Forwarded from Linux Kernel Security (Andrey Konovalov)
Old bug, shallow bug: Exploiting Ubuntu at Pwn2Own Vancouver 2023
An article by Tanguy Dubroca about exploiting a stack out-of-bounds bug in the netfilter subsystem (yet again).
The shared exploit gains root privileges on Ubuntu.
An article by Tanguy Dubroca about exploiting a stack out-of-bounds bug in the netfilter subsystem (yet again).
The shared exploit gains root privileges on Ubuntu.
Synacktiv
Old bug, shallow bug: Exploiting Ubuntu at Pwn2Own Vancouver 2023
Forwarded from Hacker News (yahnc_bot)
RISC-V SBI and the full boot process https://popovicu.com/posts/risc-v-sbi-and-full-boot-process/
Popovicu
RISC-V SBI and the full boot process
Detailed explanation on how RISC-V boot process works and what role SBI has in the RISC-V software stack. Concrete example with OpenSBI.
Forwarded from Hacker News (yahnc_bot)
Interactive Map of Linux Kernel https://makelinux.github.io/kernel/map/
利用 ELF 头格式和 Linux 的解析特性创造一个尽可能小的二进制(只要 45 bytes)
https://www.muppetlabs.com/~breadbox/software/tiny/teensy.html
https://www.muppetlabs.com/~breadbox/software/tiny/teensy.html
cve-2023-38408:利用 ssh-agent 转发时动态库组合中的错误实现 RCE,同时也是一个新的攻击面,利用 dlopen 和 dlclose 实现 SROP 或 Sigaltstack use-after-free。
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Forwarded from Linux Kernel Security (Andrey Konovalov)
Escaping the Google kCTF Container with a Data-Only Exploit
An article by h0mbre about exploiting a use-after-free on struct file in the io_uring subsystem.
The exploit uses a cross-cache attack to reclaim the freed struct file with a pipe buffer, fakes two different file structs to gain arbitrary address read and write, gets root privileges, and escapes the kernelCTF container.
An article by h0mbre about exploiting a use-after-free on struct file in the io_uring subsystem.
The exploit uses a cross-cache attack to reclaim the freed struct file with a pipe buffer, fakes two different file structs to gain arbitrary address read and write, gets root privileges, and escapes the kernelCTF container.
The Human Machine Interface
Escaping the Google kCTF Container with a Data-Only Exploit
Introduction I’ve been doing some Linux kernel exploit development/study and vulnerability research off and on since last Fall and a few months ago I had some downtime on vacation to sit and challenge myself to write my first data-only exploit for a real…
QRZ 的摸鱼日常
Photo
看了一下是 5G NTN 技术,虽然宣称不需要新模块,但看上去想支持一些功能还是得买 2025 年之后发布的新手机,可能很适合想持有国外手机号的人/买海外版手机的人。
QRZ 的摸鱼日常
看了一下是 5G NTN 技术,虽然宣称不需要新模块,但看上去想支持一些功能还是得买 2025 年之后发布的新手机,可能很适合想持有国外手机号的人/买海外版手机的人。
对这种技术谨慎悲观,毕竟手机的功率上限就那么大,要是没有点地面设备转发上行快不起来吧。
Forwarded from Milkice's NG
发现了宝藏,收集了各大城市轨道交通和公交车所支持的支付方式(包括交通联合卡T-Union,银联QuickPass,支付宝/微信乘车码,云闪付App,V/M/A/J/D外币卡,本地乘车码App等)
轨道交通:
https://ivysauro.github.io/CNRT/data/Pay
公交:
https://ivysauro.github.io/CNRT/data/BusPay
主页亦提供其他出行相关的实用信息:
https://ivysauro.github.io/CNRT/
是普通用户出行及车迷朋友的小红书
作为社区项目,欢迎当地用户对当地的交通内容查缺补漏
# 补充
交通联合互联互通测试记录查询 - 交联面条站
https://www.tunionfans.com/record/
除了车迷应该用不上
交通联合卡可用地区查询 - 广州公共交通信息
https://ipt.kopisee.com/canton/zh-cn/t-union
能查全国的 不只是广州
同时强烈建议推广NFC支付(如TU/CU/银联闪付/V/M/A)而不是什么一堆乘车码
轨道交通:
https://ivysauro.github.io/CNRT/data/Pay
公交:
https://ivysauro.github.io/CNRT/data/BusPay
主页亦提供其他出行相关的实用信息:
https://ivysauro.github.io/CNRT/
是普通用户出行及车迷朋友的小红书
作为社区项目,欢迎当地用户对当地的交通内容查缺补漏
# 补充
交通联合互联互通测试记录查询 - 交联面条站
https://www.tunionfans.com/record/
交通联合卡可用地区查询 - 广州公共交通信息
https://ipt.kopisee.com/canton/zh-cn/t-union
能查全国的 不只是广州
同时强烈建议推广NFC支付(如TU/CU/银联闪付/V/M/A)而不是什么一堆乘车码
ChinaRailTransit
轨道交通支付方式/ Payment Methods for Rail Transit
另一角度看地铁/ Another view of Rail Transit