fidgeting bits

Hey, I'm going to ask you something just in case. I teach a Linux kernel exploitation course and I wanted to differentiate to the class the kinds of randomizations we see in memory. Even without KASLR or any other configurable randomization, if you check a slub cache right after booting up, the slab base address is subject to some randomization, independent of the cache as far as I can tell. I spent some time investigating this and there's a point during the boot that there's no randomization, but it'll appear somehow. My guess is that some randomization will happen after the other processors are set up (maybe APIC is undeterministic). I even checked the first kmem caches being set up and kmalloc allocations. I didn't finish my analysis, and couldn't come up with a good hypothesis that could explain this behavior. Do you know anything about this? Thank you, and I've checked your book several times during my analysis.

🚨More than a year after the XZ Utils crisis, we found 35+ publicly available Docker Hub images still carrying the backdoor, some tagged “latest”. Long-tail supply-chain risk is real! Read the blog: binarly.io/blog/persisten…

arm64: Linear mapping is mapped at the same static virtual address project-zero.issues.chromium.org/issues/4342084…

[SECURITY] firefox-patch-bin, librewolf-fix-bin and zen-browser-patched-bin AUR packages contain malware @lists.archlinux.org/thread/7EZTJXLIAQLARQNTMEW2HBWZYE626IFJ/" target="_blank" rel="nofollow noopener">lists.archlinux.org/archives/list/…

I had fun playing with Bitchat today. A MITM attacker can pretend to be a "favorited" peer which has been marked as trusted. This lets an attacker inject themselves into trusted conversations My general thoughts about vibe coding and cryptography are written within

🧠 [POC2025] TRAINING Windows Kernel Exploitation: Becoming an "Advanced" Exploit Developer by Cedric Halbronn (@saidelike) 📅 Nov 10-12 (3 days) 📍 Four Seasons Hotel Seoul, South Korea 🔗 More info #training" target="_blank" rel="nofollow noopener">powerofcommunity.net/#training #POC2025

A bit late, but I just published my blog post on bypassing Ubuntu’s sandbox! Hope you enjoy it! u1f383.github.io/linux/2025/06/…

jemalloc Postmortem jasone.github.io/2025/06/12/jem…

My writeup on CVE-2025-31200. This ones an interesting one blog.noahhw.dev/posts/cve-2025…. thanks to @bellis1000 for the shoutout.

Had some fun with rust and wrote a kernel. github.com/xwings/elinOS elinOS RISC-V64 kernel

jemalloc is archived 🤯 github.com/jemalloc/jemal…

Our new blog post is live: blog.dfsec.com/ios/2025/05/30…

🚨🚨🚨We just broke everyone’s favorite CTF PoW🚨🚨🚨 Our teammate managed to achieve a 20x SPEEDUP on kctf pow through AVX512 on Zen 5. Full details here: anemato.de/blog/kctf-vdf The Sloth VDF is dead😵 This is why kernelCTF no longer has PoW!

This might be the best bug I found. Never thought I'd be writing a kernel exploit as reliable, clean and fast as a browser exploit. For a while I actually used this to root my research phone when can't be bothered to patch the rom: github.blog/2022-07-27-cor…

Meet our new buddy, Argusee — an AI-powered, automated vulnerability hunter that has already discovered 15+ vulnerabilities across projects, including a previously unknown Linux kernel flaw (CVE-2025-37891) enabling LPE. Demo and details: darknavy.org/blog/argusee_a…

We still need help getting early access to Android 16 sources prior to the stable release in June. Every mainstream Android OEM has it. We're currently spending significant time on reverse engineering Android 16 Beta releases. It's a huge waste compared to having what we need.

#OffensiveCon25 videos are now up! youtube.com/playlist?list=…

Thrilled to share our latest deep dive into Windows Kernel Streaming! Just presented this research at @offensive_con. Check it out: devco.re/blog/2025/05/1…

I wanted to end last year with a vm escape, took me a bit longer but I want to present you my latest public research: A VM escape in Oracle VirtualBox using only one integer overflow bug! This was fixed in April 15 and assigned CVE-2025-30712. github.com/google/securit…