Original research, technical writeups, and published work from the DarkCov team. Everything here is something we actually worked on and thought was worth writing about.
A single null byte. No UAF in the target. No double-free. Every mitigation active. By chaining five bugs in glibc 2.43's own allocator, we manufacture a use-after-free from scratch, bypass safe-linking without a freed-memory read, defeat double-free detection, and reach a shell.
Traditional Linux persistence is noisy. systemd services, cron jobs, shell configs — they all leave artifacts. This research explores leveraging Linux namespaces as an unprivileged, low-trace persistence primitive that hides in plain sight inside the kernel's own isolation infrastructure.
An optical covert channel that uses controlled modulation of a system's display backlight to exfiltrate compact, high-value data from air-gapped hosts. No hardware modification required. Operates at intentionally low throughput to stay invisible.
Got tired of reading through hundreds of ASAN crash logs manually trying to figure out which ones are actually worth looking at. Built Wendigo to handle that. Feed it a crash, get back exploitability analysis, CWE mapping, binary hardening checks, and HTML reports with memory diagrams.