infosec wiki
23 pages in this category
Linux
-
the scrutiny gradient (2026-04-22 draft notes)
Apr 22, 2026 • updated
notes on the 2026-04-22 revision freeze of the mean-field survey of security commits, CVEs, and dossiers across 22 linux base-system repositories
Network Covert Channels
-
coap protocol tunneling
Aug 12, 2025 • updated
iot covert channels using coap header field manipulation
-
dhcp option field tunneling
Aug 12, 2025 • updated
covert channels using dhcp sname, file, and option fields
-
dns null record tunneling
Aug 12, 2025 • updated
high-performance dns covert channel using null records
-
dns over https tunneling
Aug 12, 2025 • updated
covert channels using dns-over-https on port 443
-
dns timing channels
Aug 12, 2025 • updated
ultra-stealthy covert channels using dns query timing patterns
-
dns txt record tunneling
Aug 12, 2025 • updated
dns covert channel using txt records for command and control
-
http/https tunneling
Aug 12, 2025 • updated
tcp tunneling through http/https protocols for covert communication
-
icmp tunneling
Aug 12, 2025 • updated
covert channels using icmp echo request/reply packets
-
ipv6 extension header channels
Aug 12, 2025 • updated
covert channels using ipv6 extension headers and flow labels
-
lorawan covert channels
Aug 12, 2025 • updated
iot covert channels using lorawan frame structure exploitation
-
mqtt tunneling
Aug 12, 2025 • updated
iot protocol covert channels using mqtt publish-subscribe
-
network covert channels index
Aug 12, 2025 • updated
comprehensive catalog of network tunneling and covert channel techniques
-
ntp extension field tunneling
Aug 12, 2025 • updated
covert channels using ntp v4 extension fields for high-capacity data transfer
-
ntp timing channels
Aug 12, 2025 • updated
covert channels using ntp inter-arrival times and stratum manipulation
-
quic connection id tunneling
Aug 12, 2025 • updated
covert channels using quic protocol connection id manipulation
-
webrtc data channels
Aug 12, 2025 • updated
peer-to-peer network tunneling using webrtc datachannel api
-
websocket tunneling
Aug 12, 2025 • updated
high-performance covert channels using websocket protocol
Windows Drivers
-
glaurung windows driver findings
Jun 10, 2026 • updated
a running catalog of windows kernel-driver bugs found with glaurung, the binary-analysis toolkit — what each bug is, how the tool surfaced it, and an honest read on why microsoft did or did not act on it.
-
ndfltr.sys: a 32-bit offset+length wrap into a kernel OOB read
Jun 10, 2026 • updated
glaurung found an integer-overflow-before-bounds-check in the windows NetworkDirect filter driver: a 32-bit (offset+length) validation that wraps while the use site applies the offset as a 64-bit addend, sending the source pointer ~4 GiB out of bounds. unprivileged on RDMA hosts, but a denial-of-service floor — and one of three candidate sites was a false positive we caught before disclosing.
-
NDKPing.sys: a NULL SystemBuffer deref you can blue-screen on demand
Jun 10, 2026 • updated
glaurung flagged an ioctl dispatcher in the windows NDK diagnostic driver that loads Irp->AssociatedIrp.SystemBuffer and dereferences it without a null check. a METHOD_BUFFERED ioctl with zero-length input and output leaves SystemBuffer NULL, and every case body reads [NULL+0x28]. reproduced live as bugcheck 0x3B — but it is admin-only, which is exactly why microsoft will not fix it.
-
ioctlance: windows driver vulnerability detection
Aug 17, 2025 • updated
symbolic execution and taint analysis for finding vulnerabilities in windows kernel drivers
Windows Vulnerability Research
-
june 2026 patch tuesday: a patch-diff campaign
Jun 10, 2026 • updated
reverse-engineering microsoft's record june 2026 patch tuesday: localizing the headline network and kernel cves, and two systemic observations (velocity-flag-gated fixes, and a reachability correction on the wormable tcp/ip rce)