TODO
Tasks
Later
- Secure Coding: add more links
- Heap-Fuzzing: add more links
- Hardware: add categories
- Heap: sort out
- update missing CVEs
- fix dead links, move to webarchive
- update "Malware" section
- add more ancient links
- rewrite to use nunjucks template
Waiting List
- https://scarybeastsecurity.blogspot.de/
- https://modexp.wordpress.com/
- https://lazytyped.blogspot.de/?m=1
- http://tukan.farm/2016/07/26/ptmalloc-fanzine/
- https://bugs.chromium.org/p/chromium/issues/list?can=1&q=Pwn2Own&colspec=ID+Pri+M+Stars+ReleaseBlock+Component+Status+Owner+Summary+OS+Modified&x=m&y=releaseblock&cells=ids
- http://robert.ocallahan.org
- https://rayanfam.com/
2015
2016 (19)
http://blog.vectranetworks.com/blog/microsoft-windows-printer-wateringhole-attack
https://census-labs.com/news/2016/07/22/android-stagefright-impeg2d_dec_pic_data_thread-overflow/
https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/
http://blog.quarkslab.com/xen-exploitation-part-3-xsa-182-qubes-escape.html
https://blog.xyz.is/2016/webkit-360.html
https://blog.xyz.is/2016/vita-netps-ioctl.html
https://sektioneins.de/en/blog/16-09-02-pegasus-ios-kernel-vulnerability-explained.html
https://googleprojectzero.blogspot.de/2016/09/return-to-libstagefright-exploiting.html
https://info.lookout.com/rs/051-ESQ-475/images/pegasus-exploits-technical-details.pdf
http://keenlab.tencent.com/en/2016/11/18/A-Link-to-System-Privilege/
https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
https://googleprojectzero.blogspot.de/2016/12/bitunmap-attacking-android-ashmem.html
http://srcincite.io/blog/2016/12/13/word-up-microsoft-word-onetabledocumentstream-underflow.html
https://googleprojectzero.blogspot.de/2016/12/chrome-os-exploit-one-byte-overflow-and.html
2017 (126)
https://googleprojectzero.blogspot.de/2017/02/lifting-hyper-visor-bypassing-samsungs.html
http://blog.quarkslab.com/analysis-of-ms16-104-url-files-security-feature-bypass-cve-2016-3353.html
https://www.endgame.com/blog/chakra-exploit-and-limitations-modern-mitigation-techniques
https://samdb.xyz/revisiting-windows-security-hardening-through-kernel-address-protection/
https://ricklarabee.blogspot.de/2017/01/virtual-memory-page-tables-and-one-bit.html
https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
https://googleprojectzero.blogspot.de/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf
https://scarybeastsecurity.blogspot.de/2017/05/proving-missing-aslr-on-dropboxcom-and.html
https://blogs.technet.microsoft.com/askpfeplat/2017/04/24/windows-10-memory-protection-features/
https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
https://bugzilla.mozilla.org/show_bug.cgi?id=1299686
https://bugzilla.mozilla.org/show_bug.cgi?id=1287266
https://snf.github.io/2017/05/04/exploit-protection-i-page-heap/
https://googleprojectzero.blogspot.de/2017/04/exception-oriented-exploitation-on-ios.html
https://googleprojectzero.blogspot.de/2017/04/exploiting-net-managed-dcom.html
https://grsecurity.net/the_infoleak_that_mostly_wasnt.php
https://www.endgame.com/blog/disarming-control-flow-guard-using-advanced-code-reuse-attacks
https://struct.github.io/oilpan_metadata.html
https://phoenhex.re/2017-06-09/pwn2own-diskarbitrationd-privesc
https://bugs.chromium.org/p/project-zero/issues/detail?id=1258
https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis/
https://blogs.technet.microsoft.com/srd/2017/06/20/tales-from-the-msrc-from-pixels-to-poc/
https://www.thezdi.com/blog/2017/6/26/use-after-silence-exploiting-a-quietly-patched-uaf-in-vmware
http://acez.re/the-weak-bug-exploiting-a-heap-overflow-in-vmware/
https://www.coresecurity.com/blog/solving-post-exploitation-issue-cve-2017-7308
https://blogs.technet.microsoft.com/srd/2017/07/20/englishmansdentist-exploit-analysis/
https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/amp/
https://tyranidslair.blogspot.de/2017/07/dg-on-windows-10-s-executing-arbitrary.html
https://blog.trailofbits.com/2017/08/02/microsoft-didnt-sandbox-windows-defender-so-i-did/
https://googleprojectzero.blogspot.de/2017/08/windows-exploitation-tricks-arbitrary.html
https://beingwinsysadmin.blogspot.de/2017/07/bug-windows-10-default-user-profile-is.html
https://comsecuris.com/blog/posts/path_of_least_resistance/
https://www.zerodayinitiative.com/blog/2017/8/1/pythonizing-the-vmware-backdoor
https://sensepost.com/blog/2017/abusing-gdi-objects-for-ring0-primitives-revolution/
http://blog.talosintelligence.com/2017/08/windbg-and-javascript-analysis.html
https://tyranidslair.blogspot.de/2017/08/the-art-of-becoming-trustedinstaller.html
https://googleprojectzero.blogspot.de/2017/08/bypassing-virtualbox-process-hardening.html
https://alephsecurity.com/2017/08/30/untethered-initroot/
https://kitctf.de/writeups/hitb2017/babyqemu
https://github.com/hatRiot/token-priv/blob/master/abusing_token_eop_1.0.txt
https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/
https://comsecuris.com/blog/posts/vmware_vgpu_shader_vulnerabilities/
https://github.com/nccgroup/CVE-2017-8759/
https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/
https://hatriot.github.io/blog/2017/09/19/abusing-delay-load-dll/
https://github.com/deroko/activationcontexthook
http://www.synacktiv.ninja/posts/exploit/rce-vulnerability-in-hp-ilo.html
https://kvakil.github.io/ropchain.html
https://duo.com/assets/ebooks/Duo-Labs-The-Apple-of-Your-EFI.pdf
https://googleprojectzero.blogspot.de/2017/09/over-air-vol-2-pt-1-exploiting-wi-fi.html
https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf
https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor
https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/
https://www.talosintelligence.com/reports/TALOS-2017-0432
https://googleprojectzero.blogspot.de/2017/10/over-air-vol-2-pt-3-exploiting-wi-fi.html
https://tyranidslair.blogspot.de/2017/10/bypassing-sacl-auditing-on-lsass.html
https://www.zerodayinitiative.com/blog/2017/10/17/wrapping-the-converter-within-foxit-reader
https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing/
https://hvinternals.blogspot.de/2015/10/hyper-v-debugging-for-beginners.html
https://hvinternals.blogspot.de/2017/10/hyper-v-debugging-for-beginners-part-2.html
https://theevilbit.blogspot.de/2017/10/abusing-gdi-objects-bitmap-objects-size.html
https://www.zerodayinitiative.com/blog/2017/10/27/on-the-trail-to-mobile-pwn2own
https://nickbloor.co.uk/2017/10/22/analysis-of-cve-2017-12628/
https://www.zerodayinitiative.com/blog/2017/8/24/deconstructing-a-winning-webkit-pwn2own-entry
https://riscybusiness.wordpress.com/2017/10/07/hiding-your-process-from-sysinternals/
https://statuscode.ch/2017/11/from-markdown-to-rce-in-atom/
https://hackernoon.com/afl-unicorn-part-2-fuzzing-the-unfuzzable-bea8de3540a5
https://signal11.io/index.php/2017/11/19/attacking-uninitialized-variables-with-recursion/
https://bugs.chromium.org/p/project-zero/issues/detail?id=1332
https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
https://bugs.chromium.org/p/chromium/issues/detail?id=766253
https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about
https://salls.github.io/Linux-Kernel-CVE-2017-5123/
https://pleasestopnamingvulnerabilities.com/
https://fail0verflow.com/blog/2017/ps4-crashdump-dump/
https://github.com/Cryptogenic/PS4-4.05-Kernel-Exploit
https://googleprojectzero.blogspot.de/2017/12/apacolypse-now-exploiting-windows-10-in_18.html
https://sww-it.ru/2017-11-06/1493
https://bugs.chromium.org/p/chromium/issues/detail?id=766253
https://blog.xpnsec.com/windows-warbird-privesc/
https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0
http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html
https://www.crowdstrike.com/blog/badrabbit-ms17-010-exploitation-part-two-elevate-privileges/
https://www.zerodayinitiative.com/blog/2017/12/21/vmwares-launch-escape-system
https://blog.blazeinfosec.com/leveraging-web-application-vulnerabilities-to-steal-ntlm-hashes-2/
https://bugs.chromium.org/p/project-zero/issues/detail?id=1358
https://quequero.org/2017/11/arm-exploitation-iot-episode-3/
https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/
https://blogs.bromium.com/browser-isolation-with-microsoft-windows-defender-application-guard/
http://riscy.business/2017/12/lenovos-unsecured-objects/
https://randomascii.wordpress.com/2017/12/10/analyzing-a-confusing-crash/
https://github.com/Cryptogenic/Exploit-Writeups/blob/master/PS4
https://theevilbit.blogspot.in/2017/12/convert-write-where-kernel-exploits.html
https://sites.google.com/site/bingsunsec/the-battle-for-protected-memory
https://media.ccc.de/v/34c3-8720-ios_kernel_exploitation_archaeology
https://cybellum.com/vulnerability-analysis-type-confusion-microsoft-word-2016/
2018 (228)
https://sensepost.com/blog/2018/linux-heap-exploitation-intro-series-bonus-printf-might-be-leaking/
https://doar-e.github.io/blog/2017/12/01/debugger-data-model/
https://blogs.bromium.com/anatomy-of-meltdown-a-technical-journey/
https://www.root-me.org/en/Challenges/App-System/
https://rootkits.xyz/blog/2017/06/kernel-setting-up/
https://randomascii.wordpress.com/2018/01/07/finding-a-cpu-design-bug-in-the-xbox-360/
https://bugs.chromium.org/p/project-zero/issues/detail?id=1272
https://googleprojectzero.blogspot.de/2018/01/reading-privileged-memory-with-side.html
https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html
http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html
https://siguza.github.io/IOHIDeous/
https://blog.xpnsec.com/windows-warbird-privesc/
http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table
https://sandboxescaper.blogspot.de/2018/01/adobe-reader-escape-or-how-to-steal.html
https://blogs.securiteam.com/index.php/archives/3649
https://samsclass.info/127/127_S18.shtml
https://github.com/Coalfire-Research/iOS-11.1.2-15B202-Jailbreak
https://blog.quarkslab.com/reverse-engineering-the-win32k-type-isolation-mitigation.html
http://blog.frizn.fr/glibc/glibc-heap-to-rip
http://blog.ptsecurity.com/2018/02/new-bypass-and-protection-techniques.html
https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/
https://www.zerodayinitiative.com/blog/2018/3/1/vmware-exploitation-through-uninitialized-buffers
https://bazad.github.io/2018/03/a-fun-xnu-infoleak/
https://bazad.github.io/2018/03/ida-kernelcache-class-reconstruction/
https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
https://github.com/0xcl/clang-cfi-bypass-techniques/blob/master/README.md
https://tradahacking.vn/hitcon-2017-ghost-in-the-heap-writeup-ee6384cd0b7
https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/
https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/
https://blog.trailofbits.com/2018/04/04/vulnerability-modeling-with-binary-ninja/
https://blog.zimperium.com/cve-2017-13253-buffer-overflow-multiple-android-drm-services/
https://blog.grimm-co.com/post/heap-overflow-in-the-necp_client_action-syscall/
http://bazad.github.io/2018/04/ios-advanced-kernel-call-jop/
https://www.fireeye.com/blog/threat-research/2018/04/solving-ad-hoc-problems-with-hex-rays-api.html
https://doar-e.github.io/blog/2017/12/01/debugger-data-model/
https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/
http://blogs.360.cn/blog/how-to-kill-a-firefox-en/
https://googleprojectzero.blogspot.de/2018/04/windows-exploitation-tricks-exploiting.html
http://0xeb.net/2018/03/using-z3-with-ida-to-simplify-arithmetic-operations-in-functions/
https://xiaodaozhi.com/exploit/132.html
https://keenlab.tencent.com/en/2018/04/23/A-bunch-of-Red-Pills-VMware-Escapes/
https://arxiv.org/pdf/1804.08470.pdf
https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/
http://moyix.blogspot.de/2018/03/of-bugs-and-baselines.html
https://medium.com/verichains/integer-overflow-simple-but-not-easy-9ebbc58bbaa5
http://blog.seekintoo.com/chimay-red.html
https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
https://www.atredis.com/blog/cylance-privilege-escalation-vulnerability
https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/
http://jndok.github.io/2016/10/04/pegasus-writeup/
https://duo.com/blog/apple-imac-pro-and-secure-storage
http://sploit3r.xyz/cve-2017-13284-injection-in-configuration-file/
https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf
http://blogs.360.cn/blog/save-and-reborn-gdi-data-only-attack-from-win32k-typeisolation-2/
https://lifeasageek.github.io/papers/jeon:hextype.pdf
https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html
https://securelist.com/root-cause-analysis-of-cve-2018-8174/85486/
http://blogs.360.cn/blog/cve-2018-8174-en/
https://googleprojectzero.blogspot.de/2018/05/bypassing-mitigations-by-attacking-jit.html
https://xerub.github.io/ios/iboot/2018/05/10/de-rebus-antiquis.html
https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/
https://xiaodaozhi.com/exploit/156.html
http://blog.ret2.io/2018/05/16/practical-eth-decompilation/
https://blogs.bromium.com/dissecting-pop-ss-vulnerability/
https://igorkorkin.blogspot.com/2018/03/hypervisor-based-active-data-protection.html
https://srcincite.io/blog/2018/05/21/adobe-me-and-a-double-free.html
https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/
https://www.contextis.com/blog/wap-just-happened-my-samsung-galaxy
https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/
https://www.zerodayinitiative.com/blog/2018/5/29/malicious-intent-using-adobe-acrobats-ocg-setintent
https://icrackthecode.github.io/2018/05/29/CVE-2017-2547/
https://dougallj.wordpress.com/2018/06/04/writing-a-hex-rays-plugin-vmx-intrinsics/
http://martin.uy/blog/projects/reverse-engineering/
https://staaldraad.github.io/post/2018-06-03-cve-2018-11235-git-rce/
http://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/
https://landave.io/2018/06/f-secure-anti-virus-remote-code-execution-via-solid-rar-unpacking/
https://insinuator.net/2018/06/new-release-of-glibc-heap-analysis-plugins/
http://blog.ret2.io/2018/06/13/pwn2own-2018-vulnerability-discovery/
https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html
http://blog.tetrane.com/2016/11/reversing-f4b-challenge-part1.html
https://blog.ret2.io/2018/06/19/pwn2own-2018-root-cause-analysis/
https://binary.ninja/2018/06/19/fast-track-to-assembler-writing.html
https://www.zerodayinitiative.com/blog/2018/6/26/mindshare-variant-hunting-with-ida-python
https://david942j.blogspot.com/2018/06/write-up-google-ctf-2018-pwn420-sandbox.html
https://www.coresecurity.com/blog/playing-relayed-credentials
https://labs.portcullis.co.uk/blog/exploiting-inherited-file-handles-in-setuid-programs/
https://doar-e.github.io/blog/2018/05/17/breaking-ledgerctfs-aes-white-box-challenge/
https://www.begin.re/the-workshop
https://googleprojectzero.blogspot.com/2018/06/detecting-kernel-memory-disclosure.html
https://vvdveen.com/publications/dimva2018.pdf
https://bohops.com/2018/06/28/abusing-com-registry-structure-clsid-localserver32-inprocserver32/
https://securelist.com/delving-deep-into-vbscript-analysis-of-cve-2018-8174-exploitation/86333/
https://alephsecurity.com/2018/06/26/spectre-browser-query-cache/
https://azeria-labs.com/process-continuation-shellcode/
https://blog.ret2.io/2018/07/11/pwn2own-2018-jsc-exploit/
http://blogs.360.cn/blog/google-chrome-pdfium-shading-drawing-integer-overflow-lead-to-rce/
https://www.zerodayinitiative.com/blog/2018/7/19/mindshare-an-introduction-to-pykd
https://keenlab.tencent.com/en/2018/07/19/Exploiting-iOS-11-0-11-3-1-Multi-path-TCP-A-walk-through/
https://tyranidslair.blogspot.com/2018/07/uwp-localhost-network-isolation-and-edge.html
http://deniable.org/reversing/binary-instrumentation
https://blog.quarkslab.com/a-story-about-three-bluetooth-vulnerabilities-in-android.html
http://blog.ret2.io/2018/07/25/pwn2own-2018-safari-sandbox/
https://googleprojectzero.blogspot.com/2018/07/drawing-outside-box-precision-issues-in.html
http://michaellynn.github.io/2018/07/27/booting-secure/
https://fail0verflow.com/blog/2018/ps4-aeolia/
https://www.zerodayinitiative.com/blog/2018/8/01/throwing-shade-analysis-of-a-foxit-integer-overflow
https://www.mdsec.co.uk/2018/08/escaping-the-sandbox-microsoft-office-on-macos/
https://blog.talosintelligence.com/2018/08/exploitable-or-not-exploitable-using.html
https://ioactive.com/discovering-and-exploiting-a-vulnerability-in-androids-personal-dictionary/
https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
https://landave.io/2017/07/bitdefender-remote-stack-buffer-overflow-via-7z-ppmd/
https://landave.io/2017/08/bitdefender-heap-buffer-overflow-via-7z-lzma/
http://blogs.360.cn/blog/eos-asset-multiplication-integer-overflow-vulnerability/
https://theevilbit.blogspot.com/2017/11/turning-cve-2017-14961-ikarus-antivirus.html
http://www.greyhathacker.net/?p=1006
https://googleprojectzero.blogspot.com/2018/08/windows-exploitation-tricks-exploiting.html
https://speakerdeck.com/marcograss/exploitation-of-a-modern-smartphone-baseband-white-paper
https://github.com/google/BrokenType
https://blogs.technet.microsoft.com/virtualization/2018/08/14/hyper-v-hyperclear/
http://4ldebaran.blogspot.com/2018/07/covering-ian-beers-exploit-techniques.html
https://googleprojectzero.blogspot.com/2018/08/the-problems-and-promise-of-webassembly.html
https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/
https://lgtm.com/blog/apache_struts_CVE-2018-11776
https://www.contrastsecurity.com/security-influencers/cve-2018-15685
https://objective-see.com/blog/blog_0x36.html
https://www.voidsecurity.in/2018/08/from-compiler-optimization-to-code.html
https://blog.ret2.io/2018/08/28/pwn2own-2018-sandbox-escape/
https://raphlinus.github.io/programming/rust/2018/08/17/undefined-behavior.html
http://mattwarren.org/2018/08/28/Fuzzing-the-.NET-JIT-Compiler/
https://objective-see.com/blog/blog_0x38.html
https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html
https://zwclose.github.io/fguard-exploit/
https://wwws.nightwatchcybersecurity.com/blog/
https://github.com/niklasb/3dpwn
https://phoenhex.re/2018-07-27/better-slow-than-sorry
https://blog.ret2.io/2018/09/11/scalable-security-education/
http://blogs.360.cn/post/indepth_CVE-2018-5002_en.html
https://blog.exodusintel.com/2018/09/10/truekey-the-not-so-uncommon-story-of-a-failed-patch/
https://googleprojectzero.blogspot.com/2018/09/oatmeal-on-universal-cereal-bus.html
https://github.com/TheOfficialFloW/h-encore/blob/master/WRITE-UP.md
https://www.cybereason.com/blog/.net-malware-dropper
https://medium.com/tenable-techblog/advantech-webaccess-unpatched-rce-ffe9f37f8b83
https://www.qualcomm.com/media/documents/files/whitepaper-pointer-authentication-on-armv8-3.pdf
https://blog.exodusintel.com/2018/09/13/to-traverse-or-not-to-that-is-the-question/
https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria
https://blog.quarkslab.com/modern-jailbreaks-post-exploitation.html
https://github.com/externalist/exploit_playground
https://lgtm.com/blog/rsyslog_snprintf_CVE-2018-1000140
https://lgtm.com/security/disclosures
https://xlab.tencent.com/en/2015/08/27/poking-a-hole-in-the-patch/
https://blogs.technet.microsoft.com/srd/2018/03/23/kva-shadow-mitigating-meltdown-on-windows/
https://github.com/yannayl/glibc_malloc_for_exploiters
https://blogs.technet.microsoft.com/askpfeplat/2017/04/24/windows-10-memory-protection-features/
https://www.elttam.com.au/blog/goahead/
https://media.blackhat.com/bh-us-12/Briefings/Tsai/BH_US_12_Tsai_Pan_Exploiting_Windows8_WP.pdf
https://fail0verflow.com/blog/2017/ps4-namedobj-exploit/
https://trusslab.github.io/sugar/webgl_bugs.html
https://gamozolabs.github.io/fuzzing/2018/09/16/scaling_afl.html
http://www.hexblog.com/?p=1248
https://www.x41-dsec.de/lab/blog/fax/
https://blogs.projectmoon.pw/2018/09/15/Edge-Inline-Segment-Use-After-Free/ (CN)
https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html
https://seclists.org/oss-sec/2018/q3/274
https://cyseclabs.com/blog/linux-kernel-heap-spray
https://lgtm.com/blog/apache_struts_CVE-2018-11776-part2
https://phoenhex.re/2018-09-26/safari-array-concat
https://medium.com/@jimmysong/bitcoin-core-bug-cve-2018-17144-an-analysis-f80d9d373362
https://blog.araj.me/state-of-memory-safety-in-linux/
https://github.com/IOActive/FuzzNDIS/
http://phrack.org/papers/escaping_the_java_sandbox.html
http://0xdabbad00.com/wp-content/uploads/2013/04/exploit_mitigation_kill_chain.pdf
https://www.synacktiv.com/ressources/advisories/Vectra_Cognito_cve_2018_14889_14890_14891.pdf
http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part1.html
https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part2.html
https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part3.html
https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part4.html
https://osandamalith.com/2018/02/01/exploiting-format-strings-in-windows/
https://googleprojectzero.blogspot.com/2018/10/365-days-later-finding-and-exploiting.html
https://blog.eclypsium.com/2018/09/06/insecure-firmware-updates-in-server-management-systems/
https://depletionmode.com/zircon-process.html
https://geosn0w.github.io/Jailbreaks-Demystified/
https://blogs.projectmoon.pw/2018/10/07/Use-After-Free-in-mDNSOffloadUserClient-kext/
https://drive.google.com/file/d/1v53GCYPxzoZmB1dCop1yJfZgS1wi64dS/view
https://blogs.securiteam.com/index.php/archives/3766
https://blogs.securiteam.com/index.php/archives/3765
https://outflank.nl/blog/2018/10/12/sylk-xlm-code-execution-on-office-2011-for-mac/
https://tyranidslair.blogspot.com/2018/10/farewell-to-token-stealing-uac-bypass.html
https://leucosite.com/Microsoft-Edge-RCE/
https://www.pentestpartners.com/security-blog/time-travel-debugging-finding-windows-gdi-flaws/
https://labs.nettitude.com/blog/cve-2018-8955-bitdefender-gravityzone-arbitrary-code-execution/
https://googleprojectzero.blogspot.com/2018/10/injecting-code-into-windows-protected.html
https://blog.exodusintel.com/2018/10/16/hpe-imc-a-case-study-on-the-reliability-of-security-fixes/
https://googleprojectzero.blogspot.com/2018/10/deja-xnu.html
https://bugid.skylined.nl/20181017001.html
https://posts.specterops.io/cve-2018-8414-a-case-study-in-responsible-disclosure-ff74c39615ba
https://googleprojectzero.blogspot.com/2018/10/heap-feng-shader-exploiting-swiftshader.html
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
https://blogs.projectmoon.pw/2018/10/26/Chakra-JIT-Loop-LandingPad-ImplicitCall-Bypass/ (CN)
https://blogs.securiteam.com/index.php/archives/3783
https://blogs.securiteam.com/index.php/archives/3786
https://shadowfile.inode.link/blog/2018/10/source-level-debugging-the-xnu-kernel/
https://sandboxescaper.blogspot.com/2018/10/reversing-alpc-where-are-your-windows.html
http://www.phrack.org/papers/viewer_discretion_advised.html
https://semmle.com/news/apple-xnu-kernel-icmp-nfs-vulnerabilities
https://blog.talosintelligence.com/2018/11/TALOS-2018-0636.html
https://insinuator.net/2018/11/h2hc2018/
https://wbenny.github.io/2018/11/04/wow64-internals.html
https://github.com/MorteNoir1/virtualbox_e1000_0day
https://raw.githubusercontent.com/akayn/Bugs/master/ZDI-CAN-5622/README.md
https://github.com/saelo/pwn2own2018
https://blog.xyz.is/2018/enso.html
https://nafiez.github.io/security/pointer/2018/11/09/Microsoft-win32ksys-invalid-pointer.html
https://www.voidsecurity.in/2018/11/virtualbox-vmsvga-vm-escape.html
https://justi.cz/security/2018/11/14/gvisor-lpe.html
https://duo.com/labs/research/secure-boot-in-the-era-of-the-t2
https://github.com/airbus-seclab/bincat
https://tyranidslair.blogspot.com/2018/11/finding-windows-rpc-client.html
https://github.com/tharina/BlackHoodie-2018-Workshop
https://yurichev.com/blog/int_over/
https://bugs.chromium.org/p/project-zero/issues/detail?id=1644
https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-protected.html
https://huhong-nus.github.io/advanced-DOP/papers/dop.pdf
https://www.zerodayinitiative.com/blog/2018/12/4/directx-to-the-kernel
https://blog.k3170makan.com/2018/11/glibc-heap-exploitation-basics.html?spref=tw
https://sec-consult.com/en/blog/2017/11/the-art-of-fuzzing-slides-and-demos/index.html
https://blogs.projectmoon.pw/2018/11/30/A-Late-Kernel-Bug-Type-Confusion-in-NECP/ (CN)
https://geosn0w.github.io/Debugging-macOS-Kernel-For-Fun/
https://blogs.securiteam.com/index.php/archives/3796
https://medium.com/tenable-techblog/remotely-exploiting-zoom-meetings-5a811342ba1d
https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-1.html
https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-2.html
https://github.com/niklasb/sploits
https://securelist.com/zero-day-in-windows-kernel-transaction-manager-cve-2018-8611/89253/
https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html
https://go.armis.com/bleedingbit
https://blogs.technet.microsoft.com/srd/2018/12/10/first-steps-in-hyper-v-research/
https://hernan.de/blog/2018/10/30/super-hexagon-a-journey-from-el0-to-s-el3/
https://embedi.org/blog/nuclear-explotion/
https://github.com/fireeye/flare-emu
https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-4.html
https://research.checkpoint.com/50-adobe-cves-in-50-days/
https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-5.html
https://rootkits.xyz/blog/tag/exploitation/
https://googleprojectzero.blogspot.com/2018/12/searching-statically-linked-vulnerable.html
https://www.zerodayinitiative.com/blog/2018/12/17/seeing-double-exploiting-a-blind-spot-in-memgc
https://googleprojectzero.blogspot.com/2018/12/on-vbscript.html
https://www.zerodayinitiative.com/blog/2018/12/21/zdi-18-1372-the-elegant-bypass
https://medium.com/tenable-techblog/exploiting-an-18-year-old-bug-b47afe54172
https://abiondo.me/2019/01/02/exploiting-math-expm1-v8/
http://www.alex-ionescu.com/?p=377
https://googleprojectzero.blogspot.com/2019/01/taking-page-from-kernels-book-tlb-issue.html
https://posts.specterops.io/razer-synapse-3-elevation-of-privilege-6d2802bd0585
https://doar-e.github.io/blog/2018/11/19/introduction-to-spidermonkey-exploitation/
2019 (?)
https://github.com/airbus-seclab/bincat
https://lgtm.com/blog/ghostscript_typeconfusion
https://labs.mwrinfosecurity.com/blog/what-the-fuzz/
https://blog.exodusintel.com/2019/01/22/exploiting-the-magellan-bug-on-64-bit-chrome-desktop/
http://blogs.360.cn/post/IPC%20Voucher%20UaF%20Remote%20Jailbreak%20Stage%202%20(EN).html.html)
https://salls.github.io/Linux-Kernel-CVE-2017-5123/
http://www.alex-ionescu.com/?p=471
https://blogs.technet.microsoft.com/srd/2019/01/28/fuzzing-para-virtualized-devices-in-hyper-v/
http://blogs.360.cn/post/IPC%20Voucher%20UaF%20Remote%20Jailbreak%20Stage%202%20(EN).html.html)
https://github.com/JeremyFetiveau/TurboFan-exploit-for-issue-762874
https://googleprojectzero.blogspot.com/2019/01/voucherswap-exploiting-mig-reference.html
https://blog.fuzzing-project.org/65-When-your-Memory-Allocator-hides-Security-Bugs.html
https://www.zerodayinitiative.com/blog/2019/1/31/implementing-fuzz-logics-with-dharma
https://googleprojectzero.blogspot.com/2019/02/examining-pointer-authentication-on.html
https://github.com/google/fuzzer-test-suite/blob/master/tutorial/structure-aware-fuzzing.md
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
https://lgtm.com/blog/ghostscript_CVE-2018-19134_exploit
https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html
https://www.jaybosamiya.com/blog/2019/01/02/krautflare/
https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html
https://tyranidslair.blogspot.com/2019/02/a-brief-history-of-basenamedobjects-on.html
https://doar-e.github.io/blog/2019/01/28/introduction-to-turbofan/
https://github.com/vngkv123/aSiagaming/tree/master/Chrome-v8-906043
https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
https://medium.com/tenable-techblog/make-it-rain-with-mikrotik-c90705459bc6
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
https://www.auxy.xyz/tutorial/Webkit-Exp-Tutorial/#
https://duo.com/labs/research/apple-t2-xpc
https://medium.com/@fsx30/bypass-edrs-memory-protection-introduction-to-hooking-2efb21acffd6
https://labs.mwrinfosecurity.com/blog/ventures-into-hyper-v-part-1-fuzzing-hypercalls
https://tyranidslair.blogspot.com/2019/02/accessing-access-tokens-for-uiaccess.html
https://stek29.rocks/2019/02/15/touchbar-eosd
https://saelo.github.io/papers/thesis.pdf
https://tyranidslair.blogspot.com/2019/02/ntfs-case-sensitivity-on-windows.html
https://research.checkpoint.com/extracting-code-execution-from-winrar/
https://blog.talosintelligence.com/2019/02/windbg-malware-analysis-with-javascript.html
https://github.com/mwrlabs/3d-accelerated-exploitation
https://www.antid0te.com/blog/19-02-22-ios-kernel-backtrace-information-leak-vulnerability.html
https://kciredor.com/fuzzing-adobe-reader-for-exploitable-vulns-fun-not-profit.html
https://www.malwaretech.com/2019/03/analyzing-a-windows-dhcp-server-bug-cve-2019-0626.html
https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/
https://melligra.fun/webkit/2019/02/15/cve-2018-4441/
http://blogs.360.cn/post/Binder_Kernel_Vul_EN.html
https://www.malwaretech.com/2019/03/analyzing-a-windows-dhcp-server-bug-cve-2019-0626.html
https://azeria-labs.com/heap-exploitation-part-1-understanding-the-glibc-heap-implementation/
https://googleprojectzero.blogspot.com/2019/03/android-messaging-few-bugs-short-of.html
https://www.zerodayinitiative.com/blog/2019/3/6/webaccess-uncontrol
https://blog.zecops.com/vulnerabilities/analysis-and-reproduction-of-cve-2019-7286/
https://blog.tetrane.com/2019/Analysis-Windows-PatchGuard.html
https://tyranidslair.blogspot.com/2019/03/windows-object-case-sensitivity.html
https://blog.because-security.com/t/ghidra-wiki/431
https://perception-point.io/resources/research/cve-2019-0539-exploitation/
https://pulsesecurity.co.nz/articles/TPM-sniffing
http://blogs.360.cn/post/RootCause_CVE-2019-0808_EN.html
https://www.zerodayinitiative.com/blog/2019/3/14/the-apple-bug-that-fell-near-the-webkit-tree
https://googleprojectzero.blogspot.com/2019/03/windows-kernel-logic-bug-class-access.html
https://labs.mwrinfosecurity.com/advisories/windows-dhcp-client/
https://offsec.provadys.com/intro-to-file-operation-abuse-on-Windows.html
https://blog.exodusintel.com/2019/02/20/cve-2019-5786-analysis-and-exploitation/
https://github.com/googleprojectzero/fuzzilli
https://blogs.technet.microsoft.com/srd/2019/03/19/vulnerability-hunting-with-semmle-ql-part-2/
https://research.checkpoint.com/karta-matching-open-sources-in-binaries/
https://gracefulbits.com/2019/03/25/some-notes-on-identifying-exit-and-hypercall-handlers-in-hyperv/
https://blog.zecops.com/vulnerabilities/exploit-of-cve-2019-7286/
https://medium.com/0xcc/one-liner-safari-sandbox-escape-exploit-91082ddbe6ef
https://bugs.chromium.org/p/project-zero/issues/detail?id=1791
https://countercept.com/blog/analysis-shadowhammer-asus-attack-first-stage-payload/
https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/
https://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514/
https://googleprojectzero.blogspot.com/2019/04/splitting-atoms-in-xnu.html
https://www.somersetrecon.com/blog/2019/ghidra-plugin-development-for-vulnerability-research-part-1
https://ssd-disclosure.com/index.php/archives/3944
https://www.malwaretech.com/2019/04/analysis-of-a-vb-script-heap-overflow.html
https://googleprojectzero.blogspot.com/2019/04/virtually-unlimited-memory-escaping.html
https://www.fortinet.com/blog/threat-research/rpc-bug-hunting-case-studies---part-2.html
https://www.shogunlab.com/blog/2019/04/12/here-be-dragons-ghidra-0.html
https://tthtlc.wordpress.com/2019/03/16/afl-unicorn-what-is-it-and-how-to-use-it/
https://googleprojectzero.blogspot.com/2019/04/windows-exploitation-tricks-abusing.html
https://securelist.com/new-win32k-zero-day-cve-2019-0859/90435/
https://blog.zecops.com/vulnerabilities/analyzing-the-ios-telugu-crash-part-i/
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
https://outflank.nl/blog/2019/04/17/bypassing-amsi-for-vba/
https://sensepost.com/blog/2019/understanding-peap-in-depth/
https://www.corelan.be/index.php/2019/04/23/windows-10-egghunter/
https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
https://medium.com/0xcc/rootpipe-reborn-part-ii-e5a1ffff6afe
https://theofficialflow.github.io/2019/04/26/chromacity.html
https://www.vdalabs.com/2019/04/25/microsoft-security-risk-detection-0day-in-verypdf-reader-part-1/
https://harrisonsand.com/imsi-catcher/
https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
https://sparkes.zone/blog/ios/2019/04/30/machswap-ios-12-kernel-exploit.html
https://blog.quarkslab.com/android-application-diffing-cve-2019-10875-inspection.html
https://kciredor.com/throwing-500-vms-fuzzing-target-individual-security-researcher.html
https://www.darkmatter.ae/papers-articles/from-zero-to-tfp0-part-1-prologue/
http://phrack.org/papers/jit_exploitation.html
https://doar-e.github.io/blog/2019/05/09/circumventing-chromes-hardening-of-typer-bugs/
https://googleprojectzero.blogspot.com/2019/05/trashing-flow-of-data.html
https://expertmiami.blogspot.com/2019/05/what-is-scudo-hardened-allocator_10.html
https://research.checkpoint.com/the-nso-whatsapp-vulnerability-this-is-how-it-happened/
https://phoenhex.re/2019-05-15/non-jit-bug-jit-exploit
https://blog.semmle.com/introduction-to-variant-analysis-part-2/
http://blog.ptsecurity.com/2019/05/dhcp-security-in-windows-10-analyzing.html
https://blog.exodusintel.com/2019/05/17/windows-within-windows/
https://liveoverflow.com/getting-into-browser-exploitation-new-series-introduction-browser-0x00/
https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf
https://blog.zecops.com/vulnerabilities/analysis-and-poc-of-content-filter-kernel-use-after-free/
https://liveoverflow.com/setup-and-debug-javascriptcore-webkit-browser-0x01/
https://phoenhex.re/2019-05-26/attribution-is-hard-at-least-for-dock
https://blogs.technet.microsoft.com/srd/2019/05/29/time-travel-debugging-its-a-blast-from-the-past/
https://medium.com/@straightblast426/a-debugging-primer-with-cve-2019-0708-ccfa266682f6
https://zerosum0x0.blogspot.com/2019/05/avoiding-dos-how-bluekeep-scanners-work.html
http://allsoftwaresucks.blogspot.com/2019/05/reverse-engineering-samsung-exynos-9820.html
https://rce.wtf/2019/05/04/jsc.html
https://www.malwaretech.com/2019/05/analysis-of-cve-2019-0708-bluekeep.html
https://medium.com/@stankoja/v8-bug-hunting-part-1-setting-up-the-debug-environment-7ef34dc6f2de
https://gamozolabs.github.io/fuzzing/2018/10/14/vectorized_emulation.html
https://rayanfam.com/topics/finding-the-real-access-rights-needed-by-handles/
https://security.googleblog.com/2019/06/pha-family-highlights-triada.html
https://rce.wtf/2019/05/28/Safari.html
https://medium.com/@lerner98/skiptracing-reversing-spotify-app-3a6df367287d
https://rce.wtf/2019/06/10/w2k.html
https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm
https://0x00-0x00.github.io/research/2019/05/30/Coding-a-reliable-CVE-2019-0841-Bypass.html
https://blog.rapid7.com/2019/06/12/heap-overflow-exploitation-on-windows-10-explained/
https://dirkjanm.io/exploiting-CVE-2019-1040-relay-vulnerabilities-for-rce-and-domain-admin/
https://liveoverflow.com/webkit-regexp-exploit-addrof-walk-through-browser-0x04/
https://theofficialflow.github.io/2019/06/18/trinity.html
https://github.com/houjingyi233/office-exploit-case-study
https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/
https://ai.google/research/pubs/pub48285
https://bordplate.no/blog/en/post/crashplan-privilege-escalation/
https://objective-see.com/blog/blog_0x43.html
https://github.com/CptGibbon/House-of-Corrosion
https://msrc-blog.microsoft.com/2019/06/25/inside-the-msrc-customer-centric-incident-response/
https://research.checkpoint.com/thumbs-up-using-machine-learning-to-improve-idas-analysis/
http://blog.ret2.io/2019/06/26/attacking-intel-tsx/
https://msrc-blog.microsoft.com/2019/06/27/inside-the-msrc-anatomy-of-a-ssirp-incident/
https://unit42.paloaltonetworks.com/tale-of-a-windows-error-reporting-zero-day-cve-2019-0863/
https://posts.specterops.io/cve-2019-13142-razer-surround-1-1-63-0-eop-f18c52b8be0c
https://doar-e.github.io/blog/2019/06/17/a-journey-into-ionmonkey-root-causing-cve-2019-9810/
https://secfault-security.com/blog/FreeBSD-SA-1902.fd.html
https://phoenhex.re/2019-07-10/ten-months-old-bug
https://blog.quarkslab.com/cve-2018-6924-freebsd-elf-header-parsing-kernel-memory-disclosure.html
https://gts3.org/2019/turbofan-BCE-exploit.html
https://www.microsoft.com/en-us/research/uploads/prod/2019/07/Pointer-Tagging-for-Memory-Safety.pdf
https://d4stiny.github.io/Local-Privilege-Escalation-on-most-Dell-computers/
https://trustfoundry.net/basic-rop-techniques-and-tricks/
https://liveoverflow.com/arbitrary-read-and-write-in-webkit-exploit-browser-0x08/
https://github.com/RUB-SysSec/nautilus/tree/master/gramophone
https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-3969-b6a34cc85e67