Pinned
My 10k-word writeup on exploiting a heap-overflow in Llama.cpp's RPC Server's Tensor-operation to RCE. This by far is one of the most challenging but fun exploitation I've ever researched on.
Ruikai Peng
191 posts
Ruikai Peng
@ruikai
- Interesting Gmail Prv-Esc Exploit you can exploit most organization that use @GoogleWorkspace, and won't be fixed indicated by Google. I found this unintentional when working on SMTP/ DMARC, and accidentally forged my head-of-school's gmail account, bypassed access-control, and
- My latest blog about my discovery for Evernote Client All-platform RCE via PDF.js font-injection to preload.js exposed ipcRenderer-BrokerBridge-boron.actions bypassing Electron's nodeIntegration | context-isolation; Enjoy reading! 0reg.dev/blog/evernote-…
- New writeup! This is a 6 Milion user note app XSS -> RCE in electron bypassing the nodeintegration I found about a month ago. If you don't know much about Electron & LaTex, that okay! I introduced detailed step-to-step analysis about How I find this RCE! 0reg.dev/blog/electron-…
- autogdb.io working with binaryninja on an single ASAN output, of a sophisticated framework.
00:00 - This is a blog about how I exploited Tenda Ac8's 0day remote overflow into RCE via mipsel ROPing with multi-regs. It includes experience that I learn from 2 weeks of gdb-multiarch-ing, mipsrop-ing, QEMU-ing, IDA-ing, ifconfig-ing from scratch to CVE. 0reg.dev/blog/tenda-ac8…
- These are 51 reports I submitted to Huntr last year (23-24), 28 RCEs, 11 LFIs, 34k words in total ruik.ai/reports
- We're building autonomous cpu-level security research agents
00:00 - My latest 0day exploit on @tendaoffcial 's Ac8v4 Router Mipsel-ROP Remote-Code Execution! I even need to control $t9 in this case!
00:00
