zolutal

18 posts

zolutal

@zolutal

PhD Student at ASU | CTF with Shellphish | Pwn2Own with @asu_sefcom_t0 I don't check this account, find me on other socials

Katılım Nisan 2018

96 Takip Edilen293 Takipçiler

zolutal retweetledi

DARPA@DARPA·11 Ağu

AI Cyber Challenge Semifinal Competition results are in! Congratulations to the top seven scoring teams who will advance to finals, and to all the competitors who worked to help safeguard the code that underpins critical infrastructure. More: darpa.mil/news-events/20…

English

157

20.5K

zolutal retweetledi

[email protected]@Zardus·11 Ağu

We did it!!!! @Shellphish qualifies for the AIxCC finals!!!

English

105

zolutal@zolutal·29 Tem

mastodon link because what if the cool kernel security people on here moved there so I can stop opening this site... haha jk lol... unless?

English

574

zolutal@zolutal·29 Tem

I did a writeup for a cool ctf challenge I worked on this weekend during corCTF, involving a KVM escape! @zolutal/112868323771734780" target="_blank" rel="nofollow noopener">infosec.exchange/@zolutal/11286…

English

8.1K

zolutal retweetledi

Shellphish@shellphish·17 Tem

Introducing ARTIPHISHELL! An LLM-Based Cyber Reasoning System made by @shellphish that autonomously finds and patches vulnerabilities for the @DARPA AIxCC competition (support.shellphish.net)

English

181

25.5K

zolutal retweetledi

[email protected]@Zardus·7 Nis

@zolutal has cinched it! After 6 nights of presumably procrastinating academic research into groundbreaking kernel pwning to instead focus on groundbreaking kernel pwning itself, he earns the first ever 🥇 badge on pwn.college! GREAT JOB! 🥈&🥉 are still up for grabs!

[email protected]@Zardus

@ky1ebot How tough? 44.5 hours in, only two levels are solved, both by @zolutal! Perhaps the world's next kylebot, zolutal pursues pwning research in our lab and in competitions (including pwn2own! twitter.com/thezdi/status/…), and might be ignoring the upcoming CCS deadline to win this QQ...

English

2.4K

zolutal retweetledi

Shellphish@shellphish·11 Mar

We are so back 😎 support.shellphish.net/blog/2024/03/1…

DARPA@DARPA

Congrats to the 7 companies that will receive $1 million each to develop AI-enabled cyber reasoning systems that automatically find and fix software vulnerabilities as part of the #AIxCC Small Business Track! Full announcement: darpa.mil/news-events/20….

English

106

18.7K

zolutal retweetledi

grsecurity@grsecurity·4 Mar

A weakness 23 years in the making: binaries and libraries built with an older toolchain act as timebombs against ASLR under "recent" Linux kernel and glibc changes. Users: Check your exposure! Developers: Rebuild binaries to achieve full ASLR benefit! grsecurity.net/toolchain_necr…

English

19.5K

zolutal@zolutal·13 Oca

@HaskRay yeah the compiler should probably at least give a warning if p_align is 2MiB, especially for 32-bit... for file size, its pretty much just that thp_get_unmapped_area does huge page alignment for sizes >=2MiB and the loader maps the whole >2MiB library file

English

120

[email protected]@HaskRay·13 Oca

@zolutal You probably will get nervous about glibc>=2.35's behavior on p_align=2MiB object files as well... (#over-aligned-segment" target="_blank" rel="nofollow noopener">maskray.me/blog/2023-12-1…) Perhaps the article can discuss how the 2MiB file size matters?

English

429

zolutal@zolutal·8 Oca

I recently learned that mmap/library ASLR has been publicly broken on 32-bit and regressed on 64-bit for over a year... zolutal.github.io/aslrnt/

English

7.5K

zolutal@zolutal·13 Oca

there are now python bindings for dwat! pypi.org/project/dwat/

English

505

zolutal@zolutal·5 Oca

I taped my dwarf parsing work onto weggli to be able to pattern match object allocation sites of specific sizes for linux heap exploitation it needs some work (threw it together last night) but it works pretty well from what I've seen: github.com/zolutal/kheap_…

English

3.2K

zolutal@zolutal·5 Oca

Using a vmlinux based on ubuntu 23.04's source tree and filtering for kmalloc-96 sizes, the original has a runtime >1hr, the version using my library has a <6s runtime! and it being a library rather than CLI tool means adding more specific filters on the output is way easier

English

167

zolutal@zolutal·5 Oca

As a little demonstration, I rewrote this bash script which parses pahole output to find kernel objects of particular sizes: github.com/chompie1337/ke… As a cargo script on top of my library: gist.github.com/zolutal/e4a558…

English

188

zolutal@zolutal·5 Oca

I was disappointed with most of the existing libraries/tools for analyzing type info from DWARF so I've been developing my own (in rust), check it out: github.com/zolutal/dwat

English

739

zolutal@zolutal·9 Ara

AMD dev was having way too much fun with unicode in the pinctrl subsystem lol #L280" target="_blank" rel="nofollow noopener">github.com/torvalds/linux…

English

zolutal retweetledi

TrendAI Zero Day Initiative@thezdi·7 Ara

ASU SEFCOM was able to execute their OOB Write attack against the Synology DiskStation DS920+ in the NAS category to gain code execution. However, one of the exploits they used was already publicly known. They still earn $10K and 2 Master of Pwn points. (repost) #Pwn2Own

English

Keşfet

@shellphish @DARPA @HaskRay @elonmusk @BarackObama @taylorswift13 @cristiano @BillGates