Kernel: msg is still alive despite modern mitigations
A Linux 6.1 container escape exploiting msg_msg reallocation to achieve kernel ROP, task_struct traversal, and reliable host privilege escalation.
Feb 8, 2026
Heap to resolver: Composing Weak Heap Primitives
A realistic heap exploitation chain showing how weak, byte-wise corruption can break allocator invariants under modern glibc hardening.
Jan 30, 2026
ret2dso: Runtime Ret2dlresolve Under Full RELRO
ret2dso demonstrates that runtime symbol resolution remains exploitable under full RELRO through dynamic loader metadata corruption.
Jan 26, 2026