Linux Security

Traditional disk storage leaves traces. memfd_create enables anonymous, volatile files that reside exclusively in RAM. Learn to implement this in x64 Assembly for low-footprint operations.

Exploit the Time-of-Check to Time-of-Use (TOCTOU) window in udisks2. This analysis covers Polkit bypass, XFS image crafting, and Race Condition triggers for LPE.

Stop analysts in their tracks. Learn how to leverage PTRACE_TRACEME and PR_SET_DUMPABLE syscalls to harden your agents against debuggers and memory acquisition.