• Posts
CVE-2024-21626
• Exploring Hidden Vulnerabilities in Legacy Docker Versions
• Playing with CVE-2024-21626
Reverse Engineering
• Playing with Unicorn framework [1]

Exploring Hidden Vulnerabilities in Legacy Docker Versions: Lessons from CVE-2024–21626

The content of this article is for educational and research use only. The information provided must not be implemented in a real-world environment, and no responsibility is assumed for any consequences resulting from its application in a real-world scenarios. You are responsible for any risks arising from any behavior not related to the above scope. 1. Introduction 1.1 Why this article? During my analysis about CVE-2024–21626 I discovered some interesting thing in old legacy runc components (that is not mentioned in the security advisory GHSA-xr7r-f8xq-vfvv).

Friday, November 8, 2024 | 5 minutes Read

Playing with Unicorn framework [1]

The main purposes of this article it is to learn what is unicorn engine, how to install it and understand the main features. Recall general CPU architecture basic concepts and how memory is used and organized by the operating system when a program is running. How to setup a project starting from a skeleton and in the end real examples to understand APIs and different scenarios where it is possible to use the unicorn engine.

Friday, June 21, 2024 | 13 minutes Read

Playing with CVE-2024-21626

The content of this article is for educational and research use only. The information provided must not be implemented in a real-world environment, and no responsibility is assumed for any consequences resulting from its application in a real-world scenarios. You are responsible for any risks arising from any behavior not related to the above scope. Related Article While investigating CVE-2024–21626, I discovered an overlooked vulnerability in older versions of Docker and runC.

Friday, May 17, 2024 | 17 minutes Read