We chose a vulnerability in glibc (CVE-2025-4802) to teach students registered in our binary exploitation training the importance of the libc, loader, dynamic linker, and the kernel in making the execution of a modern Linux binary possible.

Furthermore, it demonstrates how a small oversight in the static glibc code allowed arbitrary libraries to be loaded into privileged code. Do you know the crucial role of the auxiliary vector? Or the main differences between dynamically and statically compiled binaries?

Check out the blog post for a brief analysis of CVE-2025-4802.

https://allelesecurity.com/libc-vuln-analysis/

When times were simpler:

"text generator"

LLMs now do the busywork of finding amazing vulnerabilities for everyone willing to spend the tokens.

But hacking still isn't dead:

1. We haven't at all solved the underlying problems which come with writing and shipping code.

2. You still need to understand what you're looking at and what you are operating.

3. The LLM platforms themselves are a exquisite target for hacking^Wcreative use of the technology.

Now when everyone can pull a CVE or two out of thin silicon and a few kWh of electricity the art of hacking might need adopt and maybe reshape a little but at its core the mind- and skillset will stay as relevant as it always was.

In that sense: keep hacking, keep exploring, break some stuff.

Stealthy RCE on Hardened Linux: noexec + Userland Execution PoC https://hardenedlinux.org/blog/2026-04-13-stealthy-rce-on-hardened-linux-noexec--userland-execution-poc/

Blessed are the cheese makers

https://www.youtube.com/watch?v=NFPIGNua5WM

2 years ago I did a PoC to run #rust 🦀 in the #pixel modem

Today it shipped in millions of devices!

They grow up to fast! 🥲

https://security.googleblog.com/2026/04/bringing-rust-to-pixel-baseband.html

#rust #security #smartphone #baseband

If all you do in your tech career is:

1. When something is slow, you look carefully at the output of a profiler or a query plan & make measured suggestions about what to improve;

2. When something breaks badly, you gently but insistently ask what & why until you truly know, then the next time similar work is needed you bring up how to avoid doing what broke last time; and

3. When someone lacks info, you make them feel good for learning instead of bad for not knowing;

You will do good work.

😎 Zsolt Hegedűs, a likely candidate for Hungary’s health minister, really got the party going at the “Tisza” victory celebration 🇭🇺
#dance #politics #Hungary

Reverse-Engineering an Amazon Blink Gen 3 Camera

https://hackaday.com/2026/04/13/reverse-engineering-an-amazon-blink-gen-3-camera/

Code reviewing.

#Linux 7.0 is out:

https://lore.kernel.org/lkml/CAHk-=wj2WqpPBwpAXo8bj_Hx-NxKMRVTVMUaQis7+Vm6XLRZiw@mail.gmail.com/

For a list of new features, see:
* the LWN brief news entry – https://lwn.net/Articles/1067279/ (Screenshotted below)

* the LWN merge-window summaries – https://lwn.net/Articles/1057769/ and https://lwn.net/Articles/1058664/

* the KernelNewbies 7.0 page – https://kernelnewbies.org/Linux_7.0

And reminder: the jump from 6.19 to 7.0 does not mean anything apart from "Linus ran out of fingers and toes to count on."

#kernel #LinuxKernel

New post: Windows Early Boot Configuration: The CmControlVector and PspSystemMitigationOptions https://insinuator.net/2026/04/windows-early-boot-configuration-the-cmcontrolvector-and-pspsystemmitigationoptions/

Are you a student, just graduated or without a job? You can take Corelan Stack at an insane discount. Corelan Summercamp: https://www.corelan-training.com/index.php/summercamp #corelan #summercamp pls share

@fulelo more "ruszkik haza" ("russians go home") in the Budapest metro

#hungary #russia #eupol #elections #budapest #orban