Analysis and Exploitation (hardware, firmware, etc.)

Vulnerability and exploit analysis and development in hardware level.

Nr URL Description Date Author Vulnerable target Info
1 http://fail0verflow.com/blog/2012/cve-20... CVE-2012-0217: Intel's sysret Kernel Privilege Escalation (on FreeBSD) 05-07-2012 iZsh FreeBSD Sysret; CVE-2012-0217
2 https://media.blackhat.com/bh-us-12/Brie... Stitch In Time Saves Nine: A Stitch In Time Saves Nine: A Case Of Multiple OS Vulnerability 25-07-2012 Rafal Wojtczuk - Sysret; CVE-2006-0744, CVE-2012-0217
3 http://www.vupen.com/blog/20120806.Advan... Advanced Exploitation of Windows Kernel Intel 64-Bit Mode Sysret Vulnerability (MS12-042) 06-08-2012 Jordan Gruskovnjak Windows Sysret; CVE-2012-0217
4 http://www.vupen.com/blog/20120904.Advan... Advanced Exploitation of Xen Hypervisor Sysret VM Escape Vulnerability 04-09-2012 Matthieu Bonetti - Sysret; CVE-2012-0217
5 http://blog.azimuthsecurity.com/2013/04/... Unlocking the Motorola Bootloader 08-04-2013 Dan Rosenberg TrustZone, Android N/A
6 http://blog.cr4.sh/2015/02/exploiting-ue... Exploiting UEFI boot script table vulnerability 06-02-2015 Dmytro (Cr4sh) Oleksiuk UEFI N/A
7 https://googleprojectzero.blogspot.de/20... Exploiting the DRAM rowhammer bug to gain kernel privileges 09-03-2015 Mark Seaborn, Thomas (Halvar Flake) Dullien DRAM Rowhammer, N/A
8 https://blog.exodusintel.com/2016/02/10/... EXECUTE MY PACKET 10-02-2016 David Barksdale, Jordan Gruskovnjak, Alex Wheeler Cisco ASA N/A
9 http://blog.cr4.sh/2016/02/exploiting-s... Exploiting SMM callout vulnerabilities in Lenovo firmware 24-02-2016 Dmytro (Cr4sh) Oleksiuk SMM N/A
10 http://theroot.ninja/disclosures/SAMDUNK... eMMC backdoor leading to bootloader unlock on Samsung Galaxy Devices 26-03-2016 Sean (beaups) Beaupre eMMC N/A
11 https://bits-please.blogspot.de/2016/04... Exploring Qualcomm's Secure Execution Environment 26-04-2016 laginimaineb TrustZone N/A
12 https://bits-please.blogspot.de/2016/05... QSEE privilege escalation vulnerability and exploit (CVE-2015-6639) 02-05-2016 laginimaineb QSEE CVE-2015-6639
13 https://bits-please.blogspot.de/2016/05... War of the Worlds - Hijacking the Linux Kernel from QSEE 05-05-2016 laginimaineb QSEE CVE-2015-6639
14 http://esec-lab.sogeti.com/posts/2016/0... SMM unchecked pointer vulnerability 30-05-2016 Bruno SMM N/A
15 https://bits-please.blogspot.de/2016/06... TrustZone Kernel Privilege Escalation (CVE-2016-2431) 15-06-2016 laginimaineb TrustZone CVE-2016-2431
16 http://blog.cr4.sh/2016/06/exploring-an... Exploring and exploiting Lenovo firmware secrets 28-06-2016 Dmytro (Cr4sh) Oleksiuk SMM N/A
17 https://bits-please.blogspot.de/2016/06... Extracting Qualcomm's KeyMaster Keys - Breaking Android Full Disk Encryption 30-06-2016 laginimaineb TrustZone N/A
18 https://mjg59.dreamwidth.org/48429.html Intel's remote AMT vulnerablity 01-05-2017 mjg59 Intel AMT N/A
19 https://googleprojectzero.blogspot.de/2... Trust Issues: Exploiting TrustZone TEEs 24-07-2017 Gal Beniamini TrustZone N/A
20 https://blog.exodusintel.com/2017/07/26/broadpwn/ BROADPWN: REMOTELY COMPROMISING ANDROID AND IOS VIA A BUG IN BROADCOM’S WI-FI CHIPSETS 26-07-2017 Nitay Artenstein Broadcom N/A
21 http://gsec.hitb.org/materials/sg2017/W... Intel AMT. Stealth breakthrough xx-08-2017 Ermolov, Evdokimov, Malyutin Intel AMT CVE-2017-5689
22 https://www.pnfsoftware.com/blog/firmwa... FIRMWARE EXPLOITATION WITH JEB: PART 1 20-08-2017 HUGO GENESSE Router Firmware N/A
23 https://www.pnfsoftware.com/blog/firmwa... FIRMWARE EXPLOITATION WITH JEB: PART 2 22-08-2017 HUGO GENESSE Router Firmware N/A
24 https://www.pnfsoftware.com/blog/firmwa... FIRMWARE EXPLOITATION WITH JEB PART 3: REVERSING THE SMARTRG’S SR505N 28-08-2017 HUGO GENESSE Router Firmware N/A
25 http://blog.ptsecurity.com/2017/08/disa... Disabling Intel ME 11 via undocumented mode 28-08-2017 Mark Ermolov, Maxim Goryachy Intel ME N/A

results matching ""

    No results matching ""