On the Unparalleled blog you will find in-depth information on projects and topics that we are currently working on.

By Date

20210518 Using Xterm to Navigate the Huge Color Space:

XTerm control sequences may pick up overlong color names and submit them via libX11 unsanitized disabling X server authentication completely.

20210215 A Love Letter to the Baron: Broken NO_ROOT_MAILER Eases Exploitation

How the broken NO_ROOT_MAILER affected exploit complexity.

20210208 Rigged Race Against Firejail for Local Root:

Using blocking IO on pipes, terminals to block victim processes and hence easily win the file system related races.

20210128 A Love Letter to the Baron: on Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156):

Reproducing the sudo heap overflow a.k.a. "Baron Samedit" (CVE-2021-3156) by Qualys and finding something different.