Himanshu Khokhar Jaat

The "Randomized slab caches for kmalloc()" patch was merged into mainline. With CONFIG_RANDOM_KMALLOC_CACHES=y, each kmalloc cache is split into 16. kmalloc uses a random one for each allocation based on the code location. Choices change every reboot. git.kernel.org/pub/scm/linux/…

Updates for the Linux kernel exploitation collection. github.com/xairy/linux-ke…

CVE-2023-3390: UAF on Linux Netfilter nftables MFT_MSG_NEWRULE leads to LPE. We exploit this tiny 1-day vuln to pwn all targets of Google's kernelCTF for the first time in history. Nice and clear triple-kill 🥳

lol 9 Linux Kernel exploits in 6 minutes. #kernelCTF @koczkatamas google.github.io/security-resea…

Will be delivering a 1 day workshop on Linux Kernel Exploitation as a way of giving it back to the community. It's free to attend and join.

One of our elite researchers @sherl0ck__ wrote up some great work on Apple Safari: blog.exodusintel.com/2023/07/20/shi… #vulnerability #Exploit #whitehat #CyberSecurity

Excellent blogpost by @Synacktiv on Android heap allocator jemalloc (version >= 5) synacktiv.com/publications/e… #infosec #exploit #android

PoC for CVE-2023-31248. This was used to exploit Ubuntu Desktop at Pwn2Own Vancouver 2023. github.com/kungfulon/nf-t…

Nice blog post on exploiting VirtualBox on Windows (CVE-2023-21987 and CVE-2023-21991) qriousec.github.io/post/vbox-pwn2… #virtualbox #infosec

Type confusion in Safari browser (analysis of CVE-2022-42856) web.archive.org/web/2023032216… #cybersecurity

UNCONTAINED: Uncovering Container Confusion in the Linux Kernel A paper by @JakobKoschel, @borrello_pietro, et al. about finding type confusion bugs in container_of invocations. Paper: download.vusec.net/papers/unconta… Overview: vusec.net/projects/uncon…

Bare metal firmware reverse engineering Introduction series by @RagnarSecurity Part 1: ragnarsecurity.medium.com/reverse-engine… Part 2: medium.com/geekculture/re… Part 3: medium.com/geekculture/re… #iot #embedded #reverseengineering #infosec #cybersecurity

Yet another Linux kernel exploitation write-up! CVE-2021-22555: Turning \x00\x00 into 10000$ google.github.io/security-resea…

Great blog post for learning a bit more about Linux kernel internals Scheduling and context switch in ARM32 people.kernel.org/linusw/the-arm… #Linux #kernel #learning

VirtualBox internals and exploitation (CVE-2023-21987 and CVE-2023-21991) Credits @qriousec qriousec.github.io/post/vbox-pwn2… #infosec #cybersecurity #cve #virtualbox

Fun fact: 5 years ago someone proposed a patch to QEMU so that it has a built-in WinDBG support. @Misha-PC.lan02.inno/t/" target="_blank" rel="nofollow noopener">lore.kernel.org/all/1511273297… It was apparently rejected. However it can be found here, for those interested: github.com/ispras/qemu/tr…

Introduction to embedded firmware emulation for security analysis using QEMU Great content by @olivier_boschko boschko.ca/qemu-emulating… #qemu #emulation #iot #embedded #infosec

“io_uring vulnerabilities were used in ALL the submissions which bypassed our mitigations.” sounds about right security.googleblog.com/2023/06/learni…

CVE-2023-2008 - Analyzing and exploiting a bug in the udmabuf driver by @dialluvioso_ and @esanfelix labs.bluefrostsecurity.de/blog/cve-2023-…