Loading posts...
  • User namespace and kernel capability

    A lot of kernel reachable code is only available from an already-privileged user. To restrict features for unprivileged user, the kernel generally uses capabilities. Ubuntu enabled unprivileged user namespace by default, which gives kernel exploit more attack surface. Nowadays most kernel modules are guarded by different capabilities, such as CAP_NET_ADMIN, CAP_NET_RAW. To trigger a vulnerability that…

  • Switch Dashlane to Bitwarden

    I’ve been using Dashlane for years, it’s the best password management software I ever used, even when I made the decision that migrating all my passwords to Bitwarden, I still believe no other password management software can compete with Dashlane. So why did I abandon Dashlane anyway and embrace an ugly, incomplete, open-source password management…

  • Universal heap spraying strategy – userfaultfd + setxattr

    I read a post about a new heap spraying strategy by Vitaly Nikolenko a few weeks ago. It utilizes userfaultfd+setxattr to spray arbitrary size data on the heap. Since I didn’t find any existed code snippets of this new strategy, I’d like to write a demonstration and share it with the public.

  • [kernel pwn] CVE-2017-7184复现

    CVE-2017-7184的详细介绍以及利用

  • GPGTools+SSH+Yubikey+MacOS中文教程

    还在手动输入用户名密码登录ssh被pandada嘲讽后,一鼓作气换成GPGTools+ssh+yubikey
    中间走了不少弯路,写下来望各位绕道而行