tl;dr
- Abusing a stack overflow on a RISC-V binary to then return to shellcode.
tl;dr
- Buffer overflow in AArch64
- Bypass pointer authentication to leak libc and get shell
tl;dr
- Overflow from
stdinstucture tillmain_arena. - Create fake
fastbinchunks to get overlapping chunk and leak. - Overwrite
__malloc_hookusing fastbin attack.
tl;dr
- overflow the
charcandle counter stored in the wax structure and trigger uaf. - Use the uaf to trigger double free and get shell.
tl;dr
- Finding Picture-In-Picture application capability.
- Most recently viewed web activity in Picture-In-Picture application on the device.
tl;dr
- Finding the last modified timestamp of the file that maps names to IP’s accessed.
tl;dr
- Leak with Format String bug.
- Use the arbitrary heap pointer write to overwrite
__GI__IO_file_jumps. - Inject shellode in heap and get code execution in
dfprintf.
tl;dr
- Out-of bounds index write allows byte-by-byte overwrite of return address
tl;dr
- Carefully arranging structs on stack so as to overwrite saved rip , without corrupting the stack canary.
- Leak libc with puts and execute a ret2libc to get shell