0xTen
@_0xTen
android/linux kernel @vigilant_labs • prev blockchain @osec_io • ctf/pwn @cor_ctf + @eltctfbr
Here is our 0day for kernelCTF🩸 - 82k bounty - quickest submission ever - all instances pwned😎 syst3mfailure.io/rbtree-family-… Disclaimer: We apologize for abusing the red black tree family. Turning grandparents against grandchildren is only acceptable in the context of pwn😤
Exploit write-ups for our 🚨latest 0-day🚨and the tragedy that swept the red black tree family dropping soon 👀 Here is a tiktok style video for those of you with no attention span thanks to slop and social media. Turn on the audio!!!
Exploit write-ups for our 🚨latest 0-day🚨and the tragedy that swept the red black tree family dropping soon 👀 Here is a tiktok style video for those of you with no attention span thanks to slop and social media. Turn on the audio!!!
Great writeup on exploiting Linux kernel nf_tables subsystem osec.io/blog/2024-11-2… Credits Pedro Pinto #infosec #Linux
First userland ropchain exploit on the Switch 2 Source: bsky.app/profile/retr0.…
Oops, we just pwned the kernelCTF mitigation instance with a 0day😳 Our fellow pwner syst3mfailure has picked up pigeon feeding as a hobby to help him cope with the insanity
🚨🚨🚨We just broke everyone’s favorite CTF PoW🚨🚨🚨 Our teammate managed to achieve a 20x SPEEDUP on kctf pow through AVX512 on Zen 5. Full details here: anemato.de/blog/kctf-vdf The Sloth VDF is dead😵 This is why kernelCTF no longer has PoW!
Bypassing MTE with CVE-2025-0072 (by @mmolgtm of GitHub Security) #infosec #android github.blog/security/vulne…
We are back😎 Say hello to our kernelCTF submission for CVE-2025-37752🩸 Who would have thought you could pwn a kernel with just a 0x0000 written 262636 bytes out of bounds? Read the full writeup at: syst3mfailure.io/two-bytes-of-m… 👀
I've just published a new blog post detailing how I developed a deterministic kernel exploit for iOS. Enjoy! alfiecg.uk/2025/03/01/Tri…
Blog post I wrote about an unexpectedly vulnerability we discovered in the TCP subsystem of the Linux kernel. This one is interesting because it can lead to a UAF even with the reference counter saturation mechanism present. I hope you enjoy it.
While working on a nday vulnerability research project, we stumbled upon a vulnerability in the core of the TCP subsystem of the Linux kernel. We reported it upstream, which was fixed in May of last year. This blog post shares how we came across it and our vulnerability analysis.
Timelines like this (from: osec.io/blog/2024-11-2…) are why companies use #grsecurity, where the ROP, DirtyPipe, msg_msg, modprobe_path, etc techniques are all long dead:
Full kernel read/write with CVE-2023-32434 using a deterministic exploit strategy (100% success rate)! arm64e is certainly not as easy, but for now all of arm64 should be doable with this strategy. Shoutout to @staturnzdev and @imnotclarity for lots of help and ideas.
code auditing for exploitable bugs is a lot of labor. building fuzzers to find exploitable bugs is a lot of labor. stop trying to find shortcuts. expect to put in a lot of time and sustained effort. can’t be frustrated when you haven’t put in the effort
Diving into Linux kernel security Alexander Popov @a13xp0p0v published his @h2hconference talk slides that describe how to get started with learning Linux kernel security and knowingly configure the security parameters of Linux-based systems a13xp0p0v.github.io/img/Alexander_…
I have posted the slides for the talk @chompie1337 and I gave this past weekend at @h2hconference -> The Kernel Hacker’s Guide to the Galaxy: Automating Exploit Engineering Workflows #H2HC github.com/FuzzySecurity/…
ITS EXPLOITS CLUB DAY 🗞️ @_0xTen with Linux 1-day carnage Lots of Windows internals (cc: @PetrBenes, @ExodusIntel, @wetw0rk_bot) Lessons in Android Bulletins from @vr_progress Indoor camera 5 bug chain + Jobs and MORE 👇 blog.exploits.club/exploits-club-…