ResearchDrafts
UAF Container Escape: Kernel Heap Exploitation
End-to-end Linux kernel heap exploitation: from a use-after-free in a misc device driver to container escape, bypassing KASLR, SMEP, SMAP, and SLUB hardening.
retleave·Feb 9, 2026·16 min
ResearchDrafts
Composing Weak Heap Primitives
A realistic heap exploitation chain showing how weak, byte-wise corruption can break allocator invariants under modern glibc hardening.
Jan 30, 20267m
ResearchDrafts
ret2dso: Runtime Ret2dlresolve Under Full RELRO
ret2dso demonstrates that runtime symbol resolution remains exploitable under full RELRO through dynamic loader metadata corruption.
Jan 26, 20267m