At TsukuCTF 2025, I created three kernel pwn challenges. It was my first time creating CTF challenges, but I learned a lot through the process. While creating the challenges, I focused on removing ...

In this post, I will explain PageJack, a universal and data-only exploitation technique that turns an off-by-one bug into a page UAF. Download the handouts beforehand. Analysis The vulnerable LKM ...

In this post, I will explain USMA, a universal and data-only exploitation technique that allows us to patch kernel code from user space. Download the handouts beforehand. Analysis The vulnerable L...

In this post, I will explain Dirty Pipe, a universal and data-only exploitation technique that allows us to arbitrarily overwrite read-only files. Download the handouts beforehand. Analysis The vu...

In this post, I will explain DirtyCred, a universal and data-only exploitation technique that allows us to escalate privileges without a write primitive. Download the handouts beforehand. Analysis...

In this post, I will explain Dirty PageTable, a universal and data-only exploitation technique that allows us to gain arbitrary read and write access to the entire physical memory. Download the han...

In this post, I will explain cross-cache attack, a fundamental technique for advanced Linux kernel exploitation. Understanding this technique is important to understand other exploitation technique...

In this post, I will explain how to build and debug the Linux kernel. Since the kernel and file image will be provided, it is not strictly necessary to follow the content of this article in ord...