- CVE-2019-18634: Linux sudo LPE exploit for a stack-based buffer overflow in
tgetpass.c - CVE-2020-28018: Linux Exim RCE exploit for a Use-After-Free in
tls-openssl.c - CVE-2020-9273: Linux ProFTPd RCE exploit for a Use-After-Free in pool allocator
- CVE-2021-3156: Linux LPE exploit for a heap-based buffer overflow in sudo
- CVE-2021-40444: Microsoft Windows RCE exploit for a MS Office bug chain
- CVE-2022-0185: Linux Kernel LPE exploit for an integer underflow in
fs_context.c
- Exploiting sudo CVE-2021-3156: From heap-based overflow to LPE/EoP: Talk about the process and internals of the sudo heap-based overflow vulnerability and its exploitation paths.
- CVE-2020-28018: From Use-After-Free to Remote Code Execution: Talk on going through the internals and exploitation of a Use-After-Free vulnerability in Exim to achieve Remote Code Execution.
- Confronting CFI: Control-flow Hijacking in the Intel CET era for memory corruption exploit development: Talk on analyzing modern CFI mitigations and their impact on memory corruption exploits.
- Protcheck: Parse ELF executables to identify enabled memory mitigations