ulisses

Just published a post on exploiting CVE-2024-0582, a vulnerability in the Linux kernel that remained unpatched in Ubuntu for over two months. Hope you enjoy it! blog.exodusintel.com/2024/03/27/min…

CFP is open for SAFACon Party! This is your chance to share your coolest research at an exclusive, invite-only conference. Sunshine, spanish vibes, food, drinks, party, heated VR debates are guaranteed. All your favorite VR folks will be there, so should you. Ping me for details

🤌🔥 "Build a Fake Phone, Find Real Bugs Qualcomm GPU Emulation and Fuzzing with LibAFL QEMU" media.ccc.de/v/39c3-build-a…

It's official - #SAFACon 2026 will be held on the 8th of May in a secret location around Barcelona. Invites coming out from January, stay tuned for more info...

Our team discovered CVE-2025-13032, an LPE in the Avast sandbox driver! Read the story of a SYSTEM token heist involving a break-in and escape from the antivirus sandbox. Full details: safateam.com/intelligence-h… #CVE #LPE #Antivirus #KernelExploit #WindowsSecurity

Honey wake up, a new alternative to userfaultfd / FUSE for lengthening race windows just dropped!! #diff-61728fd9a1dd5bffb7a7143dc914920e30a9fcef794a3b308193a8d3ab750ba1" target="_blank" rel="nofollow noopener">github.com/google/securit…

First mention of x86 memory tagging (aka MTE) by both Intel and AMD (codename ChkTag): community.intel.com/t5/Blogs/Tech-… amd.com/en/blogs/2025/… 🤘🤘🤘

Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) willsroot.io/2025/09/ksmbd-… Cheers to @u1f383 for finding these CVEs + the OffensiveCon talk from gteissier & @laomaiweng for inspiration!

My new article: "Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel"⚡️ I tell a bug collision story and introduce my pet project kernel-hack-drill, which helped me to exploit the hard bug that received @PwnieAwards 2025 a13xp0p0v.github.io/2025/09/02/ker…

Documented instructions for setting up KGDB on Pixel 8. Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc. xairy.io/articles/pixel…

with offensivecon around the corner, i figured id write another post on linux kernel exploitation techniques - this time i cover the world of page table exploitation! enjoy 🤓 sam4k.com/page-table-ker…

A great overview of the Linux Page Allocator 💯 syst3mfailure.io/linux-page-all…

We are back😎 Say hello to our kernelCTF submission for CVE-2025-37752🩸 Who would have thought you could pwn a kernel with just a 0x0000 written 262636 bytes out of bounds? Read the full writeup at: syst3mfailure.io/two-bytes-of-m… 👀

@pinkflawd @zlowram_ Not exactly a Linux OS bible, but I really like Linux Kernel Programming by Kaiwan N Billimoria. Imho it's a great resource to understand the main building blocks of the OS without getting lost, and it reads very well.

@zlowram_ Hey thanks! I got that one, it is good even if development isn't what one is after. I'm surprised there isn't a Linux OS "bible" per se, the one big book must read

Is there such thing as a Windows Internals book, but for Linux? Like, the whole OS in one book?

ngl gang i might have got a bit lost in the sauce with this one, but if you're curious about how mmap() is implemented, check out part 2 of my memory management linternals series sam4k.com/linternals-exp…

🚨 New Blog Post: Exploiting CVE-2024-0582 via the Dirty Page Table Method! Discover how dangling pages can corrupt Page Table Entries (PTEs) and redirect user-space memory to kernel-space. Read the full analysis: kuzey.rs/posts/Dirty_Pa… #ExploitDevelopment #KernelSecurity

Slides of my talk at #Zer0Con2025! ⚡️ Kernel-Hack-Drill: Environment For Developing Linux Kernel Exploits ⚡️ I presented the kernel-hack-drill open-source project and showed how it helped me to exploit CVE-2024-50264 in the Linux kernel. Enjoy! a13xp0p0v.github.io/img/Alexander_…

Just saw it mentioned on LWN, handy site for checking which distros enable a certain config option: oracle.github.io/kconfigs/?conf…... Just replace UTS_RELEASE with whatever config option name minus CONFIG_, for example: oracle.github.io/kconfigs/?conf…...

CVE-2025-0927 details here! ssd-disclosure.com/ssd-advisory-l…

The Linux Memory Manager preorder and early access book nostarch.com/linux-memory-m…

I tried my hand at exploiting an nday on the Google Container Optimized OS instance in kCTF but sadly was very late to the party. Here is my exploit write-up for it. I learned a lot during the process, let me know what you think. I'll post TL;DR in thread h0mbre.github.io/Patch_Gapping_…