- Abusing a stack overflow on a RISC-V binary to then return to shellcode.
- Buffer overflow in AArch64
- Bypass pointer authentication to leak libc and get shell
- Overflow from
stdin stucture till
- Create fake
fastbin chunks to get overlapping chunk and leak.
__malloc_hook using fastbin attack.
- overflow the
char candle counter stored in the wax structure and trigger uaf.
- Use the uaf to trigger double free and get shell.
- Finding Picture-In-Picture application capability.
- Most recently viewed web activity in Picture-In-Picture application on the device.
- Finding the last modified timestamp of the file that maps names to IP’s accessed.
- Leak with Format String bug.
- Use the arbitrary heap pointer write to overwrite
- Inject shellode in heap and get code execution in
- Out-of bounds index write allows byte-by-byte overwrite of return address
- Carefully arranging structs on stack so as to overwrite saved rip , without corrupting the stack canary.
- Leak libc with puts and execute a ret2libc to get shell