Joel Eriksson

Joel Eriksson has written 24 posts for ClevCode

Unique Opportunity – Mentorship for a Select Few (and maybe a new team?)

This post is directed to the people that share my interest in learning and understanding IT-security on a deeper level than most (vulnerability research, exploit development, reverse-engineering). The ones that are not interested in merely learning the tools of the trade, in order to do what any trained monkey would be able to do. Pointing … Continue reading »

CVE-2014-6271 / Shellshock & How to handle all the shells! ;)

For the TL;DR generation: If you just want to know how to handle all the shells, search for “handling all the shells” and skip down to that. ;) CVE-2014-6271, also known as “Shellshock”, is quite a neat little vulnerability in Bash. It relies on a feature in Bash that allows child processes to inherit shell … Continue reading »

CVE-2014-3153 Exploit

This awesome vulnerability, that affect pretty much all Linux kernels from the last five years, was found by Comex about a month ago. It is also the vulnerability that is used in TowelRoot by GeoHot, to root the Samsung S5 and a bunch of other Android based devices. TowelRoot is closed source and heavily obfuscated … Continue reading »

Available for projects

I am currently available for projects involving: Code Auditing Reverse-Engineering Exploit Development Vulnerability Assessments Malware Analysis Security Research-oriented projects in general For more information about me and my abilities, besides what you can see in my posts here, you are welcome to take a look at my CV: http://www.clevcode.org/cv.pdf For select clients, I might also … Continue reading »

Oldies but goldies #2

Found another one of my old exploits. This one a Windows kernel exploit from 2006. :) This also happens to be one of the exploits I demonstrated (but did not release) at BlackHat and DefCon in 2007, in our Kernel Wars talk. It was actually still unpatched when demonstrating it at BlackHat Europe, even though … Continue reading »

Oldies but goldies

Looking through some old disks now, and found a couple of exploits I coded back in 2004. Good old times. :) The first one is an exploit for a double free() in CVS

ARM payload development

As I mentioned on Twitter earlier (@OwariDa, @ClevCode), using the excellent Hex-Rays ARM decompiler turned out to be quite handy for verifying the payload I’m developing and injecting into the XMM6260-based baseband in my Samsung S3 (GT-i9300). Rebooting my phone due to baseband crashes can be a bit time consuming. :D The specific research I’m … Continue reading »

Team ClevCode

This is now the official home for Team ClevCode. More information about us at: http://www.clevcode.org/team/  

Codegate Quals 2012 – Vuln 500

This is my writeup for the Vuln 500 challenge in the Codegate Quals 2012 competition. The vulnerability is a straight forward format string vulnerability in a SUID Linux/x86 program. Since ASLR & NX was activated, it was not quite as straight forward to exploit though. Since partial RELRO was used as well, DTORS was read-only, … Continue reading »

CanYouCrackIt.co.uk / GCHQ Challenge Solution – Stage 3

The final stage of the GCHQ challenge was a small (5kB) x86 Windows/cygwin binary (available here). Analyzing it in IDA Pro, I could see that it expects a 24 byte license file with the following format: “gchq” : Static header Password : Eight character password, which should match the DES-hash “hqDTK7b8K2rvw” with the salt “hq” … Continue reading »

View Joel Eriksson's profile on LinkedIn