Make Dragonfly BSD great again!2017-03-23 14:29:25Recently I spent some time reading Dragonfly BSD code. While doing so
I spotted a vulnerability in the sysvsem subsystem that let user to
point to any piece of memory and write data through it (including the
kernel space). This can be turned into execution of arbitrary code in the kernel
context and by exploiting this, we're gonna make Dragonfly BSD great again!
Read more >
Spawn your shell like it's 90s again!2016-07-21 09:09:58Abusing SUID files should be dead in 90s, but surprisingly it's still alive. I accidentally found a Time To Check To Time To Use issue in mail.local(8) which luckily can be turned into privilege escalation! This article is a quick walk-through to gaining root privileges in the NetBSD.
Read more >
A tale of openssl_seal(), PHP and Apache2handle2016-02-01 09:11:48The openssl_seal() is prone to use uninitialized memory that can be turned into a code execution. This document describes our journey to hijack apache2 requests.
Read more >