Rediscovering CVE-2024-48990 and Crafting My Own Exploit

Introduction On November 19th, 2024, Qualys publicly disclosed five local privilege escalation vulnerabilities discovered in the needrestart binary that comes installed by default on Ubuntu Server installations. They disclose the technical details of these here, however, I will be attempting to rediscover CVE-2024-48990 prior to reading the technical details based purely on the information from the CVE description and references. Then, I will create my own exploit that gives me a reverse shell as root....

2024-11-25 · 8 min · Ally Petitt

How I Found 3 CVEs in 2 Days

Author: Ally Petitt Introduction Christmas break is notoriously refreshing for high schoolers like myself, however, unlike most high school students, I got to spend mine doing the most fascinating work in the world: security research. I had previously used Savannah, a GNU bug tracker, to submit a bug report, so when I noticed that the underlying technology, Savane, was open source, I knew I had to put it on my list of research projects....

2024-03-21 · 7 min · Ally Petitt

How I Found an Authentication Bypass Vulnerability — CVE-2023–43154

https://images.pexels.com/photos/5483149/pexels-photo-5483149.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1 Introduction Discovering a CVE was always an idea that enticed me, but I had no idea how to achieve it. Encountering the authentication bypass that I will explain in this article was both unexpected and deeply inspiring. In my preparation for the OSWE, I decided to practice identifying the exam vulnerabilities in real, open-source applications, which would both give me practice for the exam and enable me to contribute to the security community....

2023-09-29 · 8 min · Ally Petitt