At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell.

Following our presentation at Black Hat USA, in this blog post we provide some details on CVE-2022-20233, the latest vulnerability we found on Titan M, and how we exploited it to obtain code execution on the chip.

By Sergi Martinez Overview It’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux kernel when objects are allocated in a specific slab cache…

A restricted browser, that’s all you have… what do you do?

DirtyCred Remastered: how to turn an UAF into Privilege Escalation

A Primer on Process Reparenting in Windows. Process reparenting is a technique used in Microsoft Windows to create a child process under a different parent process than the one making the call to CreateProcess. Malicious actors can use this technique to evade…

A crypto-core (also called crypto-accelerator) is a dedicated piece of hardware inside the System-on-Chip. Its main role is to 'accelerate' cryptographic

As part of the second edition of Windows Kernel Programming, I’m working on chapter 13 to describe the basics of the Windows Filtering Platform (WFP). The chapter will focus mostly on kernel-…

Incident Response Methodologies 2022. Contribute to certsocietegenerale/IRM development by creating an account on GitHub.

More than two years ago, a researcher, A2nkF demonstrated the exploit chain from root privilege escalation to SIP-Bypass up to arbitrary kernel extension loading. In this blog entry, we will discuss how we discovered 3 more vulnerabilities from the old exploit…

In this blog post, we present new techniques for recovering the NTLM hash from an encrypted credential protected by Windows Defender…

Earlier this year, I discovered a flaw in XNU, which is the kernel that Apple uses on both macOS and iOS. While it's not a particularly complicated flaw, I wanted to explain how I discovered it and how it works, both so that I can motivate others and so that…

CVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM - kkent030315/CVE-2022-42046

Hey readers, hope everyone is having a good time. Once again I decided to write blogs for the community on topics I stumble upon. I hope…

(A Script that Solicits GPT-3 for Comments on Decompiled Code)

Page Cache and basic file operations # Last updated: Oct 2025 Contents
File reads Reading files with read() syscall Reading files with mmap() syscall File writes Writing to files with write() syscall File writes with mmap() syscall Dirty pages Synchronize…

In part four of our ELF 101 blog series, we explain the dynamic linking process, including its purpose, how it works and the different linking modes.

In our previous post, we focused on understanding the relationship between sections and segments, which serve as the foundation for understanding the ELF file format.