Mastodawn

sam4k May 8, 2025

with offensivecon around the corner, i figured id write another post on linux kernel exploitation techniques - this time i cover the world of page table exploitation! enjoy 🤓

https://sam4k.com/page-table-kernel-exploitation/

Kernel Exploitation Techniques: Turning The (Page) Tables

This post explores attacking page tables as a Linux kernel exploitation technique for gaining powerful read/write primitives.

sam4k

sam4k Dec 16, 2024

it's been a while, but here's a new post in my linternals series where i attempt to introduce the linux kernel's memory management subsystem 🐧

https://sam4k.com/linternals-exploring-the-mm-subsystem-part-1/

Linternals: Exploring The mm Subsystem via mmap [0x01]

In this series we'll explore the Linux kernel's memory management subsystem, using a simple userspace program as our starting point.

sam4k

sam4k Jul 5, 2024

Linux Kernel Security Jul 5, 2024

ZDI-24-821: A Remote UAF in The Kernel's net/tipc

An article by @sam4k describing a slab use-after-free in the TIPC networking stack that can be triggered by both local and remote attackers.

https://sam4k.com/zdi-24-821-a-remote-use-after-free-in-the-kernels-net-tipc/

ZDI-24-821: A Remote UAF in The Kernel's net/tipc

In this post I discuss a vulnerability which allows a local, or remote attacker, to trigger a use-after-free in the TIPC networking stack on affected installations of the Linux kernel.

sam4k

sam4k Jul 4, 2024

here's the write-up for the net/tipc vuln i found while working on my talk 🙌

https://sam4k.com/zdi-24-821-a-remote-use-after-free-in-the-kernels-net-tipc/

ZDI-24-821: A Remote UAF in The Kernel's net/tipc

In this post I discuss a vulnerability which allows a local, or remote attacker, to trigger a use-after-free in the TIPC networking stack on affected installations of the Linux kernel.

sam4k

sam4k Jul 4, 2024

i keep forgetting to post here, but here are my slides from a recent talk i did on how to find bugs in the linux kernel 🤓

https://github.com/sam4k/talk-slides/blob/main/so_you_wanna_find_bugs_in_the_linux_kernel.pdf

talk-slides/so_you_wanna_find_bugs_in_the_linux_kernel.pdf at main · sam4k/talk-slides

Contribute to sam4k/talk-slides development by creating an account on GitHub.

GitHub

sam4k Jul 5, 2023

psomas Jul 5, 2023

Apparently, there's a new Linux privilege escalation exploit, StackRot, triggered by a use-after-free-by-RCU maple tree bug.
https://seclists.org/oss-sec/2023/q3/4 #linux #infosec

sam4k Apr 18, 2023

Quentin Minster Picavet Apr 13, 2023

Looks like I'll be presenting our work on KSMBD at OffensiveCon next month! 🥹

https://www.offensivecon.org/speakers/2023/guillaume-teissier-and-quentin-minster.html

https://twitter.com/offensive_con/status/1646461589908869120

Guillaume Teissier and Quentin Minster | OffensiveCon

sam4k Apr 18, 2023

Super excited to have the opportunity to speak at #TyphoonCon23 this year, thanks for having me! 🐧

sam4k Apr 18, 2023

chompie Mar 27, 2023

Now have a dedicated place to find all my blog posts past and present: http://chompie.rip! If you come across a dead link for a blog post of mine, you can find it there

chompie at the bits

sam4k Feb 9, 2023

here's a post exploring security fixes in the linux kernel with the help of a small tool i wrote 🐧

https://sam4k.com/analysing-linux-kernel-commits/

Analysing Linux Kernel Commits

Tag along as I talk about a half finished project, looking at analysing Linux kernel commits for interesting security fixes.

sam4k

Blog	https://sam4k.com
Twitter	https://twitter.com/sam4k1