in query algorithm saved me. Thanks to @david942j for 2 interesting kernel chals! github.com/BrieflyX/ctf-p…

@sampriti0 @david942j Cool! I never thought about exploiting only with arbitrary kfree, quite imaginative haha.

@BrieflyX @david942j If you want a exploit using just the UAF :P gist.github.com/sampritipanda/…

@david942j I vote for atoms since many teams solved it via unintended bugs. I would like to see how to trigger the real deadlock XD.

Well no one votes for a writeup? Seems I can slack off this time 😛

Published all the sources and solutions of my challenges for #HITCON CTF 2020: github.com/david942j/ctf-… Which challenge would you most like me to have a writeup 😀?

@po6ix @FlatNetworkOrg good luck!

Thanks for sending me many messages. To my honour, I became a member of @FlatNetworkOrg 🌐

@changochen11 @ptrYudai ybddw!

@BrieflyX @ptrYudai TQL!

My writeup for kstack in #secconctf #seccon 2020. Thanks to @ptrYudai for this excellent challenge, I learned a lot from your blog :) The power of setxattr + userfaultfd + modprobe_path hajicking is quite marvelous in kernel exploitation. github.com/BrieflyX/ctf-p…