Yet another blog by a security enthusiast !
List of Vulnerabilities
Friday, January 18, 2019
VirtualBox TFTP server vulnerabilities
In my previous blog post I wrote about VirtualBox DHCP bugs which can be triggered from an unprivileged guest user, in the default config...
Wednesday, November 21, 2018
VirtualBox NAT DHCP/BOOTP server vulnerabilities
Continuing from my previous blog posts, this is another old set of VirtualBox bugs which can lead to VM escape. VirtualBox guest in NAT m...
Sunday, November 11, 2018
VirtualBox VMSVGA VM Escape
VirtualBox emulates VMware virtual SVGA device whose interface details and programming model is available publicly . Moreover, the pap...
Tuesday, August 28, 2018
From Compiler Optimization to Code Execution - VirtualBox VM Escape - CVE-2018-2844
Oracle fixed some of the issues I reported in VirtualBox during the Oracle Critical Patch Update - April 2018. CVE-2018-2844 was an inter...
Saturday, August 11, 2018
Real World CTF - kid_vm
kid_vm is a KVM API based challenge. The provided user space binary uses KVM ioctl calls to setup guest and execute guest code in 16-bit...
Sunday, July 2, 2017
Google CTF – Pwnables - Inst Prof
Summary of Exploitation: Leak CPU Time Stamp Counter (TSC) Predict TSC values Leak ELF base address using predicted TSC values Re...
Tuesday, April 19, 2016
Plaid CTF 2016 - Fixedpoint
The binary simply reads integers from user, performs floating point operations on it and stores it in a mmap'ed region with RW...
View web version