Rating: 5.0
Please, do not write just a link to original writeup here.
Great writeup !
but why is rsi set to NULL ( argv[] = {NULL} ) instead of {filename, NULL}.
@ktecv2000 good question, I think/believe (I'm not 100% sure) that most people do that to reduce the potential for exceptions where this could result in an error and you don't really need it.
Most people use "/bin/sh" as the filename, but you could also (in some cases) just use "sh", what also could be in some cases risky. Like people who use setguid() etc. in their shellcode, gives them assurance but could also fire back (for example if the shellcode would be too long), maybe a question of taste and situation. ^^
But yeah these here are just my assumptions. :D
