Hacker News with Generative AI: Exploitation

Magic Leap One Bootloader Exploit (github.com/EliseZeroTwo)
This repository contains a (messy) implementation of my research of exploiting the Magic Leap One.
Security, Hardware, Exploitation, Augmented Reality
70 points by mmastrac 44 days ago | 7 comments
HTTP/3 Stream Dependency Cycle Exploit (hackerone.com)
HTTP/3, Security, Exploitation, Web Development
8 points by Tomte 54 days ago | 1 comments
Linux Kernel Exploitation: Attack of the Vsock (hoefler.dev)
What started off as casual scrolling through the KernelCTF submissions quickly spiraled into a weeks-long deep dive into a deceptively simple patch - and my first root shell from a Linux kernel exploit!
Linux Kernel, Security, Exploitation, Programming
237 points by todsacerdoti 58 days ago | 86 comments
AutoGDB: exploit a binary while sipping coffee (autogdb.io)
AutoGDB's MCP works in a special way. It use a SaaS-ish way to establish client-server-client communication, in order for that to work, I did some reworking and tweaking on the original MCP SSE Protocols session pool (if you look closely, you can see the AutoGDB's MCP actually use SSE URL Paramter to connect). Which allows you to deploy AutoGDB in one GDB, and use it anywhere.
Security, Exploitation, Software, Tools
3 points by retr0reg 86 days ago | 1 comments
Exploiting exposed Portainer agent and using new SSH persistence (exatrack.com)
During an incident response for one of our clients, we stumbled upon a server compromised by the now relatively documented 1234 perfctl malware.
Cybersecurity, Exploitation, Server Security, Malware
3 points by benjiro 91 days ago | 1 comments
Heap-overflowing Llama.cpp to RCE (retr0.blog)
If you are an exploitation enthusiast, this write-up will be a perfect source of entertainment. I spent ~30h on exploiting the heap-overflow to remote-code execution. At the same time, I had already spent around 2 weeks prior researching/understanding Llama.cpp source regarding its very own RPC & Memory implementations. Since Llama.cpp has such a special heap-management system, special features of this system will fail the classic ptmalloc exploitations that we are familiar with.
Security, Programming, Exploitation
248 points by retr0reg 97 days ago | 54 comments
'So immoral': gig economy workers forced to pay fee to receive their wages (theguardian.com)
Retail assistants have accused a gig economy firm of “holding them to ransom” by making them pay a fee if they want to receive their wages within a month.
Gig Economy, Labor Rights, Exploitation, Wages, Technology
93 points by zfg 167 days ago | 101 comments
Mitigations are attack surface, too (2020) (blogspot.com)
This blog post discusses a bug leading to memory corruption in Samsung's Android kernel (specifically the kernel of the Galaxy A50, A505FN - I haven't looked at Samsung's kernels for other devices). I will describe the bug and how I wrote a (very unreliable) exploit for it.
Security, Android, Exploitation, Memory Corruption
9 points by tripdout 182 days ago | 0 comments
SELinux bypasses (klecko.github.io)
This post aims at giving an overview of what SELinux is, how it is implemented, and how to bypass it, from the point of view of Android kernel exploitation.
Security, Android, Exploitation, Kernel
185 points by voxadam 245 days ago | 56 comments
Exploit Released for New Windows Server "WinReg" NTLM Relay Attack (bleepingcomputer.com)
Proof-of-concept exploit code is now public for a vulnerability in Microsoft's Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the authentication process.
Security, Windows, Exploitation, Networking
6 points by sandwichsphinx 248 days ago | 0 comments
The Pig Butchering Invasion Has Begun (wired.com)
More than 200,000 people in Southeast Asia have been forced to run online scams in recent years, often being enslaved and brutalized, as part of criminal enterprises that have netted billions in stolen funds.
Cybercrime, Southeast Asia, Human Trafficking, Crime, Exploitation
13 points by sohkamyung 271 days ago | 1 comments
0.0.0.0 Day: Exploiting Localhost APIs from the Browser (oligo.security)
Security, Network Security, Exploitation
15 points by herpderperator 323 days ago | 1 comments
Creative workers deserve better than a choice as to who rips them off (pluralistic.net)
Creative Workers, Labor, Exploitation, Economics
111 points by dougb5 370 days ago | 121 comments
Microsoft's Recall is already exploited (github.com/Pennyw0rth)
Microsoft, Security, Software, Exploitation
27 points by tomrod 385 days ago | 26 comments
Abusing Go's Infrastructure (reverse.put.as)
Security, Exploitation
381 points by efge 398 days ago | 77 comments
PoC to demonstrate root permission hijacking by exploiting “systemd-run” (twitter.com)
Security, Linux, System Administration, Exploitation
31 points by mariuz 420 days ago | 19 comments
The hero tax: Why 'selfless' workers are professionally exploited (bbc.com)
Workforce, Exploitation, Economics
116 points by peutetre 439 days ago | 73 comments