Dirty Pagetable 学习 & 例题Reference:https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html
https://ptr-yudai...
Cross Cache AttackReference:
VERITAS501师傅 –> Cross Cache Attack
CVE-2022-29582 –> an io_uring vulnerability
kfree 调用链...
Beautiful_Girl 溢出一字节为 ‘\x00’,将栈抬高,有概率返回到 ogg,爆破即可,成功率比较高
1234567891011121314151617181920212223242526272829303132333435363738...
CorCTF2021-fire_of_salvagtion参考链接:https://bsauce.github.io/2021/09/05/msg_msg/
知识点:FG-KASLR 、msg_msg_abr&abw、task_struct...
balsn2019-krazynote参考链接:https://www.jianshu.com/p/a70a358ec02c
这题主要感觉逆向起来比较恶心,在逆明白之后通过条件竞争还是蛮简单的
静态分析主要实现了四个功能:分别为 new,updat...
UAF & ret2usr参考链接:
https://blog.csdn.net/kingbaby20lin/article/details/47100989
https://ctf-wiki.org/en/pwn/linux/kerne...
ret2dir & physmap spray介绍 ret2dir 用来绕过 smep、smap、pxn 等用户空间与内核空间隔离的防护手段。
论文链接:http://www.cs.columbia.edu/~vpk/papers/re...
Welcome to Hexo ! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, ...
