null@nothing:/posts $

• DirtyPipe-CVE-2022-0847

  19 Oct 2025

  One of my friends, stdnoerr, wrote a blog about his N-day research on DirtyPipe (CVE-2022-0847). As a noob in kernel exploitation, I realized that I should be familiar with some Linux kernel internals to fully understand his blog. So I decided to explore those internals and write about my journey...

• Demystifying the User Authentication in Linux

  25 Dec 2024

  A Brief History In early Unix and Linux systems, user account information, including encrypted passwords, was stored in the /etc/passwd file. This file was readable by all users, which posed a significant security risk. Malicious users could potentially access the encrypted passwords and attempt to crack them offline. As security...