new linux exploit is absolutely insane

preview_player
Показать описание
The new privilege escalation against the Linux is absolutely wild. In this video we talk about what a privesc is, how they typically work, and why the techniques used in this one are so wild

🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒

🔥🔥🔥 SOCIALS 🔥🔥🔥
  1. Low Level
  2. apple
  3. apple m1
  4. m1 bug
  5. cpu bug
  6. hackers
Рекомендации по теме
new linux exploit 0:08:29

new linux exploit is absolutely insane

this SSH exploit 0:11:59

this SSH exploit is absolutely wild

Demonstrating the New 0:35:12

Demonstrating the New Linux Exploit (9.9 CVSS)

A Recent Linux 0:19:17

A Recent Linux Exploit That You MUST Know

Gain access to 0:06:57

Gain access to any Linux system with this exploit

rsmurf6 – Smurf 0:00:18

rsmurf6 – Smurf Attack a Target Completely Flooding the LAN / IPv6 Exploit [Kali Linux]

'Dirty Pipe' Is 0:07:23

'Dirty Pipe' Is The Worst Linux Exploit In Years

This Linux Exploit 0:05:33

This Linux Exploit Allows ANYONE to get ROOT ACCESS

0.0.0.0 Day: An 0:15:35

0.0.0.0 Day: An 18 Year Long Web Browser Exploit

Kali Linux Tool 0:02:15

Kali Linux Tool - Linux Exploit Suggester

This easy exploit 0:06:25

This easy exploit gives root access and it's been in these distros for 7 years! 💀

Hacking Linux with 0:00:56

Hacking Linux with These Simple Commands Pt:1

Kernel Root Exploit 0:15:23

Kernel Root Exploit via a ptrace() and execve() Race Condition

Linux 6.12, Arch 0:19:47

Linux 6.12, Arch Linux, Blender 4.3, Security Flaw Found & more Linux news

How to Run 0:06:24

How to Run a Directory Traversal Exploit When Traversal Sequences Are Blocked.....

Security News - 0:06:14

Security News - Dirty COW Serious Linux Exploit

OffensiveCon23 - Alex 0:58:34

OffensiveCon23 - Alex Plaskett & Cedric Halbronn - Exploit Engineering – Attacking the Linux Ker...

Replace Your Exploit-Ridden 0:38:03

Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google

Four Bytes of 0:34:05

Four Bytes of Power: Exploiting CVE-2021-26708 in the Linux Kernel

Privilege Escalation Techniques 0:19:06

Privilege Escalation Techniques | 10. Linux Kernel Exploits

Exploiting Linux and 0:58:28

Exploiting Linux and Pax ASLR's Weaknesses on 32-Bit and 64-Bit Systems

Return to Sender 0:23:45

Return to Sender - Detecting Kernel Exploits with eBPF

A New CVE-2015-0057 0:51:35

A New CVE-2015-0057 Exploit Technology

Capturing 0Day Exploits 0:48:09

Capturing 0Day Exploits With Perfectly Placed Hardware Traps

Комментарии
Автор

It was discovered in January, 2024. And has been patched already. All the rolling distributions would have the patch already installed. Ubuntu has already issued the patch back in Jan.

PS_Tube
Автор

If you're wondering which kernel versions are vulnerable, here's what I found: The exploit affects kernel versions from (including) v5.14 to (including) v6.6, excluding patched branches v5.15.149>, v6.1.76>, v6.6.15>.

WansVids
Автор

The most shocking part of this video was that 2016 was 8 years ago.

Swampdragon
Автор

I just read this entire write up yesterday, and I was blown away with the thoroughness and complexity of the research. And, it was only found because the author found a bug while trying to do some work. Most people just find another way, this guy found a wild exploit. Very impressive. Cheers to notselwyn

jimdiroffii
Автор

me, a plucky wizards apprentice resetting user passwords and setting up accounts, watching a YouTube video about dark sorcerers unraveling death itself and warping space and time

XerrolAvengerII
Автор

What I like about Linux is that when a vulnerability like this is found, the community comes together and fixes it asap.

stopcensoringmen
Автор

Hi, this was a slightly unleveled video: It was basic in the beginning with you explaining what the kernel does and about syscalls, and then you explained the whole exploit in less time than that, which was too advanced. I know what the kernel is and that by interfacing with the kernel you are asking the kernel to do stuff. I also understand double-freeing and use after free, but socket buffer freelist/all those page descriptors/modprobe was explained in less than 2 minutes
If you spent maybe 2 mins explaining the kernel and syscall basics part and 4-5 mins on the actual exploit, it would have more sense
Thanks!

pu
Автор

We’re making it out of the userspace with this one boys

demonman
Автор

It was fixed almost immediately. That is a strong advantage of Open Source in contrast to big corp coverups

clintonreisig
Автор

Time to finally root the Oculus Quest 2

incogninto-
Автор

Running in kernel is worse than running as root.

kayakMike
Автор

I'm learning that the safest way to store your secure data is on a piece of paper

RobertHyrkiel
Автор

Great that you used one of the Tuxlets in your video, that I made with my son years ago. 👍

petermathijssen
Автор

The poor guy that was tasked to educate me about Linux wasn't allowed to use an updated Linux for education... he had to stick to one (old) version of RedHat, because that's what the book used...

It took me 1 Google, 3 potential exploits and 15 minutes to become root of that educational Linux server. (Okay, I was familiar with Linux before they tried to educate me).

I just made an extra root account, which was allowed to login via ssh. Could have locked out everyone else... but I was just making a point about using outdated software for education.

Netfilter is quite a problem if it can elevate privileges. But at the same time kinda predictable... I'm happy that it's been found, so next iteration will be safer. Worst is how easy it can be used.

BenjaminVestergaard
Автор

Really enjoyed this kind of video from you! Admittedly, some of the exploit explanation went over my head and I'll need to do some further research on my end. You might have yourself a little niche here of in-depth explanations of vulnerabilities in an ELI5 manner if you want it. I'd love to see more videos like this with other well-known or new vulnerabilities.

Catalyst
Автор

I am looking at the proprietary Linux devices at home and at work and just... curiously tapping my chin.
This ought to be interesting (:

IngwiePhoenix_nb
Автор

Bugs never went away, but recently, it feels like bugs just did 20 years in prison, and they've been released on parole.

hawkbirdtree
Автор

the amount of grinding through kernel code and memory dumps that must have been put to develop this exploit is beyond my comprehension... now if i add to this that merely obtaining a kernel memory dump is way more complicated than in case of a user space results in me getting a headache just thinking about it ;-]

morgwai
Автор

This works a bit like a digital Rube Goldberg machine.

nunyobiznez
Автор

Relatively new here - background is in mechanical engineering but I would really like to learn embedded software development ( for myself and for my job). Really enjoy these types of videos. I will say I always write some of the acronyms from these videos down on stickies to look up later, given my lack of knowledge of the inner workings of computers. TIL what a TLB is. Anyways, looking forward to any and all videos 👍🏼

oscarmendez