I finally finished the initial version of a new home for my Linux Inside series: 0xax.dev/books/linux-in…
In the meantime, I will slowly continue revisiting and updating the old chapters for modern kernels
We recently achieved guest-to-host escape by exploiting a QEMU 0day.
We’ll share details on a new technique leveraging the latest glibc allocator behavior and what we believe is a novel QEMU-specific heap spray/RIP-control primitive.
Writeup coming next week.
Easy to trigger memleak from an unpriv user, just need to do a PR_TIMER_CREATE_RESTORE_IDS_ON prctl first. Only affects kernels from this year: git.kernel.org/pub/scm/linux/…
So verifier.dll exposes a function called VerifierDestroyRpcPageHeap() which has this opcode RIGHT AT THE BEGINNING of the function - which we can use to fetch the PEB without calling something like __readgsqword(0x60) directly.
PoC: github.com/whokilleddb/fu…
240 Followers 1K Following#1 Player @SecDim https://t.co/c05WbjSF8H
Senior Pentest & CTI @Transgrid_AU
@thehackerscrew1 CTF Player
https://t.co/jjo3voyn8F Pro Team Player
81 Followers 319 FollowingNate 19 years old. I can speak TH, ENG and a little bit of JP.
*Not good at communication*
Please be kind when we meet TwT
| Wotaku 🏮 & Pwnable 💻 Stuff |
33 Followers 191 FollowingWeb Security at @ViettelCyberSec | CTF player at @0xL4ugh | VNU-HCM University of Information Technology | ACS 2025 🇰🇷 | GCC 2026 🇻🇳
123K Followers 262 FollowingThe AI Lab behind GLM models, dedicated to inspiring the development of AGI to benefit humanity.
https://t.co/7a5aSCUNcZ
https://t.co/x14hb3klXm
174K Followers 216 FollowingWhere AI meets the real world. Formerly LMArena. We measure and advance the frontier of AI through community-driven evaluation. We’re hiring → https://t.co/XBZCrseaWF
1K Followers 0 FollowingCosplayer & Dreamer
Full-time anime lover
Yes, i use ai for my photos
Your favorite characters like you've never seen before👇
https://t.co/tzTr74lLMQ
2K Followers 86 FollowingAdvanced sandbox-based system specifically designed and built for detecting file-based zero-day and hard-to-detect exploits. By @HaifeiLi.
33 Followers 191 FollowingWeb Security at @ViettelCyberSec | CTF player at @0xL4ugh | VNU-HCM University of Information Technology | ACS 2025 🇰🇷 | GCC 2026 🇻🇳
126K Followers 0 FollowingOpen source privacy and security focused mobile OS with Android app compatibility.
Forum, Discord and Matrix: https://t.co/C0RaJbZosj