-
This issue was originally reported in the EMBA area: https://github.com/e-m-b-a/emba/issues/193
This is a tall order but would be nice for the roadmap
In most cases. the discoveries for the CVE…
-
## 问题描述
执行runc-pwn模块,报出`cannot find RunC process inside container, exit.`之后,直接退出,没发生任何事就Finished。
在87行的if判断中直接return退出了函数,导致宿主机还没来得及执行exec命令,目标容器就已经退出了pid的监听。一开始宿主机创建容器时runc执行完就退出了,无法获取runc的pid。
…
-
The kernel must bzero every page that it gives to userspace, to prevent leaking data from a process to another.
Unfortunately this implies a lot of overhead. We should find a way to be smart about …
-
downloaded the suidguard packages but can't find the tar file mentioned in the discussion
where to look ?
-
! ANY INCOMPLETE REPORT WILL BE CLOSED RIGHT AWAY !
## Steps to Reproduce (for bugs)
1. Sudo python3 rsf.py
2. Use exploits/routers/linksys/eseries_themoon_rce
3. Set target 192.168.1.1
4. Run…
-
Breaking out of a container might not only be achieved by root processes or (ab)use cases of SETUID/SETGID, but through risky bind mounts of the host file system, too.
UID 0 might help with additiona…
-
This is item 4 in https://github.com/lkrg-org/lkrg/issues/215#issuecomment-1195744061 and alternative to #219:
Unfortunately, exploits can currently make us keep our `off` flag set for too long (ov…
-
## Summary
Brief explanation of the module.
### Basic example
Writeup: https://www.crowdstrike.com/blog/crowdstrike-discovers-new-container-exploit/
PoC (untested and unevaluated): https:/…
-
This is unrelated to this repository, but do you need help learning to code? I see you everywhere asking questions about these maven pastes and asking how to paste options from them when its so damn s…
ghost updated
3 years ago
-
Memory tagging is great, but as per my understanding, it doesn't protect against in-object overflows and ROP exploits.
ARM introduced some time ago the [PAC extension](https://learn.arm.com/learnin…