~/cyb3r-w0lf
Vulnerability analyses, exploit deep dives, and research notes on web, Android, and Windows security.
4 posts
A week after Copy Fail, researcher Hyunwoo Kim chained two separate Linux kernel flaws — in the IPsec ESP and RxRPC networking stacks — to produce the same page-cache-poisoning root primitive, on every major distro, with a public one-liner PoC. The critical twist: it works even on systems where the Copy Fail algif_aead mitigation is already applied. Includes both variant deep-dives, detection rules, and a mitigation script.
A nine-year-old Linux kernel bug in the AEAD crypto subsystem lets any local user corrupt in-memory file contents without touching disk, bypass every standard integrity tool, and gain root in under two seconds — on Ubuntu, RHEL, Amazon Linux, and SUSE. Includes a vulnerability checker and mitigation script.
A Windows privilege escalation PoC that turns Windows Defender's own remediation logic into a SYSTEM-privilege write primitive. Chains VSS, batch oplocks, Cloud Files placeholders, POSIX semantics delete, and directory junctions to redirect Defender's restore write into System32 — then hijacks a COM-activated system service to get an interactive SYSTEM shell.
Deep dive into BlueHammer — a Windows local privilege escalation exploit that chains Windows Defender RPC abuse, Volume Shadow Copy Service, opportunistic locks and SAM offline parsing to reach SYSTEM without any kernel bug or memory corruption. Full root-cause analysis, broken code walkthrough, and fixes.
A technical deep dive into CVE-2024-35205 — how a rogue FileProvider turns Android's inter-app file sharing into an arbitrary write primitive. Covers vulnerability background, PoC dissection, full attack chain analysis, detection strategies, and mitigations.