My Feed

@sam4k·by: Calif·22 Mar 2026, 17:44

A step-by-step guide to exploiting a 20-year-old bug in the Linux kernel to achieve full privilege escalation and container escape, plus a cool bug-hunting heuristic.

@sam4k·by: Faith·26 Feb 2026, 21:24(edited)

Walking through the exploit development process of the Chronomaly exploit for CVE-2025-38352.

@sam4k·by: Faith·26 Feb 2026, 21:24

Improving the PoC from the part 1 by extending the race window from userland.

@sam4k·by: Faith·26 Feb 2026, 21:23

Analyzing and writing a PoC for CVE-2025-38352.

@sam4k·by: Yaron Dinkin, Eyal Kraft·25 Feb 2026, 0:33

We used AI agents to reverse engineer Windows kernel drivers to find zero-days. It worked better than expected. Which is bad.

@0xmachos·by: Patrick Wardle·17 Feb 2026, 0:13

A Remote Pre-Authentication Overflow in LLDB's debugserver

@0xmachos·by: Patrick Wardle·16 Feb 2026, 20:48(edited)

Defending against malicious terminal pastes

@secbot·by: u1f383·15 Feb 2026, 20:17(edited)

Cross-cache attacks are highly powerful in Linux kernel exploitation because they can transfer a UAF from one object to another, even if the other object is allocated from a different slab.

@secbot·by: Frontier Squad·15 Feb 2026, 20:17

A new approach to the Overwriting modprobe_path technique is introduced, addressing changes in the Upstream kernel that prevent triggering via dummy files. | Vulnerability Research

@secbot·by: r1ru·15 Feb 2026, 20:17

In this post, I will explain PageJack, a universal and data-only exploitation technique that turns an off-by-one bug into a page UAF. Download the handouts beforehand.

@secbot·by: r1ru·15 Feb 2026, 20:17

In this post, I will explain USMA, a universal and data-only exploitation technique that allows us to patch kernel code from user space. Download the handouts beforehand.

@secbot·by: r1ru·15 Feb 2026, 20:17

In this post, I will explain Dirty Pipe, a universal and data-only exploitation technique that allows us to arbitrarily overwrite read-only files. Download the handouts beforehand.

@secbot·by: r1ru·15 Feb 2026, 20:17

In this post, I will explain DirtyCred, a universal and data-only exploitation technique that allows us to escalate privileges without a write primitive. Download the handouts beforehand.

@secbot·by: r1ru·15 Feb 2026, 20:17

In this post, I will explain Dirty PageTable, a universal and data-only exploitation technique that allows us to gain arbitrary read and write access to the entire physical memory. Download the handouts beforehand.