TODO

Tasks

Urgent

  1. add links from "Waiting List" to categories
  2. add more links to "Browser Exploitation"
  3. add more links to "Mobile Exploitation"
  4. rename "Mitigations" sections
  5. rename all section names, change categories
  6. Browser Exploitation: add columns (software version, vulnerability type)
  7. update and sort out "Various Sutff" section
  8. split categories by pages

Later

  1. Secure Coding: add more links
  2. Heap-Fuzzing: add more links
  3. Hardware: add categories
  4. Heap: sort out
  5. update missing CVEs
  6. fix dead links, move to webarchive
  7. update "Malware" section
  8. add more ancient links
  9. rewrite to use nunjucks template

Waiting List

These links are about to be added. ~90 Links to go...

2016 (19)

http://blog.vectranetworks.com/blog/microsoft-windows-printer-wateringhole-attack

https://blog.fortinet.com/2016/07/20/analysis-of-cve-2016-4203-adobe-acrobat-and-reader-cooltype-handling-heap-overflow-vulnerability

https://census-labs.com/news/2016/07/22/android-stagefright-impeg2d_dec_pic_data_thread-overflow/

https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/

http://keenlab.tencent.com/en/2016/07/29/The-Journey-of-a-complete-OSX-privilege-escalation-with-a-single-vulnerability-Part-1/

http://blog.quarkslab.com/xen-exploitation-part-3-xsa-182-qubes-escape.html

https://blog.xyz.is/2016/webkit-360.html

https://blog.fortinet.com/2016/08/17/deep-analysis-of-cve-2016-3820-remote-code-execution-vulnerability-in-android-mediaserver

https://blog.xyz.is/2016/vita-netps-ioctl.html

https://sektioneins.de/en/blog/16-09-02-pegasus-ios-kernel-vulnerability-explained.html

https://googleprojectzero.blogspot.de/2016/09/return-to-libstagefright-exploiting.html

https://labs.nettitude.com/blog/analysing-the-null-securitydescriptor-kernel-exploitation-mitigation-in-the-latest-windows-10-v1607-build-14393/

https://info.lookout.com/rs/051-ESQ-475/images/pegasus-exploits-technical-details.pdf

http://keenlab.tencent.com/en/2016/11/18/A-Link-to-System-Privilege/

https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html

https://googleprojectzero.blogspot.de/2016/12/bitunmap-attacking-android-ashmem.html

http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/

http://srcincite.io/blog/2016/12/13/word-up-microsoft-word-onetabledocumentstream-underflow.html

https://googleprojectzero.blogspot.de/2016/12/chrome-os-exploit-one-byte-overflow-and.html

2017 (70)

https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/

https://googleprojectzero.blogspot.de/2017/02/lifting-hyper-visor-bypassing-samsungs.html

http://blog.quarkslab.com/analysis-of-ms16-104-url-files-security-feature-bypass-cve-2016-3353.html

https://www.endgame.com/blog/chakra-exploit-and-limitations-modern-mitigation-techniques

https://medium.com/@justin.schuh/securing-browsers-through-isolation-versus-mitigation-15f0baced2c2#.6948zz5lj

https://samdb.xyz/revisiting-windows-security-hardening-through-kernel-address-protection/

https://medium.com/@mxatone/mitigation-bounty-4-techniques-to-bypass-mitigations-2d0970147f83#.y0v90tw9k

https://ricklarabee.blogspot.de/2017/01/virtual-memory-page-tables-and-one-bit.html

https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/#iyhRpeiGze7ZohQt.97

https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html

https://googleprojectzero.blogspot.de/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html

https://blogs.technet.microsoft.com/mmpc/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/

https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf

https://scarybeastsecurity.blogspot.de/2017/05/proving-missing-aslr-on-dropboxcom-and.html

https://blogs.technet.microsoft.com/askpfeplat/2017/04/24/windows-10-memory-protection-features/

https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5

https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf

https://www.zerodayinitiative.com/blog/2017/5/4/auditing-adobe-reader-the-open-source-attack-surface-in-closed-source-software

https://bugzilla.mozilla.org/show_bug.cgi?id=1299686

https://bugzilla.mozilla.org/show_bug.cgi?id=1287266

https://snf.github.io/2017/05/04/exploit-protection-i-page-heap/

https://googleprojectzero.blogspot.de/2017/04/exception-oriented-exploitation-on-ios.html

https://googleprojectzero.blogspot.de/2017/04/exploiting-net-managed-dcom.html

https://grsecurity.net/the_infoleak_that_mostly_wasnt.php

https://www.endgame.com/blog/disarming-control-flow-guard-using-advanced-code-reuse-attacks

https://struct.github.io/oilpan_metadata.html

https://phoenhex.re/2017-06-09/pwn2own-diskarbitrationd-privesc

https://blog.fortinet.com/2017/06/04/an-inside-look-at-cve-2017-0199-hta-and-scriptlet-file-handler-vulnerability

https://risksense.com/_api/filesystem/468/EternalBlue_RiskSense-Exploit-Analysis-and-Port-to-Microsoft-Windows-10_v1_2.pdf

https://bugs.chromium.org/p/project-zero/issues/detail?id=1258

https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis/

https://blogs.technet.microsoft.com/srd/2017/06/20/tales-from-the-msrc-from-pixels-to-poc/

https://blogs.technet.microsoft.com/mmpc/2017/06/16/analysis-of-the-shadow-brokers-release-and-mitigation-with-windows-10-virtualization-based-security/

https://www.thezdi.com/blog/2017/6/26/use-after-silence-exploiting-a-quietly-patched-uaf-in-vmware

http://acez.re/the-weak-bug-exploiting-a-heap-overflow-in-vmware/

https://www.coresecurity.com/blog/solving-post-exploitation-issue-cve-2017-7308

https://blogs.technet.microsoft.com/srd/2017/07/20/englishmansdentist-exploit-analysis/

https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/amp/

https://github.com/MortenSchenk/BHUSA2017/blob/master/us-17-Schenk-Taking-Windows-10-Kernel-Exploitation-To-The-Next-Level–Leveraging-Write-What-Where-Vulnerabilities-In-Creators-Update-wp.pdf

https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-cve-2017-0190-wmf-flaws-can-lead-data-theft-code-execution/#sf101390209

https://tyranidslair.blogspot.de/2017/07/dg-on-windows-10-s-executing-arbitrary.html

https://blog.trailofbits.com/2017/08/02/microsoft-didnt-sandbox-windows-defender-so-i-did/

https://googleprojectzero.blogspot.de/2017/08/windows-exploitation-tricks-arbitrary.html

https://beingwinsysadmin.blogspot.de/2017/07/bug-windows-10-default-user-profile-is.html

https://comsecuris.com/blog/posts/path_of_least_resistance/

https://www.zerodayinitiative.com/blog/2017/8/1/pythonizing-the-vmware-backdoor

https://sensepost.com/blog/2017/abusing-gdi-objects-for-ring0-primitives-revolution/

https://www.zerodayinitiative.com/blog/2017/8/9/the-blue-frost-security-challenge-an-exploitation-journey-for-fun-and-free-drinks

http://blog.talosintelligence.com/2017/08/windbg-and-javascript-analysis.html

https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/

https://tyranidslair.blogspot.de/2017/08/the-art-of-becoming-trustedinstaller.html

https://googleprojectzero.blogspot.de/2017/08/bypassing-virtualbox-process-hardening.html

https://alephsecurity.com/2017/08/30/untethered-initroot/

https://kitctf.de/writeups/hitb2017/babyqemu

https://github.com/hatRiot/token-priv/blob/master/abusing_token_eop_1.0.txt

https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/

https://blog.checkpoint.com/wp-content/uploads/2016/08/Exploiting-PHP-7-unserialize-Report-160829.pdf

https://comsecuris.com/blog/posts/vmware_vgpu_shader_vulnerabilities/

https://github.com/nccgroup/CVE-2017-8759/

https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/

https://blogs.technet.microsoft.com/enterprisemobility/2017/09/18/active-directory-access-control-list-attacks-and-defense/

https://hatriot.github.io/blog/2017/09/19/abusing-delay-load-dll/

https://github.com/deroko/activationcontexthook

http://www.synacktiv.ninja/posts/exploit/rce-vulnerability-in-hp-ilo.html

https://kvakil.github.io/ropchain.html

https://duo.com/assets/ebooks/Duo-Labs-The-Apple-of-Your-EFI.pdf

https://googleprojectzero.blogspot.de/2017/09/over-air-vol-2-pt-1-exploiting-wi-fi.html

https://www.zerodayinitiative.com/blog/2017/9/26/duck-assisted-code-execution-in-emc-data-protection-advisor

https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf

https://securingtomorrow.mcafee.com/mcafee-labs/microsoft-kills-potential-remote-code-execution-vulnerability-in-office-cve-2017-8630/#sf115825366

https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor

https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/

https://www.talosintelligence.com/reports/TALOS-2017-0432

https://googleprojectzero.blogspot.de/2017/10/over-air-vol-2-pt-3-exploiting-wi-fi.html

https://tyranidslair.blogspot.de/2017/10/bypassing-sacl-auditing-on-lsass.html

https://www.zerodayinitiative.com/blog/2017/10/17/wrapping-the-converter-within-foxit-reader

https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing/

https://www.cyberark.com/threat-research-blog/boundhook-exception-based-kernel-controlled-usermode-hooking/

https://hvinternals.blogspot.de/2015/10/hyper-v-debugging-for-beginners.html

https://hvinternals.blogspot.de/2017/10/hyper-v-debugging-for-beginners-part-2.html

https://theevilbit.blogspot.de/2017/10/abusing-gdi-objects-bitmap-objects-size.html

https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability

https://www.zerodayinitiative.com/blog/2017/10/27/on-the-trail-to-mobile-pwn2own

https://nickbloor.co.uk/2017/10/22/analysis-of-cve-2017-12628/

https://www.zerodayinitiative.com/blog/2017/8/24/deconstructing-a-winning-webkit-pwn2own-entry

https://riscybusiness.wordpress.com/2017/10/07/hiding-your-process-from-sysinternals/

https://statuscode.ch/2017/11/from-markdown-to-rce-in-atom/

https://hackernoon.com/afl-unicorn-part-2-fuzzing-the-unfuzzable-bea8de3540a5

https://signal11.io/index.php/2017/11/19/attacking-uninitialized-variables-with-recursion/

https://bugs.chromium.org/p/project-zero/issues/detail?id=1332

https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/

https://posts.specterops.io/lateral-movement-using-outlooks-createobject-method-and-dotnettojscript-a88a81df27eb

https://bugs.chromium.org/p/chromium/issues/detail?id=766253

https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about

https://salls.github.io/Linux-Kernel-CVE-2017-5123/

https://pleasestopnamingvulnerabilities.com/

https://fail0verflow.com/blog/2017/ps4-crashdump-dump/

https://github.com/Cryptogenic/PS4-4.05-Kernel-Exploit

https://googleprojectzero.blogspot.de/2017/12/apacolypse-now-exploiting-windows-10-in_18.html

https://sww-it.ru/2017-11-06/1493

https://bugs.chromium.org/p/chromium/issues/detail?id=766253

https://blog.xpnsec.com/windows-warbird-privesc/

https://blog.fortinet.com/2017/11/22/cve-2017-11826-exploited-in-the-wild-with-politically-themed-rtf-document

https://posts.specterops.io/adventures-in-extremely-strict-device-guard-policy-configuration-part-1-device-drivers-fd1a281b35a8

https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0

http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html

https://www.crowdstrike.com/blog/badrabbit-ms17-010-exploitation-part-two-elevate-privileges/

https://www.zerodayinitiative.com/blog/2017/12/22/a-matching-pair-of-use-after-free-bugs-in-chakra-asmjs

https://www.zerodayinitiative.com/blog/2017/12/20/invariantly-exploitable-input-an-apple-safari-bug-worth-revisiting

https://www.zerodayinitiative.com/blog/2017/12/21/vmwares-launch-escape-system

https://www.zerodayinitiative.com/blog/2017/12/19/apache-groovy-deserialization-a-cunning-exploit-chain-to-bypass-a-patch

https://blog.blazeinfosec.com/leveraging-web-application-vulnerabilities-to-steal-ntlm-hashes-2/

https://bugs.chromium.org/p/project-zero/issues/detail?id=1358

https://www.zerodayinitiative.com/blog/2017/12/18/reading-backwards-controlling-an-integer-underflow-in-adobe-reader

https://quequero.org/2017/11/arm-exploitation-iot-episode-3/

https://www.coresecurity.com/blog/making-something-out-zeros-alternative-primitive-windows-kernel-exploitation

https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/

https://blogs.bromium.com/browser-isolation-with-microsoft-windows-defender-application-guard/

http://riscy.business/2017/12/lenovos-unsecured-objects/

https://randomascii.wordpress.com/2017/12/10/analyzing-a-confusing-crash/

[[https://github.com/Cryptogenic/Exploit-Writeups/blob/master/PS4/"NamedObj](https://github.com/Cryptogenic/Exploit-Writeups/blob/master/PS4/"NamedObj)" 4.05 Kernel Exploit Writeup.md]([https://github.com/Cryptogenic/Exploit-Writeups/blob/master/PS4/"NamedObj](https://github.com/Cryptogenic/Exploit-Writeups/blob/master/PS4/"NamedObj)" 4.05 Kernel Exploit Writeup.md)

https://theevilbit.blogspot.in/2017/12/convert-write-where-kernel-exploits.html

https://sensepost.com/blog/2017/linux-heap-exploitation-intro-series-riding-free-on-the-heap-double-free-attacks/

https://sites.google.com/site/bingsunsec/the-battle-for-protected-memory

https://media.ccc.de/v/34c3-8720-ios_kernel_exploitation_archaeology

https://sensepost.com/blog/2018/linux-heap-exploitation-intro-series-bonus-printf-might-be-leaking/

https://doar-e.github.io/blog/2017/12/01/debugger-data-model/

https://blogs.bromium.com/anatomy-of-meltdown-a-technical-journey/

https://www.root-me.org/en/Challenges/App-System/

https://rootkits.xyz/blog/2017/06/kernel-setting-up/

https://randomascii.wordpress.com/2018/01/07/finding-a-cpu-design-bug-in-the-xbox-360/

https://bugs.chromium.org/p/project-zero/issues/detail?id=1272

https://googleprojectzero.blogspot.de/2018/01/reading-privileged-memory-with-side.html

https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html

http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html

https://meltdownattack.com/

https://siguza.github.io/IOHIDeous/

https://bruce30262.github.io/2017/12/15/Learning-browser-exploitation-via-33C3-CTF-feuerfuchs-challenge/

https://blog.xpnsec.com/windows-warbird-privesc/

http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table

https://sandboxescaper.blogspot.de/2018/01/adobe-reader-escape-or-how-to-steal.html

https://blogs.securiteam.com/index.php/archives/3649

https://samsclass.info/127/127_S18.shtml

https://github.com/Coalfire-Research/iOS-11.1.2-15B202-Jailbreak

https://blog.quarkslab.com/reverse-engineering-the-win32k-type-isolation-mitigation.html

https://www.mdsec.co.uk/2018/02/adobe-flash-exploitation-then-and-now-from-cve-2015-5119-to-cve-2018-4878/

https://www.coresecurity.com/blog/making-something-out-zeros-alternative-primitive-windows-kernel-exploitation

http://blog.frizn.fr/glibc/glibc-heap-to-rip

http://blog.ptsecurity.com/2018/02/new-bypass-and-protection-techniques.html

https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/

https://census-labs.com/news/2018/02/28/windows-10-rs2rs3-gdi-data-only-exploitation-tales-offensivecon-2018/

https://www.zerodayinitiative.com/blog/2018/3/1/vmware-exploitation-through-uninitialized-buffers

https://github.com/Cryptogenic/Exploit-Writeups/blob/master/WebKit/setAttributeNodeNS UAF Write-up.md

https://bazad.github.io/2018/03/a-fun-xnu-infoleak/

https://bazad.github.io/2018/03/ida-kernelcache-class-reconstruction/

https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/

https://github.com/0xcl/clang-cfi-bypass-techniques/blob/master/README.md

https://tradahacking.vn/hitcon-2017-ghost-in-the-heap-writeup-ee6384cd0b7

https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/

https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/

https://www.fortinet.com/blog/threat-research/a-root-cause-analysis-of-cve-2018-0797---rich-text-format-styles.html

https://blog.trailofbits.com/2018/04/04/vulnerability-modeling-with-binary-ninja/

https://blog.zimperium.com/cve-2017-13253-buffer-overflow-multiple-android-drm-services/

https://www.zerodayinitiative.com/blog/2018/4/5/quickly-pwned-quickly-patched-details-of-the-mozilla-pwn2own-exploit

results matching ""

    No results matching ""