Various Stuff

Here you can find unsorted stuff related to security -- tools, notes on debugging, blogs, wikis, etc.

Listings are in no particular order except when there is a date.

Branded bugs

Nr URL Description Info
1 The Heartbleed Bug CVE-2014-0160
2 goto fail; CVE-2014-1266
3 This POODLE Bites: Exploiting The SSL 3.0 Fallback CVE-2014-3566
4 iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign CVE-2014-4114
5 Shellshock CVE-2014-6271
6 WinShock, Schannel CVE-2014-6321
7 MisfortuneCookie CVE-2014-9222
8 GHOST: glibc gethostbyname buffer overflow CVE-2015-0235
10 Stagefright CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829, CVE-2015-3864
11 The DROWN Attack CVE-2016-0800
12 Badlock Bug N/A
13 ImageMagick Is On Fire — CVE-2016–3714 CVE-2016–3714
14 Dirty COW (CVE-2016-5195) — a privilege escalation vulnerability in the Linux Kernel CVE-2016-5195
15 BlueBorne N/A
16 RTPBleed N/A
17 Optionsbleed - HTTP OPTIONS method can leak Apache's server memory CVE-2017-9798
18 Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse *
19 Foreshadow - Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution N/A

Online tools and services

Nr URL Description
1 FREE Online ROP Gadgets Search
2 Corelan ROPdb

Tools and development

Nr URL Description
1 Hacking Leopard: Tools and Techniques for Attacking the Newest Mac
2 Starting to write Immunity Debugger PyCommands : my cheatsheet
3 Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics
4 Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development
5 Exploring Artifacts in Heap Memory with Heap Inspector
6 Corelan Team project page for 'mona', a PyCommand for Immunity Debugger
7 Set of extensions for exploit development under WinDbg
8 A simple framework for developing Linux kernel heap exploit techniques
9 Heappie! is an exploit-writing-oriented memory analysis tool
10 ROP gadget search tool
11 Symbolic Exploit Assistant
12 Jingle BOFs, Jingle ROPs, Sploiting all the things… with Mona v2 !!
13 MonaSploit
14 Visualizing a single null-byte heap overflow exploitation
15 How I nearly almost saved the Internet, starring afl-fuzz and dnsmasq
16 Windows Sandbox Attack Surface Analysis
17 Test DRAM for bit flips caused by the rowhammer problem
18 x86 and x64 assembly "read-eval-print loop" shell for Windows
19 GEF - GDB Enhanced Features
20 Fldbg, a Pykd script to debug FlashPlayer
21 WinHeap-Explorer
22 ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks
23 AppJailLauncher in Rust
24 rVMI is a debugger on steroids
25 VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues
26 Stealing Signatures and Making One Invalid Signature at a Time
27 A set of exploitation/reversing aids for IDA
28 QuarkslaB Dynamic binary Instrumentation
29 RPC Forge is a local Python fuzzer of Windows RPC interfaces available over ALPC
30 avast-tl/retdec: RetDec is a retargetable machine-code decompiler based on LLVM
31 A bunch of JavaScript extensions for WinDbg
32 Run the program with the specified permission level
33 LibVMI-based GDB server, implemented in Python

Blogs by security people or teams

Nr URL Description
1 Patroklos (argp) Argyroudis blog
2 Jon Oberheide Blog
3 Julien Tinnes blog (Kernel-level bugs)
4 Vulnerabilities descriptions mapped to CVE
5 Vulnerabilities binary analysis by Abysssec
6 Vulnerability analysis blog using DarunGrim
7 Alexander Gavrun published vulnerabilities
8 Patroklos (argp) Argyroudis advisories
9 Published Security Advisories by Tobias Klein
10 Chris Evans: Software security holes found via auditing, fuzzing, etc.
11 Hacking & IT Security Stuff
12 Corelan Team Articles
13 Software Vulnerability Exploitation Blog
14 Resources
15 Project Zero
16 CTurt blog
17 Tyranid's Lair
18 phoenhex
19 Hacking everything, by Chris Evans / scarybeasts
20 Robert O'Callahan


Nr URL Description
4 Security Research from the Microsoft Security Response Center (MSRC)

Wiki and web-sites on security

Nr URL Description
1 Phrack Magazine
2 The iPhone Wiki
3 The Metasploit Book
4 Shellcodecs is a collection of shellcodes, loaders, sources, and generators
5 Skypher - the wiki for absolutely nothing
6 Academic Research Publications Mentioning grsecurity/PaX
8 CTF Field Guide
9 Heap Exploitation

Collections, lists

Nr URL Description
1 Database of papers
2 Database of papers
3 Exploit Development
4 Whitepaper Files
5 Database of papers
6 Exploit Development Tutorial Series
7 Knowledge base for all shellcode related resources
8 Open Security Training
19 The Month of Kernel Bugs (MoKB) archive
20 The Month of Apple Bugs
21 From 0x90 to 0x4c454554, a journey into exploitation.
22 The Big Fat Metasploit Post
23 The Bug of the Month
24 Reverse Engineering Mac: Papers & Presentations
25 Slides from various Conferences
26 The Open Penetration Testing Bookmarks Collection
27 IT Sec Research by wishi
28 The Fuzzing Project
29 ZDI submissions to Google Chrome
30 ZDI submissions to Mozilla Firefox
31 IOActive Labs Advisories

Damn vulnerable things

This list contains references to the tools, OS, software which was developed specifically for exploitation.

Nr URL Description
1 Provides a variety of virtual machines to exploit
2 Metasploitable 2


Nr URL Description
1 Win32 Exploit Development class
2 Training Classes
3 Penetration Testing and Vulnerability Analysis
4 Lecture Notes
5 Metasploit exploit development - The series Part 1.
6 Modern Binary Exploitation
7 Course materials for Modern Binary Exploitation by RPISEC
8 Learn return-oriented programming

Articles on Debugging

Nr URL Description Date Author OS/Arch
1 Analyze Crashes to Find Security Vulnerabilities in Your Apps xx-11-2007 Article Windows, x86-32
2 not the same as stack buffer overflow) Stack overflow (stack exhaustion) not the same as stack buffer overflow 28-01-2009 Article -
3 FreeBSD kernel debugging 02-07-2009 Tutorial FreeBSD
4 debugging a crash – An example 29-04-2010 Article -
5 Debugging Fundamentals for Exploit Development 28-02-2011 Article Windows, x86-32
6 OllyDbg Tricks for Exploit Development 28-02-2011 Article Windows, x86-32
7 Understanding Pool Corruption Part 1 – Buffer Overflows 14-06-2013 Article Windows
8 Understanding Pool Corruption Part 2 – Special Pool for Buffer Overruns 22-08-2013 Article Windows
9 Kernel Stack Overflows 01-02-2008 ntdebug Windows
10 KGDB on Android: Debugging the kernel like a boss 17-08-2015 Andy Monaghan Android
11 A debugging session in the kernel 10-09-2015 Juan Vasquez Windows
12 Kernel Debugging a Virtualized OS X El Capitan Image 05-11-2015 Patrick Wardle Mac
13 An Introduction to Debugging the Windows Kernel with WinDbg 16-03-2016 Jan Mitchell Windows
15 Tracking Down Heap Overflows with rr 31-05-2016 Sean Heelan nix

Lists of lists of security conferences

Nr URL Title
1 Computer security conference
2 Security Conferences
3 Information Security Conferences
4 Ethical Hacker Calendar
5 Packet Storm CFP Monitor
6 List of security conferences
7 Upcoming information security events
8 The Security Research Index is a project indended to help the security community keep up with all the research presented at conferences around the world.
9 Con Collector
10 Computer Security Conferences
11 CONpiler — Security conferences around the world
12 SECurity Organizer & Reporter Exchange
13 Clocate - Conferences and Exhibitions
14 Hardware Security Resources

Bug bounty

Nr URL Description
1 The Legitimate Vulnerability Market
2 Google's Vulnerability Reward Programs
4 The Bug Bounty List

Timeline and history

Nr URL Description Date
1 [ Memory Corruption and Hacker Folklore xx-xx-2010
2 Code Reuse Timeline xx-02-2010
3 [ Past, Present, Future of Windows Exploitation 08-05-2010
4 Memory Corruption Attacks: The (almost) Complete History 25-06-2010
5 [ Smashing the Stack in 2011 25-01-2011
6 Memory Errors: The Past, the Present, and the Future 12-09-2012
7 Heap Sprays to Sandbox Escapes: A Brief History of Browser Exploitation xx-01-2013


Nr URL Description
1 Ange Albertini posters
2 [ Dual Core's Metasploit Track: Free Download!
3 Exploit Mitigation Kill Chain


Nr URL Description
1 QubesOS Advisories
2 Vulners (advisories and exploits search database)

Sandbox Escapes

Nr URL Description Date Author OS/Arch Info
1 Digging Into the Sandbox-Escape Technique of the Recent PDF Exploit 20-02-2013 McAfee Labs Windows -
2 AdobeCollabSync stack overflow 15-05-2013 binamuse - CVE-2013-2730
3 Internet Explorer Sandbox Escape, CVE-2013-5045 xx-xx-2013 James Forshaw Windows CVE-2013-5045
4 Internet Explorer Sandbox Escape, CVE-2013-5046 xx-xx-2013 James Forshaw Windows CVE-2013-5046
5 CVE-2013-3186 - The case of a one click sandbox escape on IE 21-08-2013 Fermin J. Serna Windows CVE-2013-3186
6 Internet Explorer Sandbox Escape, CVE-2014-0257 xx-xx-2014 James Forshaw Windows CVE-2014-0257
7 Internet Explorer Sandbox Escape, CVE-2014-0268 xx-xx-2014 James Forshaw Windows CVE-2014-0268
8 Internet Explorer Sandbox Escape, CVE-2014-0520 xx-xx-2014 James Forshaw Windows CVE-2014-0520
9 Internet Explorer Sandbox Escape, CVE-2014-1778 xx-xx-2014 James Forshaw Windows CVE-2014-1778
10 IE11 ImmutableApplicationSettings EPM Privilege Escalation 20-08-2014 James Forshaw Windows CVE-2014-6349
11 IE11: CShdocvwBroker::EditWith EPM Sandbox Escape 21-11-2014 James Forshaw Windows CVE-2015-0054
12, Internet Explorer EPM Sandbox Escape CVE-2014-6350 01-12-2014 James Forshaw Windows CVE-2014-6350
13 IE11 AudioSrv RegistryKey EPM Privilege Escalation 25-08-2014 James Forshaw Windows CVE-2014-6322
14 Exploiting NVMAP to escape the Chrome sandbox - CVE-2014-5332 22-01-2015 Lee Campbell - CVE-2014-5332
15 CVE-2015-0016: Escaping the Internet Explorer Sandbox 27-01-2015 ? Windows CVE-2015-0016
16 Internet Explorer Enhanced Protected Mode sandbox escape via a broker vulnerability 09-10-2015 Ashutosh Mehra Windows CVE-2015-1688
17 (Pwn2Own) Microsoft Internet Explorer Protocol Handler Sandbox Escape Vulnerability 06-11-2015 Lokihardt Windows CVE-2015-1748
18 (Pwn2Own) Microsoft Internet Explorer ActiveX Install Broker Sandbox Escape Vulnerability 09-07-2015 Yuki Chen Windows CVE-2015-1743
19 Microsoft Internet Explorer Enhanced Protected Mode Read-Restrictions Bypass Vulnerability 14-07-2015 Ashutosh Mehra Windows CVE-2015-2412
20 Microsoft Internet Explorer Enhanced Protected Mode Read-Restrictions Bypass Vulnerability 11-08-2015 Ashutosh Mehra Windows CVE-2015-2429
21 Microsoft Internet Explorer EditWith Sandbox Escape Vulnerability 13-10-2015 Ashutosh Mehra Windows CVE-2015-6047
22 Microsoft Internet Explorer NewMessage Protected Mode Sandbox Escape Vulnerability 12-01-2016 Ashutosh Mehra Windows CVE-2016-0020
23 CVE-2015-5090 – Adobe Reader/Acrobat Pro Privilege Escalation 19-01-2016 Bryan Alexander - CVE-2015-5090
24 Pwn2Own: Safari sandbox part 2 – Wrap your way around to root 06-07-2017 niklasb, saelo Mac CVE-2017-2533, CVE-2017-2535, CVE-2017-2534, CVE-2017-6977


This page will gather links to all publicly-disclosed exploits.

Nr URL Description Date Author OS/Arch Info
1 Pwnium 1.3 - an exploit for an integer overflow in WebGLUnsignedIntArray. 01-03-2010 Skylined Windows, x86-32 N/A
2 PWN2OWN: Bad cast in SVGViewSpec::viewTarget 07-03-2013 MWR Labs Windows CVE-2013-0912
3 Full chain exploit + sandbox escape: Array.concat -> extension install -> download exec 20-06-2014 lokihardt ? N/A
4 Full TrustZone exploit for MSM8974 09-08-2015 laginimaineb TrustZone N/A
5 Exploit code for CVE-2014-7920 and CVE-2014-7921 - code-exec in mediaserver up to Android 5.1 24-01-2016 laginimaineb < Android 5.1 CVE-2014-7921, CVE-2014-7920
6 full exploit for CVE-2015-6764 used in pwn2own mobile 2015 19-03-2016 secmob Nexus, Android CVE-2015-6764
7 CVE-2017-8759 Weaponisation PoC 14-09-2017 Vincent Yiu Windows CVE-2017-8759
8 WPAD Sandbox Escape 15-11-2018 hacksysteam Windows N/A
9 GitHub (Exploits by niklasb) xx-11-2018 niklasb - N/A

TODO: add exploits from "exploit"

Exploit lists

Nr URL Description
1 Hacking Team Exploits Summary
2 Hacking Team exploits
3 Android rooting tools
4 Mirror of the Shadow Brokers dump

Fuzzing and Bug Hunting

Nr URL Description Date Author OS/Arch Info
1 SyScan 2013, Bochspwn paper and slides 24-04-2013 Mateusz (j00ru) Jurczyk, Gynvael Coldwind Windows N/A
2 A year of Windows kernel font fuzzing #2: the techniques 01-07-2016 Mateusz (j00ru) Jurczyk Windows N/A
3 Bug hunting with static code analysis 08-07-2016 Nick Jones - N/A
4 libFuzzer Tutorial xx-xx-201 ? - N/A
5 A Review of Fuzzing Tools and Methods 10-03-2017 James Fell - N/A
6 Fuzzing the MSXML6 library with WinAFL 17-09-2017 Symeon Windows N/A
7 Fuzzing Adobe Reader for exploitable vulns (fun != profit) 25-04-2018 kciredor - N/A
8 Generating Software Tests xx-xx-2018 Andreas Zeller, Rahul Gopinath, Marcel Böhme, Gordon Fraser, Christian Holler - N/A

Around security

These are the articles which have something in common with computer security but do not directly discuss software or hardware exploitation.

Nr URL Description Date Author OS/Arch
1 Introduction to IA-32e hardware paging 07-07-2017 triplefault -
2 Binary Rewriting With Syzygy, Pt. I 05-08-2017 Axel (0vercl0k) Souchet -
3 Skylake bug: a detective story 28-07-2017 Joris Giovannangeli Intel CPU Skylake N/A
4 New Security Measures in iOS 11 and Their Forensic Implications 07-09-2017 Oleg Afonin iOS
5 Abusing A Writable Windows Service 05-09-2017 Didier Stevens Windows

results matching ""

    No results matching ""