retleave
Independent security researcher
I focus on Linux exploitation primitives — the invariants, trust boundaries, and implicit assumptions that underpin modern systems security. My research targets the gap between what mitigations are designed to prevent and what remains possible in practice.
Current areas of work include dynamic loader internals (ret2dso, runtime resolution abuse under Full RELRO), heap allocator composition (cross-subsystem primitive chaining from tcache to ld.so), and kernel heap exploitation (UAF object reclaim, SLUB cookie recovery, container escape via task traversal).
Everything published here is original research with full source code and reproducible environments. The objective is mechanism isolation — understanding why something works, not just that it does.
Research
ret2dso: Runtime Ret2dlresolve Under Full RELRO
Arbitrary code execution via dynamic loader metadata corruption, without PLT, GOT, or address disclosure.
Composing Weak Heap Primitives
End-to-end exploitation chain from constrained heap OOB to Full RELRO bypass via cross-subsystem composition.
UAF Container Escape: Kernel Heap Exploitation
Local privilege escalation and container escape via msg_msg reclaim, SLUB cookie recovery, and kernel ROP.
Links
This site is a static-first SSR application built with React and Express, serving content from SQLite. No tracking beyond minimal analytics. All research is published for defensive and educational purposes.