My new article: "Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel"⚡️ I tell a bug collision story and introduce my pet project kernel-hack-drill, which helped me to exploit the hard bug that received Pwnie Awards 2025 a13xp0p0v.github.io/2025/09/02/ker…

Solar Designer is on stage ! Linux kernel guard #nullconBerlin2025 #nullcon

🔐 Every hero has an origin story. #LKRG started as Openwall’s “most controversial project” — today it stands mature at 1.0 Join Solar Designer as he dives into its battles against rootkits, bugs, and bypasses, and explore its future role in kernel defense 👉nullcon.net/berlin-2025/sp…

Strengthening Linux Security With Kernel Runtime Guard 🎯 #Linux security remains a pressing concern as vulnerabilities continue to expose critical systems. Solar Designer, founder of Openwall, and senior principal security engineer at CIQ, said Linux Kernel Runtime Guard's, or

Alexander Peslyak (Solar Designer) sat down with Aseem Jakhar at Nullcon Berlin 2025 to discuss the latest release of Linux Kernel Runtime Guard (LKRG), which includes runtime exploit interception and integrity checks. Watch the full technical interview: inforisktoday.com/strengthening-…

We've just published the slides of Solar Designer's @Nullcon Berlin 2025 talk "Linux Kernel Runtime Guard (LKRG) 1.0" openwall.com/lists/announce… #LKRG #nullconBerlin2025 #nullcon

CVE-2023-51767: a bogus CVE in OpenSSH openwall.com/lists/oss-secu… based on paper "Mayhem: Targeted Corruption of Register and Stack Variables" by Adiletta, et al., and now (informally) disputed by OpenSSH upstream

I wrote my first and maybe only Substack post. This is a follow up to my Colwell post where I found a 2007 technical report by two Microsoft employees who interviewed folks from MS, AMD and Intel about the history of the transition, and I learned a lot! computerparkitecture.substack.com/p/the-long-mod…

🚨Binarly REsearchers revisit an already-patched Supermicro BMC bug and discover two new high-impact vulnerabilities that expose major gaps in software supply chains. CVE-2025-7937: bypassed “fix” for CVE-2024-10237. CVE-2025-6198: Supermicro RoT bypass. binarly.io/blog/broken-tr…

Pizlix: the world's first memory safe Linux distro. I'm writing the primordial README for it now and doing a final test that `./build.sh` actually works. The I'll commit it to the Fil-C repo

I'm thrilled to announce the 1st edition of [ret]2read! 🤩📧 This guide covers how to navigate Apple's open source code for security research. Stay tuned for my next newsletter on how to *use* this code alongside binary diffing! oliviagallucci.com/unlocking-maco… #macOS #InfoSec

Memory safe Linux demo

The "Linux kernel: eBPF vulnerabilities" summarized in August are now believed to have been made up openwall.com/lists/oss-secu… "none of the reported problems constitute security issues" and may not "be problems at all, or made sense at all" x.com/spendergrsec/s…

IMO these two attacks spell the beginning of the end for SGX, TDX and SEV-SNP in self-hosted contexts. These DRAM bus attacks were always the glaring hole in the threat model, and I expect DDR5 to fall soon as well. These attacks are explicitly written out of the threat model so

pagedout.institute ← we've just released Paged Out! zine Issue #7 pagedout.institute/download/Paged… ← direct link lulu.com/search?page=1&… ← prints for zine collectors pagedout.institute/download/Paged… ← issue wallpaper Enjoy! Please please please RT to spread the news - thank you!

Bash a newline: Exploiting SSH via ProxyCommand, again (CVE-2025-61984) dgl.cx/2025/10/bash-a…

Resource consumption weakness in Postgres-using applications & frameworks openwall.com/lists/oss-secu… API that allows users to search on a field stored in an integer column. The table is very big, so it has an index. What if I told you it might be trivial to force a sequential scan?

OpenSSH 10.1 released with CVE-2025-61984 fix openwall.com/lists/oss-secu… ProxyCommand is run through "exec %s". One may think that given it is "exec" that it's not possible to run another command after it, but bash will ignore the line if it fails for certain syntax errors.

I'm working on making it so that OpenSSH in Fil-C has zero security regressions versus OpenSSH in Yolo-C. This comes down to constant time crypto. What it's all about: to ensure that your crypto has no timing side channels, it's important for it to be written in assembly, not a

New by me. Remember *that* Defcon talk? I looked into what happened and asked experts how big the problem is with AI slop. Thanks Solar Designer mRr3b00t Dane Sherrets thestack.technology/defcon-ebpf-bu…