Lightnews — Scholar-powered news

0xor0ne @0xor0ne.bsky.social · 2d

Excellent blog post on bypassing Ubuntu’s Unprivileged Namespace Restriction

u1f383.github.io/linux/2025/0...

#infosec

3 5

0xor0ne @0xor0ne.bsky.social · 3d

Short introduction to Windows heap exploitation

mrt4ntr4.github.io/Windows-Heap...

#infosec

Windows Heap Exploitation - From Heap Overflow to Arbitrary R/W

TLDR I was unable to find some good writeups/blogposts on Windows user mode heap exploitation which inspired me to write an introductory but practical post on Windows heap internals and exploitati

mrt4ntr4.github.io

5 12

0xor0ne @0xor0ne.bsky.social · 4d

Fault injection for secure boot bypass and secret extraction targeting RP2350

www.usenix.org/system/files...

#infosec

3 6

0xor0ne @0xor0ne.bsky.social · 8d

3-parts series on vulnerability research and exploitation of the SMB3 Linux Kernel Server (ksmbd)

Part 1: blog.doyensec.com/2025/01/07/k...
Part 2: blog.doyensec.com/2025/09/02/k...
Part 3: blog.doyensec.com/2025/10/08/k...

#infosec

2 7

0xor0ne @0xor0ne.bsky.social · 11d

Exploiting a libANGLE offset integer underflow read the Chrome WebGPU heap

qriousec.github.io/post/oob-angle

#infosec

1 2

0xor0ne @0xor0ne.bsky.social · 12d

Worldline Yomani XR payment terminal reverse-engineering and security analysis

stefan-gloor.ch/yomani-hack

#embedded #infosec

1 1 12

0xor0ne @0xor0ne.bsky.social · 13d

Exploiting vulnerabilities in Supermicro BMC (CVE-2025-7937 and CVE-2025-6198)

www.binarly.io/blog/broken-...

Credits Anton Ivanov

#infosec

3

0xor0ne @0xor0ne.bsky.social · 14d

Breaking Server SGX via DRAM Bus Interposition

wiretap.fail

#infosec

WireTap: Breaking Server SGX via DRAM Bus Interposition

Breaking Server SGX via DRAM Bus Interposition

wiretap.fail

3

0xor0ne @0xor0ne.bsky.social · 22d

Analysis of GrapheneOS hardened malloc libc allocator

www.synacktiv.com/en/publicati...

Credits Nicolas Stefanski

#infosec

1 10

0xor0ne @0xor0ne.bsky.social · 29d

Flipping the R/W bit in the page table entry of a mapped file to gain write access

ptr-yudai.hatenablog.com/entry/2025/0...

#Linux #infosec

4 8

0xor0ne @0xor0ne.bsky.social · Sep 14

Exploiting CVE-2024-50264, a Linux kernel UAF vulnerability due to a race condition in AF_VSOC sockets

a13xp0p0v.github.io/2025/09/02/k...

#infosec #Linux

1 7

0xor0ne @0xor0ne.bsky.social · Sep 12

Reliable Linux system call interception

blog.mggross.com/intercepting...

#cybersecurity #Linux

1 8

0xor0ne @0xor0ne.bsky.social · Sep 8

Devirtualizing VMProtect and Themida

nac-l.github.io/2025/01/25/l...

#infosec #reverseengineering

Lifting Binaries, Part 0: Devirtualizing VMProtect and Themida: It’s Just Flattening?

Table Of Contents

nac-l.github.io

1 3

0xor0ne @0xor0ne.bsky.social · Sep 6

Practical guide to fuzzing the Binder kernel driver using the Linux Kernel Library (LKL)

androidoffsec.withgoogle.com/posts/binder...

Credits Eugene Rodionov, Gulshan Singh and Zi Fan Tan

#infosec #android

1 1 5

0xor0ne @0xor0ne.bsky.social · Aug 30

Reverse engineering and decryption of Synology encrypted archives

www.synacktiv.com/en/publicati...

Credits Théo Fauché

#infosec

1 7

0xor0ne @0xor0ne.bsky.social · Aug 29

Two parts series on hacking the Xbox 360 hypervisor

Part 1: icode4.coffee?p=1047
Part 2: icode4.coffee?p=1081

#infosec #xbox

Hacking the Xbox 360 Hypervisor Part 1: System Overview

Diving into the heart of the Xbox 360 security system: the hypervisor. How does it work? Why is it so secure? Find out the answers to these questions and more as I cover the architecture of the Xbox 3...

icode4.coffee

1 8 19

0xor0ne @0xor0ne.bsky.social · Aug 17

Exploiting an array-Out-Of-Bounds vulnerability in the Linux network packet scheduler (CVE-2025-37752)

syst3mfailure.io/two-bytes-of...

#infosec #Linux

[CVE-2025-37752] Two Bytes Of Madness: Pwning The Linux Kernel With A 0x0000 Written 262636 Bytes Out-Of-Bounds

CVE-2025-37752 is an Array-Out-Of-Bounds vulnerability in the Linux network packet scheduler, specifically in the SFQ queuing discipline. An invalid SFQ limit and a series of interactions between SFQ ...

syst3mfailure.io

5 19

0xor0ne @0xor0ne.bsky.social · Aug 16

Exploiting Linux kernel from Chrome renderer with MSG_OOB (Google Project Zero)

googleprojectzero.blogspot.com/2025/08/from...

#infosec #chrome

From Chrome renderer code exec to kernel with MSG_OOB

Posted by Jann Horn, Google Project Zero Introduction In early June, I was reviewing a new Linux kernel feature when I learned about the...

googleprojectzero.blogspot.com

3 5

0xor0ne @0xor0ne.bsky.social · Aug 15

Security analysis of Sonoff Smart Home IoT devices (CVE-2024-7205 and CVE-2024-7206)

jerinsunny.github.io/blogs/iotsec...

Credits Jerin Sunny and Shakir Zari

#iot #infosec

Hacking Sonoff Smart Home IoT Device

CVE-2024-7206: Firmware extraction and Hardware SSL Pinning Bypass

jerinsunny.github.io

4

0xor0ne @0xor0ne.bsky.social · Aug 7

Porting a Mali GPU exploit to Pixel 6 Pro (CVE-2023-48409)

starlabs.sg/blog/2025/06...

#cybersecurity #mobile

2 4

0xor0ne @0xor0ne.bsky.social · Aug 2

"Challenges and Pitfalls while Emulating Six Current Icelandic Household Routers"

Evaluation of different tools for routers firmware emulation
(FACT, QEMU, EMUX, Qiling, Firmadyne, FAT, FirmAE, Pandawan, and EMBA)

skemman.is/bitstream/19...

#cybersecurity #embedded

3 10

0xor0ne @0xor0ne.bsky.social · Aug 1

GDB over a serial connection for debugging the kernel on a Pixel 8

xairy.io/articles/pix...

#infosec

1 5

0xor0ne @0xor0ne.bsky.social · Jul 29

FiberGateway GR241AG: root code execution through public wifi network

r0ny.net/FiberGateway...

#infosec #embedded

2 5

0xor0ne @0xor0ne.bsky.social · Jul 26

Root access on the TP-Link Tapo C200 Rev.5

quentinkaiser.be/security/202...

#infosec #embedded

Rooting the TP-Link Tapo C200 Rev.5

Let’s explore ways to mod a Tapo C200 Rev.5 firmware in order to gain root access to a running device.

quentinkaiser.be

1 7

0xor0ne @0xor0ne.bsky.social · Jul 18

FiberGateway GR241AG home router: exploitation chain

r0ny.net/FiberGateway...

#infosec #embedded

2 2