Ravshan Rikhsiev — Cybersecurity researcher | Low-level systems, firmware & compilers
I’m a cybersecurity researcher at ONESEC focused on low-level systems, firmware, and compilers. I publish technical writeups, run hands-on workshops, and mentor students to help grow the next generation of security researchers. Outside work I enjoy cycling and community outreach.
Firmware reverse engineering and analysis of router devices
This post explains the firmware extraction and analysis process for consumer-grade routers, focusing on filesystem inspection, ELF analysis, and configuration recovery. It highlights semulation of embedded systems, including libraries, binaries, and services.
Read more ⟶Exploring Integer Overflow: libxml2 Integer Overflow, which leads to OOB
This article explores a critical integer overflow in libxml2 where improper bounds validation leads to out-of-bounds memory access. It walks through the vulnerable function, discusses how arithmetic truncation causes the bug, and demonstrates how attackers can exploit it to leak memory or crash the application.
Read more ⟶Linux Kernel Exploitation Part 1: ret2usr
This post introduces kernel exploitation fundamentals through the classic ret2usr technique. It explains how attackers redirect kernel execution into userland memory, why this attack was historically common, and how modern mitigations restrict it.
Read more ⟶Linux Kernel Exploitation Part 2: Adding Mitigitions
Building on Part 2, this article discusses the mitigations introduced to block ret2usr attacks, such as SMEP, SMAP, and hardened pointer validation. It examines how these protections change the exploitation landscape and what kernel developers must consider when designing secure code paths.
Read more ⟶EXIM: CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
This article analyzes a heap out-of-bounds read in Exim’s DKIM verification logic caused by missing bounds checks in pdkim_finish_bodyhash(). It shows how a crafted DKIM signature can trigger memory disclosure and discusses why the issue persisted across multiple versions.
Read more ⟶Android Cheatsheet
Android cheatsheet for pentesting
Read more ⟶Linux Heap Exploitation internals
This post dives into the internal structures of the malloc allocator, focusing on chunk metadata, bins. It explains how understanding these internals enables more reliable exploitation and the construction of advanced heap primitives.
Read more ⟶Linux Heap Exploitation: Unsafe Unlink
A focused explanation of the unsafe unlink vulnerability that demonstrates corrupting chunk metadata to achieve arbitrary memory writes. The article includes step-by-step exploit logic and notes on modern mitigations that neutralize the classic technique.
Read more ⟶write4 | ROPEmporium [4]
Functions themselves are in an external library we should call it from there. Imported files proves the command
Read more ⟶rabin2 -i <binary>…callme | ROPEmporium [3]
Ok we have three functions, and we should call them with arguments, which are given, there are
Read more ⟶0xdeadbeef, 0xcafebabe, 0xd00df00d . Functions itself are in external library we should call them one by one. Buffer overflow offset is the same, and checksec…