Security Work
My security work experience comprises of academic work at Fraunhofer AISEC, CTF participation and task authoring, security bug hunting, and undisclosed security company work.
Academic work
- Via: Analyzing device interfaces of protected virtual machines, 2021, F Hetzelt, M Radev*, R Buhren, M Morbitzer, JP Seifert
- Exploiting interfaces of secure encrypted virtual machines, 2020, M Radev*, M Morbitzer
- Severity: Code injection attacks against encrypted virtual machines, 2021, M Morbitzer, S Proskurin, M Radev*, M Dorfhuber, EQ Salas
- Leveraging Hardware-Assisted TEEs to Protect Host Secrets in an OS-Level Virtualization Environment, 2020, M Radev*, and supervised by C Epple
CTF challenges
Challenges 2022
-
true_web_assembly | web | ctftime
0day web challenge targeting the asmbb platform. -
shadertoy_plus_plus | pwn | ctftime
0day pwn challenge for exploiting Google's ANGLE and SwiftShader GFX libraries. -
hypersecure | pwn | ctftime
Hypervisor-escape challenge for a custom AMD SVM-based hypervisor. -
browser_insanity | pwn | ctftime
0day browser exploitation challenge for the browser used in KolibriOS.
Challenges 2021
Challenges 2020
-
kernel-rop | pwn | ctftime
First ever FG-KASLR kernel pwn challenge.
Challenges 2019
-
tetres2019 | RE | ctftime
A tetris game written in a GLSL compute shader. Beat it to get the flag.
Discovered security bugs
-
CVE‑2022‑42270 | CVSS: 7.8
NVIDIA Linux kernel distributions contain a vulnerability in nvdla_emu_task_submit, ... escalation of privileges -
kvmtool VM-escape | CVSS: None
See https://hxp.io/blog/87/hxp-CTF-2021-indie_vmm-writeup/ and https://www.spinics.net/lists/kvm/msg264664.html -
CVE‑2021‑1106 | CVSS: 7.8
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, ... escalation of privileges -
CVE‑2021‑1107 | CVSS: 7.8
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, ... escalation of privileges -
CVE‑2021‑1108 | CVSS: 7.3
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, ... escalation of privileges -
CVE‑2021‑1112 | CVSS: 5.5
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, ... denial of service -
CVE‑2021‑1114 | CVSS: 4.4
NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, ... escalation of privileges -
CVE‑2021‑34401 | CVSS: 7.8
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, ... escalation of privileges -
CVE‑2021‑34403 | CVSS: 7.8
NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, ... escalation of privileges -
CVE-2020-12967 | CVSS: 9.0
Researchers from Fraunhofer AISEC and TUM make use of ... the lack of nested page table protection in the SEV/SEV-ES feature which could potentially lead to arbitrary code execution within the guest
Website updated on: January 1, 2024