https://mohandacherir.github.io/Qdiv7/tags/exploitation/Recent content in Exploitation on Moe's VR blogHugoenMon, 20 Apr 2026 00:00:00 +0000https://mohandacherir.github.io/Qdiv7/posts/unix_new_gc/Sun, 19 Apr 2026 00:00:00 +0000https://mohandacherir.github.io/Qdiv7/posts/unix_new_gc/<h2 id="introduction">Introduction</h2> <p>The AF_UNIX garbage collector is an interesting piece of the kernel. It exists because sockets can be sent with SCM_RIGHTS but they can become unreachable from user-space while still being kept alive by the kernel, which is not memory efficient; in this situation, the garbage collector intervenes to free them. Not long ago, the subsystem was rewritten from scratch on top of a graph/Strongly-Connected-Components model; but it is still bug prone. This post walks the rewrite end-to-end, and discusses a Use-After-Free bug.</p>https://mohandacherir.github.io/Qdiv7/posts/n-day-exploit-cve-2024/Wed, 18 Mar 2026 00:00:00 +0000https://mohandacherir.github.io/Qdiv7/posts/n-day-exploit-cve-2024/<h2 id="introduction">Introduction</h2> <p><strong>io_uring</strong> has been a heavily targeted subsystem in the Linux kernel — at one point it constituted 60% of kCTF entries (<a href="https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html">source</a>). As with most newly introduced features, io_uring — since its introduction in 2019 — has been very bug-prone.</p>