Himanshu Khokhar Jaat
@rwprimitive
Followers
22
Following
5
Media
0
Statuses
46
Vulnerability Researcher and Exploit Developer
127.0.0.1
Joined May 2023
The "Randomized slab caches for kmalloc()" patch was merged into mainline. With CONFIG_RANDOM_KMALLOC_CACHES=y, each kmalloc cache is split into 16. kmalloc uses a random one for each allocation based on the code location. Choices change every reboot. https://t.co/EoSYZxc8gI
1
34
110
CVE-2023-3390: UAF on Linux Netfilter nftables MFT_MSG_NEWRULE leads to LPE. We exploit this tiny 1-day vuln to pwn all targets of Google's kernelCTF for the first time in history. Nice and clear triple-kill 🥳
7
81
342
3
94
455
Will be delivering a 1 day workshop on Linux Kernel Exploitation as a way of giving it back to the community. It's free to attend and join.
We r extremely delighted to announce a premium content & advanced level training on Linux kernel exploitation by @rwprimitive . Details on below link: https://t.co/myfFoew3Bb This training is sponsored by @EnciphersLabs .Thank you @0ctac0der for supporting us. #infosec #cybersec
0
1
1
One of our elite researchers @sherl0ck__ wrote up some great work on Apple Safari: https://t.co/642ea6OZ7d
#vulnerability #Exploit #whitehat #CyberSecurity
blog.exodusintel.com
By Vignesh Rao Overview In this blog post, we describe a method to exploit an integer overflow in Apple WebKit due to a vulnerability resulting from incorrect range computations when optimizing...
1
54
170
Excellent blogpost by @Synacktiv on Android heap allocator jemalloc (version >= 5) https://t.co/3LmhPmCXrk
#infosec #exploit #android
0
59
186
PoC for CVE-2023-31248. This was used to exploit Ubuntu Desktop at Pwn2Own Vancouver 2023. https://t.co/lAnlhyHn5b
4
106
336
Nice blog post on exploiting VirtualBox on Windows (CVE-2023-21987 and CVE-2023-21991) https://t.co/E3vPy2raRR
#virtualbox #infosec
1
113
329
Type confusion in Safari browser (analysis of CVE-2022-42856) https://t.co/6NQT9xSz2v
#cybersecurity
0
35
110
UNCONTAINED: Uncovering Container Confusion in the Linux Kernel A paper by @JakobKoschel, @borrello_pietro, et al. about finding type confusion bugs in container_of invocations. Paper: https://t.co/EGWUE00Lup Overview:
vusec.net
Uncovering Container Confusion in the Linux Kernel TL;DR We present uncontained, a framework to detect type confusion bugs originating from incorrect downcasting operations in non-object-oriented...
0
11
50
Bare metal firmware reverse engineering Introduction series by @RagnarSecurity Part 1: https://t.co/is6MwpHQCy Part 2: https://t.co/T954DxOcbS Part 3: https://t.co/T954DxOcbS
#iot #embedded #reverseengineering #infosec #cybersecurity
3
116
313
Yet another Linux kernel exploitation write-up! CVE-2021-22555: Turning \x00\x00 into 10000$ https://t.co/Rwb26sGljK
34
413
1K
Great blog post for learning a bit more about Linux kernel internals Scheduling and context switch in ARM32 https://t.co/ScNcbuzh6W
#Linux #kernel #learning
2
119
409
VirtualBox internals and exploitation (CVE-2023-21987 and CVE-2023-21991) Credits @qriousec
https://t.co/E3vPy2raRR
#infosec #cybersecurity #cve #virtualbox
1
79
256
Fun fact: 5 years ago someone proposed a patch to QEMU so that it has a built-in WinDBG support. https://t.co/OiV3t6u6BC It was apparently rejected. However it can be found here, for those interested:
1
31
126
Introduction to embedded firmware emulation for security analysis using QEMU Great content by @olivier_boschko
https://t.co/mtHe1RRyjn
#qemu #emulation #iot #embedded #infosec
4
131
457
“io_uring vulnerabilities were used in ALL the submissions which bypassed our mitigations.” sounds about right https://t.co/40JCS7bf6L
security.googleblog.com
Tamás Koczka, Security Engineer In 2020 , we integrated kCTF into Google's Vulnerability Rewards Program (VRP) to support researchers evalu...
5
75
431
CVE-2023-2008 - Analyzing and exploiting a bug in the udmabuf driver by @dialluvioso_ and @esanfelix
0
51
128