bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

virtio-note - bi0sCTF 2024

k1R4
2024-02-28
Pwn

tl;dr

  • The patch adds a vulnerable virtio device
  • The device accesses pointers without bound check
  • Abuse OOB pointer access to setup arb r/w primitive
  • Craft open,read,write ropchain on heap
  • Overwrite virtqueue handler with stack pivoting gadget
Read More
bi0sCTF Exploitation QEMU VM-Escape

QEMU VM Escape

night_f0x
2019-08-13
Pwn / VM-Escape

tl;dr

This post will describe how I exploited CVE-2019-14378, which is a pointer miscalculation in network backend of QEMU. The bug is triggered when large IPv4 fragmented packets are reassembled for processing. It was found by code auditing.

Read More
Exploitation VM-Escape CVE-Writeups

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.