All #Vulnerability Articles

The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction

Pumpkin

2025-06-26

Recently, Ubuntu introduced sandbox mechanisms to reduce the attack surface, and they seemed unbreakable. However, after carrying out in-depth research, we found that the implementation contained some issues, and bypassing it was not as difficult as expected. This post will explain how we began our research at the kernel level and discovered a bypass method. We will also share some interesting stories from the process.

OSEE Exam Uncovered: Cracking OSEE in Taipei

Terrynini

2025-05-27

EXP-401(OSEE), also known as Advanced Windows Exploitation (AWE), is considered OffSec's hardest certification. As of now, only about 100–200 people worldwide hold this certification, and the pass rate is around 10%.

WorstFit: Unveiling Hidden Transformers in Windows ANSI!

Orange Tsai

2025-01-09

The research unveils a new attack surface in Windows by exploiting Best-Fit, an internal charset conversion feature. Through our work, we successfully transformed this feature into several practical attacks, including Path Traversal, Argument Injection, and even RCE, affecting numerous well-known applications!

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!

Orange Tsai

2024-08-09

This article explores architectural issues within the Apache HTTP Server, highlighting several technical debts within Httpd, including 3 types of Confusion Attacks, 9 new vulnerabilities, 20 exploitation techniques, and over 30 case studies. The content includes, but is not limited to: 1. How a single ? can bypass Httpd's built-in access control and authentication. 2. How unsafe RewriteRules can escape the Web Root and access the entire filesystem. 3. How to leverage a piece of code from 1996 to transform an XSS into RCE.

Sandstorm Security Review

Shaolin

2018-01-26

In order to leverage the vulnerabilities, we put part of efforts into review of Sandstorm's source codes, and tried to escape the sandbox to impact the whole server...