Break me out of sandbox in old pipe - CVE-2022-22715 Windows Dirty Pipe

Author: k0shl of Cyber Kunlun

In February 2022, Microsoft patched the vulnerability I used in TianfuCup 2021 for escaping Adobe Reader sandbox, assigned CVE-2022-22715. The vulnerability existed in N......

The Story Of CVE-2021-1648

Author: k0shl of 360 Vulcan Team


In January 2021 patch tuesday, MSRC patched a vulnerability in splwow64 service, assigned to CVE-2021-1648(also known as CVE-2020-17008), which merged my tw......

StorSvc writeup and introduction about my analysis script

Author: k0shl of Qihoo 360 Vulcan Team

Today, I'd like to share two of my favorite logical escalation of priviledge vulnerabilities which I reported in 2019 -- CVE-2019-0983 and CVE-2019-099......