LPE dropped yesterday. They’re calling it Copy Fail. A logic bug in the kernel’s crypto subsys 732 bytes of Python, unprivileged, root on every major...

Found an out-of-bounds write in radare2’s QNX remote debug protocol client. A malicious QNX debug server can send oversized responses that write past the caller’s...

Today’s post we’re just raw-dogging it from a degenerate malware dev perspective. We’re gonna cook up a self-contained metamorphic engine a piece carrying its own...

In-memory execution on macOS yes, it’s a thing. Sometime ago, I read a post by Patrick Wardle about one of the Lazarus Group implants using...

Woke up today to find a juicy new Command Injection vulnerability hitting D-Link devices. While it’s no surprise to see vulnerabilities popping up every other...

In this post we’ll focus on the theory of a technique known as DLL Proxying, dive into offensive security tooling developing & techniques leveraging Rust....

Today’s post is a full pipeline walkthrough from a MessageBoxA call all the way to a kernel rootkit doing DKOM process hiding and callback abuse....

Today’s post we’re gonna walk through exploit development on x86-64 Linux from the ground up. We’ll start with a basic stack overflow, write shellcode, pop...

In the beginning, there was the signature. A simple string of bytes that uniquely identified a piece of malware. Those were simpler times - append...

This one builds on the kernel modules post. If you haven’t read that, go read it first because I’m not explaining what module_init does again....

Kernel modules are pieces of code that get loaded into the kernel at runtime no reboot, no recompilation. They run in ring0, same privilege level...