An exploration of the Linux XFRM subsystem, including patch analysis and vulnerability insights for CVE-2025-39965 (recently submitted as a kernelCTF entry).

Summary Check Point Research (CPR) identified a security vulnerability in January 2025 affecting the new Rust-based kernel component of the Graphics Device Interface (commonly known as GDI) in Windows. We promptly reported this issue to Microsoft and they…

Last week, I participated in corCTF as part of team Billy (simply because my friend Billy (@st424204) was also playing it in his free time) and solved an Android pwn challenge, corphone. Although I had some prior research experience with Android, this was…

We all love security, right? And when we trust a security component to safeguard our most valuable assets, such as passwords, key material and biometrics, we want to believe they're doing a good job at it. But what happens when this assumption is flawed,…

Affected Versions Vendor Response The vendor has released an updated kernel on the 18th of September Credit The vulnerability was disclosed during our TyphoonPWN 2025 Linux category and won first place. Vulnerability Details The vulnerability is caused by…

IntroductionI’ve recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…...

By Michele Campa Overview In this blog post we take a look at a race condition we found in Microsoft Windows Cloud Minifilter (i.e. cldflt.sys ) in March 2024. This vulnerability was patched in October 2025 and assigned CVE-2025-55680 . The vulnerability…

A deep-dive technical analysis of CVE-2025-50168, a Windows kernel vulnerability (Type Confusion in DirectComposition) presented at Pwn2Own Berlin 2025. This post details how a 4-byte OOB write is escalated into an AAR/AAW primitive using IoRing to achieve…

This blog post will analyse the exploitability of the temporal safety vulnerabilities in Nginx AIxCC.
AIxCC is a DARPA competition to find vulnerabilities in codebases using AI. The competitors are not looking for 0-days but rather intentionally added vulnerabilities…

Unveiling the Mysteries of Qualcomm's QDSP6 JTAG: A Journey into Advanced Theoretical Reverse Engineering

This talk invites you on an exploration of advanced reverse engineering techniques applied to sophisticated proprietary hardware. Rather than focusing…

Good morning! In this blog I would like to delve into hardware hacking and start expanding my learning.

Showcasing a vulnerability in Windows that causes the Spooler service to crash remotely.

Motivation A couple of years ago, I picked up a few of Samsung S23’s at Pwn2Own.

Recently, I came across this kernelCTF submission where the author mentions a novel technique for extending race windows in the Linux kernel: I learned…

Stealth died 😢 A member of Team-Teso, Phrack staff, and many other groups. A true hacker—perhaps as true as a hacker can ever be. WE MISS YOU. 🩷

More: https://t.co/Jx0JYfrjnG

<stealth> we had joy we had fun we had a rootshell on a sun.

While high entropy ASLR is supposed to prevent ASLR bypasses, ROP can be used to provide a bypass of ASLR. We will explore how - given an existing way to utilize ROP on a 64-bit application, ROP can be used to bypass ASLR for system DLLs, thus expanding the…

Analyzed and wrote PoC for CVE-2022-0847 aka DirtyPipe