Although Kindle e-readers are a prime target in modding and jailbreaking communities, there is little public work about vulnerability research in remote code execution scenarios.

In this post, we give technical details about a chain of vulnerabilities we identified that can be triggered by downloading a malicious Audible audiobook, allowing to take full control of the device and its registered Amazon account.

1. Discovery of two vulnerabilities in secure world components
2. Exploitation to get code execution in a trusted driver, while not having a debugger for this obscure environment
3. Leverage of aarch32 T32 instruction set to find nice stack pivots
4. Turning an arbitrary write into an arbitrary code execution

This is the third installment in my three-part series of articles on fuzzing Microsoft’s RDP client, where I explain a bug I found by fuzzing the smart card extension.

This is the second installment in my three-part series of articles on fuzzing Microsoft’s RDP client. I will explain a bug I found by fuzzing the printer sub-protocol, and how I exploited it.

For the European Cyber Week CTF 2021 Thalium created some challenges in our core competencies: reverse and exploitation. This blog post presents some of the write-ups:

• Chest (36 solve) - reverse
• FSB as a service (3 solve) - exploitation
• WYSIWYG (3 solve) - reverse
• Pipe Dream (1 solve) - reverse
  • the author posted his solution on his personal blog

Thalium’s challenges have been less resolved than others. They were not that difficult, but probably a bit more unexpected. A few additional challenges designed by Thalium are: