Martin Radev $ the memory dump

Security Work

My security work experience comprises of academic work at Fraunhofer AISEC, CTF participation and task authoring, security bug hunting, and undisclosed security company work.

Academic work

Via: Analyzing device interfaces of protected virtual machines, 2021, F Hetzelt, M Radev*, R Buhren, M Morbitzer, JP Seifert
Exploiting interfaces of secure encrypted virtual machines, 2020, M Radev*, M Morbitzer
Severity: Code injection attacks against encrypted virtual machines, 2021, M Morbitzer, S Proskurin, M Radev*, M Dorfhuber, EQ Salas
Leveraging Hardware-Assisted TEEs to Protect Host Secrets in an OS-Level Virtualization Environment, 2020, M Radev*, and supervised by C Epple

CTF challenges

Challenges 2022

true_web_assembly | web | ctftime
0day web challenge targeting the asmbb platform.
shadertoy_plus_plus | pwn | ctftime
0day pwn challenge for exploiting Google's ANGLE and SwiftShader GFX libraries.
hypersecure | pwn | ctftime
Hypervisor-escape challenge for a custom AMD SVM-based hypervisor.
browser_insanity | pwn | ctftime
0day browser exploitation challenge for the browser used in KolibriOS.

Challenges 2021

trusty user diary | pwn | ctftime
Kernel pwn challenge based on Dirty-COW
indie_vmm | pwn | ctftime
0day VM-escape challenge for kvmtool

Challenges 2020

kernel-rop | pwn | ctftime
First ever FG-KASLR kernel pwn challenge.

Challenges 2019

tetres2019 | RE | ctftime
A tetris game written in a GLSL compute shader. Beat it to get the flag.

Discovered security bugs

CVE‑2022‑42270 | CVSS: 7.8
NVIDIA Linux kernel distributions contain a vulnerability in nvdla_emu_task_submit, ... escalation of privileges
kvmtool VM-escape | CVSS: None
See https://hxp.io/blog/87/hxp-CTF-2021-indie_vmm-writeup/ and https://www.spinics.net/lists/kvm/msg264664.html
CVE‑2021‑1106 | CVSS: 7.8
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, ... escalation of privileges
CVE‑2021‑1107 | CVSS: 7.8
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, ... escalation of privileges
CVE‑2021‑1108 | CVSS: 7.3
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, ... escalation of privileges
CVE‑2021‑1112 | CVSS: 5.5
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, ... denial of service
CVE‑2021‑1114 | CVSS: 4.4
NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, ... escalation of privileges
CVE‑2021‑34401 | CVSS: 7.8
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, ... escalation of privileges
CVE‑2021‑34403 | CVSS: 7.8
NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, ... escalation of privileges
CVE-2020-12967 | CVSS: 9.0
Researchers from Fraunhofer AISEC and TUM make use of ... the lack of nested page table protection in the SEV/SEV-ES feature which could potentially lead to arbitrary code execution within the guest

Website updated on: January 1, 2024

Academic work

CTF challenges

true_web_assembly | web | ctftime

shadertoy_plus_plus | pwn | ctftime

hypersecure | pwn | ctftime

browser_insanity | pwn | ctftime

trusty user diary | pwn | ctftime

indie_vmm | pwn | ctftime

kernel-rop | pwn | ctftime

tetres2019 | RE | ctftime

Discovered security bugs

CVE‑2022‑42270 | CVSS: 7.8

kvmtool VM-escape | CVSS: None

CVE‑2021‑1106 | CVSS: 7.8

CVE‑2021‑1107 | CVSS: 7.8

CVE‑2021‑1108 | CVSS: 7.3

CVE‑2021‑1112 | CVSS: 5.5

CVE‑2021‑1114 | CVSS: 4.4

CVE‑2021‑34401 | CVSS: 7.8

CVE‑2021‑34403 | CVSS: 7.8

CVE-2020-12967 | CVSS: 9.0