- CVE-2019-18634: Linux sudo LPE exploit for a stack-based buffer overflow in
tgetpass.c - CVE-2020-28018: Linux Exim RCE exploit for a Use-After-Free in
tls-openssl.c - CVE-2020-9273: Linux ProFTPd RCE exploit for a Use-After-Free in pool allocator
- CVE-2021-3156: Linux LPE exploit for a heap-based buffer overflow in sudo
- CVE-2021-40444: Microsoft Windows RCE exploit for a MS Office bug chain
- CVE-2022-0185: Linux Kernel LPE exploit for an integer underflow in
fs_context.c - CVE-2022-2586: Linux Kernel LPE exploit for an nft_object Use-After-Free
- Exploiting sudo CVE-2021-3156: From heap-based overflow to LPE/EoP: Talk about the process and internals of the sudo heap-based overflow vulnerability and its exploitation paths.
- CVE-2020-28018: From Use-After-Free to Remote Code Execution: Talk on going through the internals and exploitation of a Use-After-Free vulnerability in Exim to achieve Remote Code Execution.
- Confronting CFI: Control-flow Hijacking in the Intel CET era for memory corruption exploit development: Talk on analyzing modern CFI mitigations and their impact on memory corruption exploits.
- Having fun with a Use-After-Free in ProFTPd (CVE-2020-9273): Blog post on exploiting a Use-After-Free in ProFTPd to achieve Remote Code Execution
- From theory to practice: analysis and PoC development for CVE-2020-28018 (Use-After-Free in Exim): Blog post analyzing a Use-After-Free vulnerability in Exim and the development of a RCE exploit
- CVE-2021-3156 – sudo heap-based overflow leading to privilege escalation (PoC development): Post about developing an exploit for a heap-based buffer overflow on sudo leading to LPE (CVE-2021-3156)
- CVE-2019-18634 OOB write – analysis and development of a working PoC: Post about the development of an exploit for a stack-based buffer overflow in sudo leading to LPE (CVE-2019-18634)
- Protcheck: Parse ELF executables to identify enabled memory mitigations