On the Unparalleled blog you will find in-depth information
on projects and topics that we are currently working on.
Using the "ntfs-3g" SUID help function to enlarge the attack surface,
work through the heap and escalate privileges in the end.
Expose the complete internal storage via USB using a small program
and let the Android kernel do all the work.
XTerm control sequences may pick up overlong color names and submit them via libX11 unsanitized disabling X server authentication completely.
How the broken NO_ROOT_MAILER affected exploit complexity.
Using blocking IO on pipes, terminals to block victim processes
and hence easily win the file system related races.
Reproducing the sudo heap overflow a.k.a. "Baron Samedit" (CVE-2021-3156)
by Qualys and finding something different.