From RCU Double Free to Root: Exploiting a Linux Kernel Race in cornelslop
Original text by ptr-yudai 14日前 読者になる
The article is a detailed write-up of the “cornelslop” Linux kernel exploitation challenge from DiceCTF 2026. It explains how a race condition in a kernel module leads to a double free vulnerability involving RCU callbacks. The module manages entries stored in an XArray and exposes several IOCTL operations for…
https://core-jmp.org/2026/03/from-rcu-double-free-to-root-exploiting-a-linux-kernel-race-in-cornelslop/
Original text by ptr-yudai 14日前 読者になる
The article is a detailed write-up of the “cornelslop” Linux kernel exploitation challenge from DiceCTF 2026. It explains how a race condition in a kernel module leads to a double free vulnerability involving RCU callbacks. The module manages entries stored in an XArray and exposes several IOCTL operations for…
https://core-jmp.org/2026/03/from-rcu-double-free-to-root-exploiting-a-linux-kernel-race-in-cornelslop/
👍8
Inside the Payload: Manual Shellcode Analysis with Ghidra
Original text by Matthew
The article explains a practical workflow for manually analyzing malicious Windows shellcode using Ghidra and a debugger such as x32dbg. Instead of relying on automated emulators, the author demonstrates how to perform manual reverse engineering to understand the behavior of shellcode used by frameworks like Cobalt Strike. The tutorial begins with…
https://core-jmp.org/2026/03/inside-the-payload-manual-shellcode-analysis-with-ghidra/
Original text by Matthew
The article explains a practical workflow for manually analyzing malicious Windows shellcode using Ghidra and a debugger such as x32dbg. Instead of relying on automated emulators, the author demonstrates how to perform manual reverse engineering to understand the behavior of shellcode used by frameworks like Cobalt Strike. The tutorial begins with…
https://core-jmp.org/2026/03/inside-the-payload-manual-shellcode-analysis-with-ghidra/
🔥6👍4
Breaking the JIT: Exploiting a SpiderMonkey Type Confusion Bug
Original text by @qriousec
The article analyzes CVE-2025-14325, a vulnerability in the SpiderMonkey JavaScript engine used by Mozilla Firefox. The bug originates in the Baseline JIT compiler, specifically in the implementation of inline caches (ICs) that optimize property access operations in JavaScript. Inline caches speed up execution by remembering object layouts and reusing cached assumptions…
https://core-jmp.org/2026/03/breaking-the-jit-exploiting-a-spidermonkey-type-confusion-bug/
Original text by @qriousec
The article analyzes CVE-2025-14325, a vulnerability in the SpiderMonkey JavaScript engine used by Mozilla Firefox. The bug originates in the Baseline JIT compiler, specifically in the implementation of inline caches (ICs) that optimize property access operations in JavaScript. Inline caches speed up execution by remembering object layouts and reusing cached assumptions…
https://core-jmp.org/2026/03/breaking-the-jit-exploiting-a-spidermonkey-type-confusion-bug/
🔥6
Async Windows Gone Wrong: Exploiting a Win32k Type Confusion Bug
Original text by s4dbrd
The article analyzes a Windows kernel vulnerability in win32kfull.sys involving a type confusion bug in the asynchronous window action processing path. The vulnerability occurs in logic responsible for handling window-related operations when certain internal features are enabled through Microsoft’s feature-flag system. Because of inconsistent object handling, the kernel may treat one…
https://core-jmp.org/2026/03/async-windows-gone-wrong-exploiting-a-win32k-type-confusion-bug/
Original text by s4dbrd
The article analyzes a Windows kernel vulnerability in win32kfull.sys involving a type confusion bug in the asynchronous window action processing path. The vulnerability occurs in logic responsible for handling window-related operations when certain internal features are enabled through Microsoft’s feature-flag system. Because of inconsistent object handling, the kernel may treat one…
https://core-jmp.org/2026/03/async-windows-gone-wrong-exploiting-a-win32k-type-confusion-bug/
🔥11👍3
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
Original text by CALIF
The article “MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell” describes an experiment demonstrating how a modern large language model can assist in advanced vulnerability research and exploit development. Researchers tested the AI model Claude against CVE-2026-4747, a vulnerability in FreeBSD’s RPCSEC_GSS implementation. Starting only with…
https://core-jmp.org/2026/04/mad-bugs-claude-wrote-a-full-freebsd-remote-kernel-rce-with-root-shell-cve-2026-4747/
Original text by CALIF
The article “MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell” describes an experiment demonstrating how a modern large language model can assist in advanced vulnerability research and exploit development. Researchers tested the AI model Claude against CVE-2026-4747, a vulnerability in FreeBSD’s RPCSEC_GSS implementation. Starting only with…
https://core-jmp.org/2026/04/mad-bugs-claude-wrote-a-full-freebsd-remote-kernel-rce-with-root-shell-cve-2026-4747/
👍7🔥2
Understanding Out-Of-Bounds in Windows Kernel Driver
Original text by Jay Pandya
The article “Understanding Out-of-Bounds in Windows Kernel Driver” explains how out-of-bounds (OOB) vulnerabilities occur in Windows kernel drivers and why they are dangerous from a security perspective. Out-of-bounds bugs appear when code reads or writes memory outside the boundaries of a valid buffer or structure, often due to incorrect index…
https://core-jmp.org/2026/04/understanding-out-of-bounds-in-windows-kernel-driver/
Original text by Jay Pandya
The article “Understanding Out-of-Bounds in Windows Kernel Driver” explains how out-of-bounds (OOB) vulnerabilities occur in Windows kernel drivers and why they are dangerous from a security perspective. Out-of-bounds bugs appear when code reads or writes memory outside the boundaries of a valid buffer or structure, often due to incorrect index…
https://core-jmp.org/2026/04/understanding-out-of-bounds-in-windows-kernel-driver/
👍8
Reverse engineering Realtek RTL8761B* Bluetooth chips, to make better Bluetooth security tools & classes
Original text by Xeno Kovah
The article “Hardwear.io 2025 – Reverse Engineering Realtek Bluetooth Chips” from Dark Mentor describes research into undocumented Realtek Bluetooth chipsets commonly used in inexpensive USB adapters. The author investigated devices based on the RTL8761B chipset with the goal of enabling deeper Bluetooth security research without relying on expensive development boards.…
https://core-jmp.org/2026/04/reverse-engineering-realtek-rtl8761b-bluetooth-chips-to-make-better-bluetooth-security-tools-classes/
Original text by Xeno Kovah
The article “Hardwear.io 2025 – Reverse Engineering Realtek Bluetooth Chips” from Dark Mentor describes research into undocumented Realtek Bluetooth chipsets commonly used in inexpensive USB adapters. The author investigated devices based on the RTL8761B chipset with the goal of enabling deeper Bluetooth security research without relying on expensive development boards.…
https://core-jmp.org/2026/04/reverse-engineering-realtek-rtl8761b-bluetooth-chips-to-make-better-bluetooth-security-tools-classes/
👍5
Hypervisor-Based Defense (Windows Kernel Protection)
Original text by Ido Veltzman
The article “Hypervisor-Based Defense” discusses how hypervisors can be used as a powerful defensive layer to protect Windows systems from kernel-level attacks. The author explains that modern attackers frequently target the kernel using techniques such as Bring Your Own Vulnerable Driver (BYOVD) or malicious kernel modules that bypass traditional security…
https://core-jmp.org/2026/04/hypervisor-based-defense-windows-kernel-protection/
Original text by Ido Veltzman
The article “Hypervisor-Based Defense” discusses how hypervisors can be used as a powerful defensive layer to protect Windows systems from kernel-level attacks. The author explains that modern attackers frequently target the kernel using techniques such as Bring Your Own Vulnerable Driver (BYOVD) or malicious kernel modules that bypass traditional security…
https://core-jmp.org/2026/04/hypervisor-based-defense-windows-kernel-protection/
👍6
Credential Dumping from LSASS (Windows Authentication Secrets)
Original text by Raj
The article explains how attackers extract authentication secrets from the Local Security Authority Subsystem Service (LSASS) process in Windows. LSASS is responsible for enforcing system security policies, handling logins, and storing authentication data such as NTLM password hashes, Kerberos tickets, and cached credentials in memory.
Because these credentials must remain in…
https://core-jmp.org/2026/04/credential-dumping-from-lsass-windows-authentication-secrets/
Original text by Raj
The article explains how attackers extract authentication secrets from the Local Security Authority Subsystem Service (LSASS) process in Windows. LSASS is responsible for enforcing system security policies, handling logins, and storing authentication data such as NTLM password hashes, Kerberos tickets, and cached credentials in memory.
Because these credentials must remain in…
https://core-jmp.org/2026/04/credential-dumping-from-lsass-windows-authentication-secrets/
👍9🔥2
Breaking Process Protection: Exploiting CVE-2026-0828 in ProcessMonitorDriver.sys
Introduction
A recently disclosed vulnerability CVE-2026-0828 in the Windows kernel driver ProcessMonitorDriver.sys exposes a dangerous capability: any user-mode application that obtains a handle to the device can terminate arbitrary processes, including protected system processes, without proper access-control checks. This flaw effectively bypasses the normal Windows security model that protects critical system services and security components.…
https://core-jmp.org/2026/04/breaking-process-protection-exploiting-cve-2026-0828-in-processmonitordriver-sys/
Introduction
A recently disclosed vulnerability CVE-2026-0828 in the Windows kernel driver ProcessMonitorDriver.sys exposes a dangerous capability: any user-mode application that obtains a handle to the device can terminate arbitrary processes, including protected system processes, without proper access-control checks. This flaw effectively bypasses the normal Windows security model that protects critical system services and security components.…
https://core-jmp.org/2026/04/breaking-process-protection-exploiting-cve-2026-0828-in-processmonitordriver-sys/
🔥8👍3
Forwarded from IT ARMY OF RUSSIA
This media is not supported in your browser
VIEW IN TELEGRAM
Доброго времени!
Приглашаем хакеров и безопасников в IT ARMY OF RUSSIA
Здесь ты сможешь найти коллег по работе и обучиться новым знаниям!
Помогай Родине - вместе с нами!
У нас есть свой форум для общения - XSSF.NET / XSSF.RU
Обсуждайте/Помогайте друг-другу/Ведите деятельность вместе!
Присоединяйся к нам!
Телеграм канал: https://t.me/itarmyofrussianews
Наш форум: https://xssf.net / https://xssf.ru
Приглашаем хакеров и безопасников в IT ARMY OF RUSSIA
Здесь ты сможешь найти коллег по работе и обучиться новым знаниям!
Помогай Родине - вместе с нами!
У нас есть свой форум для общения - XSSF.NET / XSSF.RU
Обсуждайте/Помогайте друг-другу/Ведите деятельность вместе!
Присоединяйся к нам!
Телеграм канал: https://t.me/itarmyofrussianews
Наш форум: https://xssf.net / https://xssf.ru
😱18👍16