Jenn
@zolutal.bsky.social
PhD Student at ASU | blog.zolutal.io
Captain of Shellphish | shellphish.net
she/her
Captain of Shellphish | shellphish.net
she/her
I solved my first ever v8 exploitation challenge this past weekend and did a little writeup on it:
blog.zolutal.io/securinets-s...
blog.zolutal.io/securinets-s...
Securinets Quals 2025: Sukunahikona (v8 Exploitation)
I played Securinets Quals this weekend with Shellphish; we ended up placing 7th, qualifying us for finals! When I logged on to play, all of the released pwn was already solved or close to solved by @v...
blog.zolutal.io
October 8, 2025 at 6:07 AM
I solved my first ever v8 exploitation challenge this past weekend and did a little writeup on it:
blog.zolutal.io/securinets-s...
blog.zolutal.io/securinets-s...
Reposted by Jenn
"Yes please walk the EPT in L1 for the L2 cr3 to get the L2 PML4 physical address in L1 so you can convert that to a virtual address in your VMM to read the L2 PML4E associated with an L2 virtual address" - Statements dreamed up by the utterly Deranged
October 3, 2025 at 8:03 AM
"Yes please walk the EPT in L1 for the L2 cr3 to get the L2 PML4 physical address in L1 so you can convert that to a virtual address in your VMM to read the L2 PML4E associated with an L2 virtual address" - Statements dreamed up by the utterly Deranged
Reposted by Jenn
I finally got around to blogging again!
This time its about the fun rabbit hole I went down last year of trying to improve Linux kernel ROP gadget discovery:
blog.zolutal.io/joys-of-kern...
This time its about the fun rabbit hole I went down last year of trying to improve Linux kernel ROP gadget discovery:
blog.zolutal.io/joys-of-kern...
The Joys of Linux Kernel ROP Gadget Scanning
Linux Kernel ROP gadget scanning is one of those things that seems easy in theory – just run ROPgadget --binary vmlinux on it! In practice, however, anyone who has used that method has likely had to s...
blog.zolutal.io
September 3, 2025 at 11:47 PM
I finally got around to blogging again!
This time its about the fun rabbit hole I went down last year of trying to improve Linux kernel ROP gadget discovery:
blog.zolutal.io/joys-of-kern...
This time its about the fun rabbit hole I went down last year of trying to improve Linux kernel ROP gadget discovery:
blog.zolutal.io/joys-of-kern...
My first paper is now up on the USENIX Security site :)
We evaluated the prevalence of x86_64/aarch64 system instructions in Linux kernel builds and their applicability to Control Flow Hijacking exploitation, identifying a FineIBT (Kernel CFI) bypass in the process!
www.usenix.org/conference/u...
We evaluated the prevalence of x86_64/aarch64 system instructions in Linux kernel builds and their applicability to Control Flow Hijacking exploitation, identifying a FineIBT (Kernel CFI) bypass in the process!
www.usenix.org/conference/u...
System Register Hijacking: Compromising Kernel Integrity By Turning System Registers Against the System | USENIXusenix_logo_notag_white
www.usenix.org
May 5, 2025 at 9:52 PM
My first paper is now up on the USENIX Security site :)
We evaluated the prevalence of x86_64/aarch64 system instructions in Linux kernel builds and their applicability to Control Flow Hijacking exploitation, identifying a FineIBT (Kernel CFI) bypass in the process!
www.usenix.org/conference/u...
We evaluated the prevalence of x86_64/aarch64 system instructions in Linux kernel builds and their applicability to Control Flow Hijacking exploitation, identifying a FineIBT (Kernel CFI) bypass in the process!
www.usenix.org/conference/u...