CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF
Introduction In the past few weeks, I worked with @LukeGix (checkout his blog post on the same vulnerability here) to exploit the CVE-2022-2602, a very...
How an Akamai misconfiguration earned us USD 46.000
A few months ago me and my friend Jacopo Tediosi made an interesting discovery about an Akamai misconfiguration that allowed us to earn more than...
Workshop: Linux Kernel Exploitation 101 – Part 2
https://youtu.be/2FMTdFbjIsk Slide: https://hacktivesecurity-my.sharepoint.com/:b:/p/alessandro/EX9sSrCCRIlLqvkHoRl7_jQBB6xKgV_qLL9UA5fIwf2Cbw?e=cCQpixMateriale utilizzato nel video (per poter replicare i lab): https://hacktivesecurity-my.sharepoint.com/:u:/p/alessandro/EX08cV3wTzZJsEeEQwZvw80BbybF2CpUmJdsXXGlY0hnwA?e=JaGru3Il materiale è stato testato con Ubuntu 20.04 con architettura x86_64. Non dovrebbero esserci...
Workshop: Linux Kernel Exploitation 101 – Part 1
https://youtu.be/gkXsH0eJQvY Slide: https://hacktivesecurity-my.sharepoint.com/:b:/p/alessandro/EX9sSrCCRIlLqvkHoRl7_jQBB6xKgV_qLL9UA5fIwf2Cbw?e=cCQpixMateriale utilizzato nel video (per poter replicare i lab): https://hacktivesecurity-my.sharepoint.com/:u:/p/alessandro/EX08cV3wTzZJsEeEQwZvw80BbybF2CpUmJdsXXGlY0hnwA?e=JaGru3Il materiale è stato testato con Ubuntu 20.04 con architettura x86_64. Non dovrebbero esserci...
Dynamic caching: What could go wrong?
Tl;DrThe Engintron plugin for CPanel presents a default configuration which could expose applications to account takeover and / or sensitive data exposure due to cache...
Linux Kernel Exploit Development: 1day case study
Introduction I was searching for a vulnerability that permitted me to practise what I've learned in the last period on Linux Kernel Exploitation with a...
KRWX: Kernel Read Write Execute
Introduction Github project: https://github.com/kiks7/KRWX During the last few months/year I was studying and approaching the Kernel Exploitation subject and during this journey I developed few...