privilege escalation
18 posts
User namespaces are still a root pipe
Dirty Frag is a Linux kernel UAF in IP fragment reassembly reachable via unprivileged user namespaces. CVSS 7.8. Mechanism, telemetry gaps, patch boundary.
Your patched kernel is still vulnerable
Dirty Frag - CVE-2026-31337, CVSS 7.8 - is a UAF in the Linux kernel's IPv4 fragment reassembly path. Container-to-host root on every major distro.
GTFOBins catalogues privilege misconfiguration
GTFOBins documents a structural property of Unix privilege: grants bind to binaries, not operations, and the gap is the escalation surface.
RedSun turned Defender into a write primitive
RedSun turned Windows Defender's remediation path into a SYSTEM-level write primitive. The mechanism, the class, and what it exposes.
Unknown party drops funnyapp.exe Windows zeroday
A zeroday privilege escalation binary named funnyapp.exe exposes the Windows default trust model. What failed, what it exposes, what must change.
Copy.fail has been root since 2017
Copy.fail turns an unprivileged Linux user into root via a copy_file_range credential cache flaw. Reachable since 2017. Telemetry gaps explained.