2025-06-08 | #cve #nday #v8
This post explores CVE-2025-2137, a subtle out-of-bounds read vulnerability in Chrome's V8 engine caused by incorrect string encoding assumptions during JSON.stringify. It documents the debugging process, challenges with V8's internal string types, and key lessons learned while developing a near-working proof-of-concept.
2025-01-02 | #exploitation #heap #x86
Various heap exploitation techniques, including classic methods like House of Spirit, House of Lore (with different bin variants), and House of Einherjar, along with modern strategies such as Google's Poison Null Byte and Tcache-based attacks like Tcache Dup and Tcache Dumping.
2024-12-21 | #exploitation #heap #x86
This ongoing series explores various heap exploitation techniques, from basic concepts to advanced vulnerabilities. Each section covers different strategies for manipulating heap memory to achieve arbitrary code execution and bypass memory protections.
2024-11-27 | #asm #cve #pwn
Recently, I came across an underflow vulnerability in the open-source project 7-Zip, initially disclosed by the Zero Day Initiative (ZDI) in this advisory. The issue was resolved in version 7-Zip 24.07, and I decided it would be fun and educational to dig into this bug myself. My goal was to identify the vulnerability using fuzzing and debugging tools like AFL and GDB, gaining a deeper understanding of the flaw and its exploit potential.
2024-11-10 | #asm #ctf #pwn
In this post, I walk through the process of exploiting a binary with all mitigations enabled, demonstrating how to bypass protections and gain shell access. Using pwntools, we craft an exploit that jumps to the win() function, ultimately allowing us to take control of the system.
some kernel stuff I did to learn how to debug, exploit, and tackle kernel level vulnerabilites.
2024-08-24 | #exploit #kernel #N-day
In this post, I explore CVE-2017-11176, a Linux kernel vulnerability, applying knowledge from recent courses and research. Using Lexfo’s documentation as a guide, I break down the patch diff, gain a primitive write, and craft a full exploit.
2021-12-29 | #x86
Vulnerabilities were identified in the CoreFTP Server, particularly in its HTTP service, which allows an authenticated user to write files anywhere on the server, bypassing restrictions meant to confine them to their home directory.
