More than two years ago, a researcher, A2nkF demonstrated the exploit chain from root privilege escalation to SIP-Bypass up to arbitrary kernel extension loading. In this blog entry, we will discuss how we discovered 3 more vulnerabilities from the old exploit…

In this blog post, we present new techniques for recovering the NTLM hash from an encrypted credential protected by Windows Defender…

Earlier this year, I discovered a flaw in XNU, which is the kernel that Apple uses on both macOS and iOS. While it's not a particularly complicated flaw, I wanted to explain how I discovered it and how it works, both so that I can motivate others and so that…

CVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM - kkent030315/CVE-2022-42046

Hey readers, hope everyone is having a good time. Once again I decided to write blogs for the community on topics I stumble upon. I hope…

(A Script that Solicits GPT-3 for Comments on Decompiled Code)

Page Cache and basic file operations # Last updated: Oct 2025 Contents
File reads Reading files with read() syscall Reading files with mmap() syscall File writes Writing to files with write() syscall File writes with mmap() syscall Dirty pages Synchronize…

In part four of our ELF 101 blog series, we explain the dynamic linking process, including its purpose, how it works and the different linking modes.

In our previous post, we focused on understanding the relationship between sections and segments, which serve as the foundation for understanding the ELF file format.

Welcome to the third and final installment of the “Chrome Browser Exploitation” series. The main objective of this series has been to provide an introduction to browser internals and delve into the topic of Chrome browser exploitation on Windows in greater…

Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689. - ginsudev/WDBFontOverwrite

This post is part of Intezers blog series about executable and linkable formats. In this post, we will introduce the concept of ELF relocations and their relationship with symbols. Later we will explain more advanced concepts, such as dynamic linking.

Brief introduction to binder, eventpoll subsystem and Vectored I/O

This article explains how to install Android Studio and set up the Android emulator to proxy its traffic through Burp Suite. This lets you monitor traffic from Android apps.

So, we've all heard of Kubernetes by now. It's a container orchestration platform that's currently taking over the world (and cloud)…

In part four of our ELF 101 blog series, we explain the dynamic linking process, including its purpose, how it works and the different linking modes.

Vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Never run your payloads from the DLLMain