Exploit development in kernel mode

Buffer overflows

Stack-based buffer overrun

Stack buffer overrun

Nr URL Description Date Author OS/Arch Info
1 http://sysc.tl/2009/07/04/cve-2008-3531-... CVE-2008-3531: FreeBSD kernel stack overflow exploit development 04-07-2009 Patroklos (argp) Argyroudis FreeBSD CVE-2008-3531
2 http://blog.0x80.org/kernel-stack-overfl... Kernel stack overflows (basics) 18-01-2013 Essa Alkuwari Linux N/A
3 https://www.nccgroup.trust/uk/about-us/n... Writing Exploits for Win32 Systems from Scratch 23-06-2016 Nacho Sorribas Windows x32 CVE-2003-0264
4 https://labs.mwrinfosecurity.com/assets/... Hello MS08-067, My Old Friend! xx-11-2016 Jason Matthyser Windows MS08-067

Stack overflow

Nr URL Description Date Author OS/Arch Info
1 http://jon.oberheide.org/blog/2010/11/29... Exploiting Stack Overflows in the Linux Kernel 29-11-2010 Jon Oberheide Linux N/A
2 https://googleprojectzero.blogspot.de/20... Exploiting Recursion in the Linux Kernel 20-06-2016 Jann Horn Linux N/A

Heap/Pool-based buffer overrun

Off-by-one errors
Nr URL Description Date Author OS/Arch Info
1 http://blog.coresecurity.com/2012/05/10/... THE BIG TRICK BEHIND EXPLOIT MS12-034 10-05-2012 Nicolas Economou Windows, x86-32 CVE-2010-2743
2 http://poppopret.org/2013/11/20/csaw-ctf... CSAW CTF 2013 Kernel Exploitation Challenge 20-11-2013 Michael Coppola Linux N/A
3 https://cyseclabs.com/blog/cve-2016-6187... CVE-2016-6187: Exploiting Linux kernel heap off-by-one 16-10-2010 Vitaly Nikolenko Linux CVE-2016-6187

Heap/Pool buffer overrun

Nr URL Description Date Author OS/Arch Info
1 http://isec.pl/papers/linux_kernel_do_br... Linux Kernel do_brk() Vulnerability 04-12-2003 http://isec.pl/ Linux CAN-2003-0961
2 https://web.archive.org/web/201205160320... The story of exploiting kmalloc() overflows 20-09-2005 Sebastian (qobaiashi) Haase Linux N/A
3 http://blog.coresecurity.com/2011/08/24/... Looking behind the curtain: Making exploits work like they do in the movies... 24-08-2011 Nicolas Economou Windows, x32 CVE-2011-1283
4 http://jon.oberheide.org/blog/2010/09/10... Linux Kernel CAN SLUB Overflow 27-11-2010 Jon Oberheide Linux CVE-2010-2959
5 http://vsecurity.com/download/papers/slo... A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator 22-01-2012 Dan Rosenberg Linux N/A
6 http://blog.ptsecurity.com/2013/02/surpr... Surprise for Network Resources from kernel32 (MS12-081, Detailed Analysis of Vulnerability in Microsoft File Handling Component) 11-02-2013 Kirill Nesterov Windows N/A
7 https://labs.mwrinfosecurity.com/blog/20... MWR Labs Pwn2Own 2013 Write-up - Kernel Exploit 06-09-2013 mwrinfosecurity.com Windows 7, x86-32 CVE-2013-1300
8 http://resources.infosecinstitute.com/ex... Exploiting Linux Kernel Heap Corruptions (SLUB Allocator) 19-11-2013 Mohammed Ghannam Linux N/A
9 http://labs.portcullis.co.uk/blog/cve-20... CVE-2013-5065: NDProxy array indexing error unpatched vulnerability 06-12-2013 MTB Windows XP SP3 CVE-2013-5065
10 http://blog.includesecurity.com/2014/03/... How to exploit the x32 recvmmsg() kernel vulnerability CVE 2014-0038 06-03-2014 ? Linux CVE-2014-0038
11 http://doar-e.github.io/blog/2014/03/11/... First Dip Into the Kernel Pool : MS10-058 11-03-2014 Jeremy (__x86) Fetiveau Windows CVE-2010-1893
12 http://blogs.flexerasoftware.com/vulnera... Yet Another Windows GDI Story 22-04-2015 Hossein Lotfi Windows CVE-2015-1645
13 https://cturt.github.io/dlclose-overflo... Analysis of sys_dynlib_prepare_dlclose PS4 kernel heap overflow xx-xx-2015 CTurt, qwertyoruiop PS4 N/A
14 http://blog.talosintel.com/2015/10/dange... DANGEROUS CLIPBOARD: ANALYSIS OF THE MS15-072 PATCH 20-10-2015 Marcin Noga, Jaeson Schultz Windows CVE-2015-2364
15 https://blog.zimperium.com/analysis-of-... Analysis of iOS & OS X Vulnerability: CVE-2016-1722 21-01-2016 Nikias Bassen, Joshua Drake iOS CVE-2016-1722
16 https://reverse.put.as/2016/01/22/rever... Reversing Apple’s syslogd bug 22-01-2016 osxreverser iOS CVE-2016-1722
17 https://www.nettitude.co.uk/exploiting-... Exploiting a Kernel Paged Pool Buffer Overflow in Avast Virtualization Driver 17-02-2016 Kyriakos Economou Windows CVE-2015-8620
18 https://bugs.chromium.org/p/project-zer... Windows Kernel ATMFD.DLL NamedEscape 0x250C pool corruption 25-03-2016 j00ru Windows CVE-2016-3220
19 [https://cturt.github.io/dlclose-overflo...][https://cturt.github.io/dlclose-overflow.html] Analysis of sys_dynlib_prepare_dlclose PS4 kernel heap overflow xx-xx-2016 CTurt, qwertyoruiop PS4 N/A
20 https://cturt.github.io/sendmsg.html Analysis of CVE-2016-1887, sendmsg FreeBSD kernel heap overflow xx-04-2016 CTurt FreeBSD CVE-2016-1887
21 https://cturt.github.io/SETFKEY.html Analysis of CVE-2016-1886, SETFKEY FreeBSD kernel vulnerability xx-04-2016 CTurt FreeBSD CVE-2016-1886
22 https://blog.coresecurity.com/2016/06/... MS16-039 - "Windows 10" 64 bits Integer Overflow exploitation by using GDI objects 28-06-2016 Nicolas Economou Windows 10 x64 CVE-2016-0165
23 http://trackwatch.com/kernel-pool-over... Kernel Pool Overflow Exploitation In Real World – Windows 10 26-07-2017 Philippe Windows 10 CVE-2017-7441
24 https://www.antid0te.com/blog.html setattrlist() iOS Kernel Vulnerability Explained 04-08-2017 Stefan Esser N/A
25 http://srcincite.io/blog/2017/09/06/sh... Sharks in the Pool :: Mixed Object Exploitation in the Windows Kernel Pool 06-09-2017 Steven Windows N/A
26 https://siberas.de/blog/2017/10/05/exp... Kernel Exploitation Case Study - "Wild" Pool Overflow on Win10 x64 RS2 (CVE-2016-3309 Reloaded) 05-10-2017 Sebastian Apelt Windows 10 CVE-2016-3309

Integer issues

Nr URL Description Date Author OS/Arch Info
1 https://media.blackhat.com/bh-us-11/Esse... Exploiting the iOS Kernel 13-07-2011 Stefan Esser iOS N/A
2 http://esec-lab.sogeti.com/post/Analysis... Analysis of the jailbreakme v3 font exploit 18-07-2011 jean iOS CVE-2011-0226, CVE-2011-0227
3 https://web.archive.org/web/201402090016... CVE-2012-0148: A Deep Dive Into AFD 17-02-2012 Tarjei (kernelpool) Mandt Windows 7, x86-64 CVE-2012-0148
4 https://web.archive.org/web/201308171134... sd@fucksheep.org's semtex.c: Local Linux root exploit, 2.6.37-3.8.8 inclusive (and 2.6.32 on CentOS) 0-day 15-05-2013 spender Linux CVE-2013-2094
5 http://timetobleed.com/a-closer-look-at-... A closer look at a recent privilege escalation bug in Linux (CVE-2013-2094) 20-05-2013 Joe Damato Linux CVE-2013-2094
6 https://www.blackhat.com/docs/us-14/mate... QSEE TrustZone Kernel Integer Overflow Vulnerability 01-07-2014 Dan Rosenberg - N/A
7 http://randomthoughts.greyhats.it/2014/1... Mac OS X local privilege escalation (IOBluetoothFamily) 30-10-2014 Roberto Paleari, joystick - N/A
8 http://blog.beyondtrust.com/the-delicate... The Delicate Art of Remote Checks – A Glance Into MS15-034 15-04-2015 Bill Finlayson Windows http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635
9 https://blog.sucuri.net/2015/04/website-... Critical Microsoft IIS Vulnerability Leads to RCE (MS15-034) 16-04-2015 Rafael Capovilla Windows http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635
10 http://www.securitysift.com/an-analysis-... An Analysis Of MS15-0341 18-04-2015 Mike Czumak Windows http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635
11 https://community.qualys.com/blogs/secur... MS15-034 Analysis And Remote Detection 20-04-2015 Ses Wang Windows http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635
12 https://blog.coresecurity.com/2015/09/17... MS15-083 – Microsoft Windows SMB Memory Corruption Vulnerability 17-09-2015 Nicolas Economou Windows CVE-2015-2474
13 http://theroot.ninja/disclosures/TRUSTNO... TRUSTNONE 28-11-2015 Sean Beaupre TrustZone N/A
14 http://hmarco.org/bugs/CVE-2015-8370-Gru... Back to 28: Grub2 Authentication 0-Day 14-12-2015 Hector Marco, Ismael Ripoll Grub CVE-2015-8370

NULL pointer issues

Nr URL Description Date Author OS/Arch Info
1 http://blog.ksplice.com/2010/04/exploiti... Much ado about NULL: Exploiting a kernel NULL dereference 13-04-2010 nelhage Linux, x86 N/A
2 http://j00ru.vexillium.org/?p=1272 Introducing the USB Stick of Death 21-10-2012 Mateusz (j00ru) Jurczyk Windows, x86-64 N/A
3 http://endgame.com/news/microsoft-win32k... Microsoft Win32k NULL Page Vulnerability Technical Analysis xx-10-2013 Dan Zentner Windows 7 CVE-2013-3881
4 http://immunityproducts.blogspot.de/2013... Exploiting CVE-2013-3881: A Win32k NULL Page Vulnerability 04-11-2013 Nicolas Waisman Windows 7 CVE-2013-3881
5 http://blog.spiderlabs.com/2013/12/the-k... The Kernel is calling a zero(day) pointer – CVE-2013-5065 – Ring Ring 11-12-2013 Ben Hayak Windows XP SP3 CVE-2013-5065
6 http://blog.trendmicro.com/trendlabs-sec... An Analysis of A Windows Kernel-Mode Vulnerability (CVE-2014-4113) 19-10-2014 Weimin Wu Windows CVE-2014-4113
7 https://www.codeandsec.com/CVE-2014-4113... CVE-2014-4113 Detailed Vulnerability and Patch Analysis 24-10-2014 ? Windows CVE-2014-4113
8 http://www.exploit-db.com/docs/35937.pdf... Analysis of CVE-2014-4113 xx-10-2014 Ronnie Johndas Windows CVE-2014-4113
9 http://www.jodeit.org/research/Exploitin... Exploiting CVE-2014-4113 on Windows 8.1 31-10-2014 Moritz Jodeit Windows 8.1 CVE-2014-4113
10 http://blog.qwertyoruiop.com/?p=69 About the “tpwn” Local Privilege Escalation 01-09-2015 Adam (@jk9357) Mac OS X N/A
11 http://istuarysec.blogspot.ca/2015/09/cve... CVE-2015-5275 (Whiteheat USB-Serial Driver vulnerability) 17-09-2015 Moein Ghasemzadeh Linux CVE-2015-5275
12 http://blog.talosintelligence.com/2016/04... Vulnerability Deep Dive: Exploiting the Apple Graphics Driver and Bypassing KASLR 07-04-2016 WILLIAM LARGENT Mac OS X CVE-2016-1743

Data type confusion

Nr URL Description Date Author OS/Arch Info
1 https://code.google.com/p/google-securit... Windows: NtCreateTransactionManager Type Confusion Elevation of Privilege 30-01-2015 James Forshaw Windows CVE-2015-1643

Object lifetime issues


Nr URL Description Date Author OS/Arch Info
1 http://www.vupen.com/blog/20101018.Stuxn... Technical Analysis of the Windows Win32K.sys Keyboard Layout Stuxnet Exploit 18-10-2010 Sebastien Renaud Windows, x86-32 CVE-2010-2743
2 http://j00ru.vexillium.org/?p=893 CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability 12-07-2011 Mateusz (j00ru) Jurczyk Windows, x86-32 CVE-2011-1281
3 http://j00ru.vexillium.org/?p=1479 CVE-2012-2553: Windows Kernel VDM use-after-free in win32k.sys 18-12-2012 Mateusz (j00ru) Jurczyk Windows CVE-2012-2553
4 https://www.nccgroup.trust/uk/about-us/n... Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE-2015-0057) bug on both 32-bit and 64-bit 08-07-2015 Aaron Adams Windows CVE-2015-0057
5 http://breakingmalware.com/vulnerabilitie... Class Dismissed: 4 Use-After-Free Vulnerabilities in Windows 14-07-2015 Udi Yavo Windows CVE-2015-1701
6 https://www.nccgroup.trust/us/about-us/ne... Exploiting MS15-061 Use-After-Free Windows Kernel Vulnerability 27-08-2015 Dominic Wang Windows CVE-2015-2360
7 http://hdwsec.fr/blog/CVE-2015-0057.html [MS15-010 / CVE-2015-0057] Exploitation 17-12-2015 Jean-Jamil Khalife Windows 8.1 x64 CVE-2015-0057
8 https://www.fireeye.com/content/dam/firee... CVE-2015-2546 – tagPOPUPMENU Use-After-Free (UAF) Privilege Escalation Exploit xx-xx-2015 Elia Florio, FireEye Windows CVE-2015-2546
9 https://cyseclabs.com/page?n=02012016 CVE-2014-2851 group_info UAF Exploitation 02-01-2016 Vitaly Nikolenko Linux CVE-2014-2851
10 https://github.com/keenjoy95/bh-asia-16/b... A New CVE-2015-0057 Exploit Technology 28-09-2015 Yu Wang Windows CVE-2015-0057
11 https://bazad.github.io/2016/05/mac-os-x-... Mac OS X Privilege Escalation via Use-After-Free: CVE-2016-1828 17-05-2016 Brandon Azad Mac OS X CVE-2016-1828
12 http://blog.ptsecurity.com/2017/05/a-clos... A closer look at the CVE-2017-0263 privilege escalation vulnerability in Windows 18-05-2017 Positive Research Windows CVE-2017-0263


Nr URL Description Date Author OS/Arch Info
1 http://www.siberas.de/papers/Pwn2Own_201... Pwn2Own 2014 - AFD.SYS DANGLING POINTER VULNERABILITY 11-07-2014 Sebastian Apelt Windows CVE-2014-1767
2 https://web.archive.org/web/201411212105... CVE-2014-1767 Afd.sys double-free vulnerability Analysis and Exploit 19-11-2014 0x710DDDD Windows CVE-2014-1767
3 http://ricklarabee.blogspot.de/2016/02/w... Walkthrough and PoC for CVE-2014-1767: AFD.sys dangling pointer (MS14-040) - Windows 7, 32bit 05-02-2016 ricklarabee Windows CVE-2014-1767
4 https://xairy.github.io/blog/2016/cve-20... CVE-2016-2384: arbitrary code execution due to a double-free in the usb-midi linux kernel driver 22-02-2016 andreyknvl/xairy Linux CVE-2016-2384

Race conditions

Nr URL Description Date Author OS/Arch Info
1 http://blog.includesecurity.com/2014/06/... Exploiting CVE-2014-0196 a walk-through of the Linux pty race condition PoC 03-06-2014 Samuel Groß Linux CVE-2010-0196
2 https://web.archive.org/web/201503280116... CVE-2014-4699: Linux Kernel ptrace/sysret vulnerability analysis 21-07-2014 Vitaly Nikolenko Linux CVE-2014-4699
3 https://www.insinuator.net/2015/12/xen-x... Xen XSA 155: Double fetches in paravirtualized devices 17-12-2015 Felix Wilhelm Xen XSA 155
4 https://marcograss.github.io/security/ap... [CVE-2016-1824] Apple IOHIDFamily kernel race condition as root 16-05-2016 Marco Grass Mac OS X CVE-2016-1824
5 https://a13xp0p0v.github.io/2017/03/24/C... CVE-2017-2636: exploit the race condition in the n_hdlc Linux kernel driver bypassing SMEP 24-03-2017 Alexander Popov Linux CVE-2017-2636
6 https://chao-tic.github.io/blog/2017/05/... Dirty COW and why lying is bad even if you are the Linux kernel 24-05-2017 Chao-tic Linux CVE-2016-5195
7 http://blog.tetrane.com/2017/09/dirtyc0w... Reversing DirtyC0W 25-09-2017 fred Linux CVE-2016-5195

Non-memory-corruption issues

Access Control/Permisson Issues

Nr URL Description Date Author OS/Arch Info
1 http://labs.portcullis.co.uk/blog/in-the... In the lab, popping CVE-2013-2171 for FreeBSD 9.0… 11-12-2013 TMB FreeBSD CVE-2013-2171
2 https://github.com/stealth/troubleshooter troubleshooter 02-04-2015 stealth Linux N/A
3 http://googleprojectzero.blogspot.de/201... In-Console-Able 04-05-2015 James Forshaw Windows N/A
4 http://googleprojectzero.blogspot.de/201... Between a Rock and a Hard Link 04-12-2015 James Forshaw Windows CVE-2015-4481

Implementation Errors

I.e. failing to perform sufficient validation, improper data handling, etc.

Nr URL Description Date Author OS/Arch Info
1 http://blog.azimuthsecurity.com/2013/02/... From USR to SVC: Dissecting the 'evasi0n' Kernel Exploit 13-02-2013 Tarjei Mandt iOS N/A
2 http://researchcenter.paloaltonetworks.c... CVE-2014-7911 – A Deep Dive Analysis of Android System Service Vulnerability and Exploitation 06-01-2015 Yaron Lavi, Nadav Markus Android CVE-2014-7911
3 http://blog.trendmicro.com/trendlabs-sec... Exploring CVE-2015-1701 — A Win32k Elevation of Privilege Vulnerability Used in Targeted Attacks 22-05-2015 Jack Tang Windows CVE-2015-1701
4 http://googleprojectzero.blogspot.co.uk/... Windows Drivers are True’ly Tricky 15-10-2015 James Forshaw Windows CVE-2015-7358
5 https://googleprojectzero.blogspot.de/2... Race you to the kernel! 22-03-2016 Ian Beer Mac OS X CVE-2016-1757

Information leakage

Nr URL Description Date Author OS/Arch Info
1 http://sysexit.wordpress.com/2014/11/12/... ANALYSIS OF CVE-2014-8476: A FREEBSD KERNEL MEMORY DISCLOSURE VULNERABILITY 12-11-2014 fdfalcon FreeBSD CVE-2012-5976

Uninitialized memory

Nr URL Description Date Author OS/Arch Info
1 http://esec-lab.sogeti.com/posts/2010/12... CVE-2010-3830 - iOS < 4.2.1 packet filter local kernel vulnerability 18-12-2010 Jean iOS < 4.2.1 CVE-2010-3830
2 http://j00ru.vexillium.org/blog/20_05_12... The story of CVE-2011-2018 exploitation xx-04-2012 Mateusz (j00ru) Jurczyk Windows, x86-32 CVE-2011-2018
3 http://seclists.org/fulldisclosure/2013/... exploitation ideas under memory pressure 17-05-2013 Tavis Ormandy Windows CVE-2013-3130
4 https://cturt.github.io/compat-info-leaks.html Analysis of stack disclosure vulnerabilities in FreeBSD compatibility layers xx-xx-2016 CTurt FreeBSD N/A
5 http://ioctl.ir/index.php/2016/02/13/cve... CVE-2016-0040 Story of uninitialized pointer 13-02-2016 Meysam (R00tkitSMM) Firozi Windows CVE-2016-0040
6 http://www.payatu.com/uninitialized-stac... UNINITIALIZED STACK VARIABLE – WINDOWS KERNEL EXPLOITATION 05-08-2016 Payatu Windows N/A
7 https://www.usenix.org/system/files/conf... Exploitations of Uninitialized Uses on macOS Sierra xx-xx-2017 Zhenquan Xu, Gongshen Liu, Tielei Wang, Hao Xu Mac OS X CVE-2017-2357, CVE-2017-2358

Specific bugs

Hardware bugs or ones that do not fall into other categories.

Nr URL Description Date Author OS/Arch Info
5 http://blog.coresecurity.com/2013/04/01/... MS13-017 – THE HARMLESS SILENT PATCH… 01-04-2013 Nicolas Economou Windows N/A
7 https://web.archive.org/web/201411081027... DisARMing the iOS kernel 30-05-2014 winocm iOS CVE-2010-1320
8 https://hackerone.com/reports/13388 Linux PI futex self-requeue bug 19-06-2014 comex Linux Futex; CVE-2014-3153
9 http://tinyhack.com/2014/07/07/exploitin... Exploiting the Futex Bug and uncovering Towelroot 07-07-2014 Yohanes Nugroho Linux Futex; Towelroot; CVE-2014-3153
10 http://blog.nativeflow.com/the-futex-vul... The Futex Vulnerability 11-09-2014 Dany Zatuchna Linux Futex; CVE-2014-3153
11 http://www.icewall.pl/?p=680&lang=en Story about MS14-063 25-10-2014 icewall Windows CVE-2014-4115
12 http://googleprojectzero.blogspot.de/201... pwn4fun Spring 2014 - Safari - Part II 24-11-2014 Ian Berr Mac OS X N/A
13 http://labs.bromium.com/2015/02/02/explo... Exploiting “BadIRET” vulnerability (CVE-2014-9322, Linux kernel privilege escalation) 02-02-2015 Rafal Wojtczuk Linux CVE-2014-9322
14 http://bits-please.blogspot.gr/2015/08/a... Android linux kernel privilege escalation vulnerability and exploit (CVE-2014-4322) 16-08-2015 laginimaineb Android CVE-2014-4322
15 http://perception-point.io/2016/01/14/an... ANALYSIS AND EXPLOITATION OF A LINUX KERNEL VULNERABILITY (CVE-2016-0728) 14-01-2016 Perception Point Research Team Linux 3.18 CVE-2016-0728

Chained and Multiple Bugs

Nr URL Description Date Author OS/Arch Info
1 http://sill0t3.blogspot.in/2015/06/window... Windows Kernel Exploitation Using HackSys 03-06-2015 sill0t3 Windows N/A
2 http://blog.quarkslab.com/kernel-vulnerab... Kernel Vulnerabilities in the Samsung S4 21-09-2015 Jonathan Salwan Android CVE-2015-1800, CVE-2015-1801
3 https://phoenhex.re/2017-07-06/pwn2own-sa... Pwn2Own: Safari sandbox part 2 – Wrap your way around to root 06-07-2017 niklasb, saelo Mac CVE-2017-2533, CVE-2017-2535, CVE-2017-2534, CVE-2017-6977
4 https://jndok.github.io/2016/10/04/pegasu... Analysis and exploitation of Pegasus kernel vulnerabilities (CVE-2016-4655 / CVE-2016-4656) 04-10-2016 jndoc Mac CVE-2016-4655, CVE-2016-4656
5 https://siguza.github.io/cl0ver/ tfp0 powered by Pegasus 25-12-2016 siguza Mac CVE-2016-4655, CVE-2016-4656

Arbitrary data manipulation

Some primitives don't necessarily come from stack or heap overruns or whatever -- there may be more exotic situations which produce unexpected program flow.

Nr URL Description Date Author OS/Arch Info
1 http://googleprojectzero.blogspot.de/201... One font vulnerability to rule them all #3: Windows 8.1 32-bit sandbox escape exploitation 13-08-2015 Mateusz (j00ru) Jurczyk Windows BLEND; CVE-2015-0093, CVE-2015-3052
2 http://bits-please.blogspot.gr/2015/08/f... Full TrustZone exploit for MSM8974 10-08-2015 laginimaineb Android N/A
3 http://googleprojectzero.blogspot.de/201... One font vulnerability to rule them all #4: Windows 8.1 64-bit sandbox escape exploitation 21-08-2015 Mateusz (j00ru) Jurczyk Windows BLEND; CVE-2015-0090
4 http://bits-please.blogspot.de/2015/08/a... Android linux kernel privilege escalation (CVE-2014-4323) 26-08-2015 laginimaineb Android CVE-2014-4323
5 https://marcograss.github.io/security/an... [CVE-2016-2443] Qualcomm MSM debug fs kernel arbitrary write (Nexus 5, Nexus 7 2013 and maybe other models) 03-05-2016 Marco Grass Android CVE-2016-2443


Articles, blogs, comments on vulnerabilities and their exploitation which are hard to find category for.

Nr URL Description Date Author OS/Arch Info
1 http://phrack.org/issues/64/6.html Attacking the Core : Kernel Exploiting Notes 27-05-2005 sgrakkyu, twiz - N/A
2 http://www.blackhat.com/presentations/bh... Kernel Wars xx-08-2007 Karl Janmar FreeBSD, Windows, NetBSD N/A
3 http://rikiji.it/2013/05/10/CVE-2013-209... CVE-2013-2094 port to x86 10-05-2013 Riccardo Linux CVE-2013-2094
4 http://blog.cmpxchg8b.com/2013/05/introd... Introduction to Windows Kernel Security Research 15-05-2013 Tavis Ormandy Windows N/A
5 http://labs.lastline.com/unmasking-kerne... Unmasking Kernel Exploits 07-07-2015 Roman Vasilenko Windows N/A
6 https://cturt.github.io/ps4-3.html Hacking the PS4, part 3: Hacking the PS4, part 3 xx-xx-2015 CTurt PS4 N/A
7 https://www.nccgroup.trust/uk/our-resear... A few notes on usefully exploiting libstagefright on Android 5.x 29-01-2016 Aaron Adams Android Stagefright
8 https://github.com/NorthBit/Metaphor Metaphor: A (real) real­life Stagefright exploit 24-03-2016 Hanan Be'er Android CVE-2015-3864
9 https://www.coresecurity.com/blog/gettin... Getting Physical: Extreme abuse of Intel based Paging Systems - Part 1 10-05-2016 Nicolas Economou Windows -
10 https://www.coresecurity.com/blog/gettin... Getting Physical: Extreme abuse of Intel based Paging Systems - Part 2 - Windows 21-06-2016 Nicolas Economou Windows -

results matching ""

    No results matching ""