Various Stuff

Here you can find unsorted stuff related to security -- tools, notes on debugging, blogs, wikis, etc.

Listings are in no particular order except when there is a date.

Branded bugs

Nr URL Description Info
1 http://heartbleed.com/ The Heartbleed Bug CVE-2014-0160
2 https://gotofail.com/ goto fail; CVE-2014-1266
3 https://www.openssl.org/~bodo/ssl-poodle.pdf This POODLE Bites: Exploiting The SSL 3.0 Fallback CVE-2014-3566
4 http://www.isightpartners.com/2014/10/cve-2014-4114/ iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign CVE-2014-4114
5 https://en.wikipedia.org/wiki/Shellshock_(software_bug)) Shellshock CVE-2014-6271
6 https://blog.digicert.com/winshock-vulnerability/ WinShock, Schannel CVE-2014-6321
7 http://mis.fortunecook.ie/ MisfortuneCookie CVE-2014-9222
8 https://www.qualys.com/2015/01/27/cve-2015-0235/GHOST-CVE-2015-0235.txt?_ga=1.113043524.1500512711.1459509892 GHOST: glibc gethostbyname buffer overflow CVE-2015-0235
9 http://venom.crowdstrike.com/ VIRTUALIZED ENVIRONMENT NEGLECTED OPERATIONS MANIPULATION CVE-2015-3456
10 https://en.wikipedia.org/wiki/Stagefright_(bug)) Stagefright CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829, CVE-2015-3864
11 https://drownattack.com/ The DROWN Attack CVE-2016-0800
12 http://badlock.org/ Badlock Bug N/A
13 https://imagetragick.com/ ImageMagick Is On Fire — CVE-2016–3714 CVE-2016–3714
14 https://dirtycow.ninja/ Dirty COW (CVE-2016-5195) — a privilege escalation vulnerability in the Linux Kernel CVE-2016-5195
15 https://www.armis.com/blueborne/ BlueBorne N/A
16 https://rtpbleed.com/ RTPBleed N/A
17 https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html Optionsbleed - HTTP OPTIONS method can leak Apache's server memory CVE-2017-9798
18 https://www.krackattacks.com/ Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse *
19 https://foreshadowattack.eu/ Foreshadow - Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution N/A

Online tools and services

Nr URL Description
1 http://gorope.me/ FREE Online ROP Gadgets Search
2 https://www.corelan.be/index.php/security/corelan-ropdb/ Corelan ROPdb

Tools and development

Nr URL Description
1 http://reverse.put.as/wp-content/uploads/2011/06/hackingleopard.pdf Hacking Leopard: Tools and Techniques for Attacking the Newest Mac
2 http://www.corelan.be/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/ Starting to write Immunity Debugger PyCommands : my cheatsheet
3 http://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/ Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics
4 http://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development
5 https://blog.mandiant.com/archives/1899 Exploring Artifacts in Heap Memory with Heap Inspector
6 http://redmine.corelan.be/projects/mona Corelan Team project page for 'mona', a PyCommand for Immunity Debugger
7 http://blog.metasploit.com/2008/08/byakugan-windbg-plugin-released.html Set of extensions for exploit development under WinDbg
8 https://github.com/djrbliss/libplayground A simple framework for developing Linux kernel heap exploit techniques
9 http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Heappie Heappie! is an exploit-writing-oriented memory analysis tool
10 http://www.hsc.fr/ressources/outils/skyrack/index.html.en ROP gadget search tool
11 https://github.com/neuromancer/sea Symbolic Exploit Assistant
12 https://www.corelan.be/index.php/2012/12/31/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2/ Jingle BOFs, Jingle ROPs, Sploiting all the things… with Mona v2 !!
13 https://community.rapid7.com/community/metasploit/blog/2011/10/11/monasploit MonaSploit
14 https://wapiflapi.github.io/2015/04/22/single-null-byte-heap-overflow/ Visualizing a single null-byte heap overflow exploitation
15 https://blog.skullsecurity.org/2015/how-i-nearly-almost-saved-the-internet-starring-afl-fuzz-and-dnsmasq How I nearly almost saved the Internet, starring afl-fuzz and dnsmasq
16 http://googleprojectzero.blogspot.de/2015/11/windows-sandbox-attack-surface-analysis.html Windows Sandbox Attack Surface Analysis
17 https://github.com/google/rowhammer-test Test DRAM for bit flips caused by the rowhammer problem
18 https://github.com/zerosum0x0/WinREPL x86 and x64 assembly "read-eval-print loop" shell for Windows
19 https://gef.readthedocs.io/en/master/ GEF - GDB Enhanced Features
20 https://www.offensive-security.com/vulndev/fldbg-a-pykd-script-to-debug-flashplayer/ Fldbg, a Pykd script to debug FlashPlayer
21 https://github.com/WinHeapExplorer/WinHeap-Explorer WinHeap-Explorer
22 https://github.com/Cisco-Talos/ROPMEMU ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks
23 https://github.com/trailofbits/appjaillauncher-rs AppJailLauncher in Rust
24 https://github.com/fireeye/rVMI rVMI is a debugger on steroids
25 https://blogs.technet.microsoft.com/srd/2017/10/03/vulnscan-automated-triage-and-root-cause-analysis-of-memory-corruption-issues/ VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues
26 https://github.com/secretsquirrel/SigThief Stealing Signatures and Making One Invalid Signature at a Time
27 https://github.com/1111joe1111/ida_ea A set of exploitation/reversing aids for IDA
28 https://qbdi.quarkslab.com/ QuarkslaB Dynamic binary Instrumentation
29 https://github.com/sogeti-esec-lab/RPCForge RPC Forge is a local Python fuzzer of Windows RPC interfaces available over ALPC
30 https://github.com/avast-tl/retdec avast-tl/retdec: RetDec is a retargetable machine-code decompiler based on LLVM
31 https://github.com/0vercl0k/windbg-scripts/ A bunch of JavaScript extensions for WinDbg
32 https://github.com/WildByDesign/Privexec Run the program with the specified permission level
33 https://github.com/Wenzel/pyvmidbg LibVMI-based GDB server, implemented in Python

Blogs by security people or teams

Nr URL Description
1 http://sysc.tl/ Patroklos (argp) Argyroudis blog
2 http://jon.oberheide.org/ Jon Oberheide Blog
3 http://blog.cr0.org/ Julien Tinnes blog (Kernel-level bugs)
4 http://xorl.wordpress.com/category/bugs/ Vulnerabilities descriptions mapped to CVE
5 http://www.abysssec.com/blog/tag/binary-... Vulnerabilities binary analysis by Abysssec
6 http://exploitshop.wordpress.com/ Vulnerability analysis blog using DarunGrim
7 http://0x1byte.blogspot.com/search/label... Alexander Gavrun published vulnerabilities
8 http://sysc.tl/category/advisories/ Patroklos (argp) Argyroudis advisories
9 http://trapkit.de/advisories/published.h... Published Security Advisories by Tobias Klein
10 http://www.scary.beasts.org/security/ Chris Evans: Software security holes found via auditing, fuzzing, etc.
11 http://poppopret.blogspot.com/ Hacking & IT Security Stuff
12 https://www.corelan.be/index.php/articles/ Corelan Team Articles
13 http://sf-freedom.blogspot.com/ Software Vulnerability Exploitation Blog
14 http://invisiblethingslab.com/itl/Resources.html invisiblethingslab.com Resources
15 http://googleprojectzero.blogspot.com Project Zero
16 https://cturt.github.io/articles.html CTurt blog
17 https://tyranidslair.blogspot.com Tyranid's Lair
18 https://phoenhex.re/ phoenhex
19 https://scarybeastsecurity.blogspot.de/ Hacking everything, by Chris Evans / scarybeasts
20 http://robert.ocallahan.org/ Robert O'Callahan

Github

Nr URL Description
1 https://github.com/secmob/cansecwest2016 https://github.com/secmob/cansecwest2016
2 https://github.com/payatu/CVE-2015-6086 https://github.com/payatu/CVE-2015-6086
3 https://github.com/DonnchaC/shadowbrokers-exploits https://github.com/DonnchaC/shadowbrokers-exploits
4 https://github.com/Microsoft/MSRC-Security-Research Security Research from the Microsoft Security Response Center (MSRC)
5 https://github.com/xuechiyaobai https://github.com/xuechiyaobai

Wiki and web-sites on security

Nr URL Description
1 http://www.phrack.org Phrack Magazine
2 http://theiphonewiki.com/wiki/index.php?title=Category:Exploits The iPhone Wiki
3 http://en.wikibooks.org/wiki/Metasploit The Metasploit Book
4 http://www.blackhatlibrary.net/Shellcodecs Shellcodecs is a collection of shellcodes, loaders, sources, and generators
5 http://skypher.com/wiki/index.php/Main_Page Skypher - the wiki for absolutely nothing
6 http://grsecurity.net/research.php Academic Research Publications Mentioning grsecurity/PaX
7 http://uninformed.org/index.cgi? INFORMATIVE INFORMATION FOR THE UNINFORMED
8 https://trailofbits.github.io/ctf/index.html CTF Field Guide
9 https://heap-exploitation.dhavalkapil.com/ Heap Exploitation

Collections, lists

Nr URL Description
1 http://www.shell-storm.org/papers/index.php?lg=english Database of papers
2 http://secdocs.lonerunners.net/ Database of papers
3 http://www.theamazingking.com/exploit.html Exploit Development
4 http://packetstormsecurity.org/files/tags/paper/ Whitepaper Files
5 http://6dev.net/mirror/doc.bughunter.net/ Database of papers
6 http://www.fuzzysecurity.com/tutorials.html Exploit Development Tutorial Series
7 http://projectshellcode.com/ Knowledge base for all shellcode related resources
8 http://tools.securitytube.net/index.php?title=Open_Security_Training Open Security Training
19 http://jon.oberheide.org/mokb/ The Month of Kernel Bugs (MoKB) archive
20 http://jon.oberheide.org/moab/ The Month of Apple Bugs
21 http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html From 0x90 to 0x4c454554, a journey into exploitation.
22 http://www.securityaegis.com/the-big-fat-metasploit-post/ The Big Fat Metasploit Post
23 http://www.gimpel.com/html/bugs.htm The Bug of the Month
24 http://reverse.put.as/papers/ Reverse Engineering Mac: Papers & Presentations
25 http://www.xchg.info/ARTeam/conferences/ Slides from various Conferences
26 https://code.google.com/p/pentest-bookmarks/ The Open Penetration Testing Bookmarks Collection
27 https://www.evernote.com/pub/wishi/crazylazy/ IT Sec Research by wishi
28 https://fuzzing-project.org/ The Fuzzing Project
29 code.google.com/p/chromium/issues/list... ZDI submissions to Google Chrome
30 bugzilla.mozilla.org/buglist.cgi... ZDI submissions to Mozilla Firefox
31 http://www.ioactive.com/ioactive_labs_ad... IOActive Labs Advisories

Damn vulnerable things

This list contains references to the tools, OS, software which was developed specifically for exploitation.

Nr URL Description
1 http://exploit-exercises.com/ Provides a variety of virtual machines to exploit
2 http://sourceforge.net/projects/metasploitable/files/ Metasploitable 2

Trainings

Nr URL Description
1 https://www.corelan-training.com/ Win32 Exploit Development class
2 http://www.opensecuritytraining.info/Training.html Training Classes
3 http://pentest.cryptocity.net/ Penetration Testing and Vulnerability Analysis
4 http://www.cis.syr.edu/~wedu/Teaching/CompSec/lecturenotes.html Lecture Notes
5 https://community.rapid7.com/community/metasploit/blog/2012/07/05/part-1-metasploit-module-development--the-series Metasploit exploit development - The series Part 1.
6 http://security.cs.rpi.edu/courses/binexp-spring2015/ Modern Binary Exploitation
7 https://github.com/RPISEC/MBE Course materials for Modern Binary Exploitation by RPISEC
8 https://ropemporium.com/ Learn return-oriented programming
9 https://exploit.courses/files/bfh2017/ exploit.courses

Articles on Debugging

Nr URL Description Date Author OS/Arch
1 http://msdn.microsoft.com/en-us/magazine/cc163311.aspx Analyze Crashes to Find Security Vulnerabilities in Your Apps xx-11-2007 Article Windows, x86-32
2 https://blogs.technet.com/b/srd/archive/2009/01/28/stack-overflow-stack-exhaustion-not-the-same-as-stack-buffer-overflow.aspx not the same as stack buffer overflow) Stack overflow (stack exhaustion) not the same as stack buffer overflow 28-01-2009 Article -
3 http://sysc.tl/2009/07/02/freebsd-kernel-debugging/ FreeBSD kernel debugging 02-07-2009 Tutorial FreeBSD
4 https://blogs.msdn.com/b/sudeepg/archive/2010/04/29/debugging-a-crash-an-example.aspx debugging a crash – An example 29-04-2010 Article -
5 http://resources.infosecinstitute.com/debugging-fundamentals-for-exploit-development/ Debugging Fundamentals for Exploit Development 28-02-2011 Article Windows, x86-32
6 http://resources.infosecinstitute.com/in-depth-seh-exploit-writing-tutorial-using-ollydbg/ OllyDbg Tricks for Exploit Development 28-02-2011 Article Windows, x86-32
7 http://blogs.msdn.com/b/ntdebugging/archive/2013/06/14/understanding-pool-corruption-part-1-buffer-overflows.aspx Understanding Pool Corruption Part 1 – Buffer Overflows 14-06-2013 Article Windows
8 http://blogs.msdn.com/b/ntdebugging/archive/2013/08/22/understanding-pool-corruption-part-2-special-pool-for-buffer-overruns.aspx Understanding Pool Corruption Part 2 – Special Pool for Buffer Overruns 22-08-2013 Article Windows
9 http://blogs.msdn.com/b/ntdebugging/archive/2008/02/01/kernel-stack-overflows.aspx Kernel Stack Overflows 01-02-2008 ntdebug Windows
10 http://www.contextis.com/resources/blog/kgdb-android-debugging-kernel-boss/ KGDB on Android: Debugging the kernel like a boss 17-08-2015 Andy Monaghan Android
11 https://community.rapid7.com/community/metasploit/blog/2015/09/10/a-debugging-session-in-the-kernel A debugging session in the kernel 10-09-2015 Juan Vasquez Windows
12 https://objective-see.com/blog.html#blogEntry8 Kernel Debugging a Virtualized OS X El Capitan Image 05-11-2015 Patrick Wardle Mac
13 http://www.contextis.com/resources/blog/introduction-debugging-windows-kernel-windbg/ An Introduction to Debugging the Windows Kernel with WinDbg 16-03-2016 Jan Mitchell Windows
14 https://blogs.unity3d.com/2016/04/25/debugging-memory-corruption-who-the-hell-writes-2-into-my-stack-2/ DEBUGGING MEMORY CORRUPTION: WHO THE HELL WRITES “2” INTO MY STACK?! 25-04-2016 TAUTVYDAS ZILYS Windows
15 https://sean.heelan.io/2016/05/31/tracking-down-heap-overflows-with-rr/ Tracking Down Heap Overflows with rr 31-05-2016 Sean Heelan nix

Lists of lists of security conferences

Nr URL Title
1 http://en.wikipedia.org/wiki/Computer_se... Computer security conference
2 http://www.secsocial.com/blog/?page_id=4... Security Conferences
3 https://www.google.com/calendar/embed?sr... Information Security Conferences
4 http://www.ethicalhacker.net/component/o... Ethical Hacker Calendar
5 http://packetstormsecurity.org/papers/ca... Packet Storm CFP Monitor
6 http://satoss.uni.lu/lists/ List of security conferences
7 http://infosecevents.net/calendar/ Upcoming information security events
8 http://research.phreedom.org/ The Security Research Index is a project indended to help the security community keep up with all the research presented at conferences around the world.
9 http://cc.thinkst.com/ Con Collector
10 http://securityconferences.net/ Computer Security Conferences
11 http://www.conpiler.com/ CONpiler — Security conferences around the world
12 https://secore.info/conferences SECurity Organizer & Reporter Exchange
13 http://www.clocate.com/conferences/it-se... Clocate - Conferences and Exhibitions
14 http://www.sp3ctr3.me/hardware-security-resources/ Hardware Security Resources

Bug bounty

Nr URL Description
1 http://weis2007.econinfosec.org/papers/29.pdf The Legitimate Vulnerability Market
2 https://docs.google.com/present/view?id=0Ae_usSLlqH60ZGZnYjI0NTVfMjBobngybWRoaA&hl=en Google's Vulnerability Reward Programs
3 http://blog.nibblesec.org/2011/10/no-more-free-bugs-initiatives.html http://www.bugsheet.com/bug-bounties
4 http://blog.bugcrowd.com/list-of-active-bug-bounty-programs/ The Bug Bounty List

Timeline and history

Nr URL Description Date
1 [http://ilm.thinkst.com/folklore/index.shtml Memory Corruption and Hacker Folklore xx-xx-2010
2 https://zynamics.files.wordpress.com/2010/02/code_reuse_timeline1.png Code Reuse Timeline xx-02-2010
3 [http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/ Past, Present, Future of Windows Exploitation 08-05-2010
4 https://media.blackhat.com/bh-us-10/whitepapers/Meer/BlackHat-USA-2010-Meer-History-of-Memory-Corruption-Attacks-wp.pdf Memory Corruption Attacks: The (almost) Complete History 25-06-2010
5 [https://paulmakowski.wordpress.com/2011/01/25/smashing-the-stack-in-2011/ Smashing the Stack in 2011 25-01-2011
6 http://www.isg.rhul.ac.uk/sullivan/pubs/tr/technicalreport-ir-cs-73.pdf Memory Errors: The Past, the Present, and the Future 12-09-2012
7 http://blogbromium.files.wordpress.com/2013/01/heap-sprays-to-sandbox-escapes_issa0113.pdf Heap Sprays to Sandbox Escapes: A Brief History of Browser Exploitation xx-01-2013

Media

Nr URL Description
1 https://ange4771.imgur.com/ Ange Albertini posters
2 [https://community.rapid7.com/community/infosec/blog/2011/02/24/dual-cores-metasploit-track-free-download Dual Core's Metasploit Track: Free Download!
3 http://0xdabbad00.com/2013/04/28/exploit-mitigation-kill-chain/ Exploit Mitigation Kill Chain

Advisories

Nr URL Description
1 https://github.com/QubesOS/qubes-secpack/tree/master/QSBs QubesOS Advisories
2 https://vulners.com/ Vulners (advisories and exploits search database)

Sandbox Escapes

Nr URL Description Date Author OS/Arch Info
1 https://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit/ Digging Into the Sandbox-Escape Technique of the Recent PDF Exploit 20-02-2013 McAfee Labs Windows -
2 http://blog.binamuse.com/2013/05/adobe-reader-x-collab-sandbox-bypass.html AdobeCollabSync stack overflow 15-05-2013 binamuse - CVE-2013-2730
3 https://github.com/tyranid/IE11SandboxEscapes/tree/master/CVE-2013-5045 Internet Explorer Sandbox Escape, CVE-2013-5045 xx-xx-2013 James Forshaw Windows CVE-2013-5045
4 https://github.com/tyranid/IE11SandboxEscapes/tree/master/CVE-2013-5046 Internet Explorer Sandbox Escape, CVE-2013-5046 xx-xx-2013 James Forshaw Windows CVE-2013-5046
5 http://zhodiac.hispahack.com/index.php?section=blog&day=21&month=8&year=2013 CVE-2013-3186 - The case of a one click sandbox escape on IE 21-08-2013 Fermin J. Serna Windows CVE-2013-3186
6 https://github.com/tyranid/IE11SandboxEscapes/tree/master/CVE-2014-0257 Internet Explorer Sandbox Escape, CVE-2014-0257 xx-xx-2014 James Forshaw Windows CVE-2014-0257
7 https://github.com/tyranid/IE11SandboxEscapes/tree/master/CVE-2014-0268 Internet Explorer Sandbox Escape, CVE-2014-0268 xx-xx-2014 James Forshaw Windows CVE-2014-0268
8 https://github.com/tyranid/IE11SandboxEscapes/tree/master/CVE-2014-0520 Internet Explorer Sandbox Escape, CVE-2014-0520 xx-xx-2014 James Forshaw Windows CVE-2014-0520
9 https://github.com/tyranid/IE11SandboxEscapes/tree/master/CVE-2014-1778 Internet Explorer Sandbox Escape, CVE-2014-1778 xx-xx-2014 James Forshaw Windows CVE-2014-1778
10 https://bugs.chromium.org/p/project-zero/issues/detail?id=95&redir=1 IE11 ImmutableApplicationSettings EPM Privilege Escalation 20-08-2014 James Forshaw Windows CVE-2014-6349
11 https://bugs.chromium.org/p/project-zero/issues/detail?id=186&can=1&q=label%3AVendor-Microsoft IE11: CShdocvwBroker::EditWith EPM Sandbox Escape 21-11-2014 James Forshaw Windows CVE-2015-0054
12 https://googleprojectzero.blogspot.de/2014/12/internet-explorer-epm-sandbox-escape.html, https://bugs.chromium.org/p/project-zero/issues/detail?id=97&redir=1 Internet Explorer EPM Sandbox Escape CVE-2014-6350 01-12-2014 James Forshaw Windows CVE-2014-6350
13 https://bugs.chromium.org/p/project-zero/issues/detail?id=99&redir=1 IE11 AudioSrv RegistryKey EPM Privilege Escalation 25-08-2014 James Forshaw Windows CVE-2014-6322
14 https://googleprojectzero.blogspot.de/2015/01/exploiting-nvmap-to-escape-chrome.html Exploiting NVMAP to escape the Chrome sandbox - CVE-2014-5332 22-01-2015 Lee Campbell - CVE-2014-5332
15 http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2015-0016-escaping-the-internet-explorer-sandbox/ CVE-2015-0016: Escaping the Internet Explorer Sandbox 27-01-2015 ? Windows CVE-2015-0016
16 https://hackerone.com/reports/62174 Internet Explorer Enhanced Protected Mode sandbox escape via a broker vulnerability 09-10-2015 Ashutosh Mehra Windows CVE-2015-1688
17 http://www.zerodayinitiative.com/advisories/ZDI-15-251/ (Pwn2Own) Microsoft Internet Explorer Protocol Handler Sandbox Escape Vulnerability 06-11-2015 Lokihardt Windows CVE-2015-1748
18 http://www.zerodayinitiative.com/advisories/ZDI-15-295/ (Pwn2Own) Microsoft Internet Explorer ActiveX Install Broker Sandbox Escape Vulnerability 09-07-2015 Yuki Chen Windows CVE-2015-1743
19 http://www.zerodayinitiative.com/advisories/ZDI-15-331/ Microsoft Internet Explorer Enhanced Protected Mode Read-Restrictions Bypass Vulnerability 14-07-2015 Ashutosh Mehra Windows CVE-2015-2412
20 http://www.zerodayinitiative.com/advisories/ZDI-15-380/ Microsoft Internet Explorer Enhanced Protected Mode Read-Restrictions Bypass Vulnerability 11-08-2015 Ashutosh Mehra Windows CVE-2015-2429
21 http://www.zerodayinitiative.com/advisories/ZDI-15-522/ Microsoft Internet Explorer EditWith Sandbox Escape Vulnerability 13-10-2015 Ashutosh Mehra Windows CVE-2015-6047
22 http://zerodayinitiative.com/advisories/ZDI-16-018/ Microsoft Internet Explorer NewMessage Protected Mode Sandbox Escape Vulnerability 12-01-2016 Ashutosh Mehra Windows CVE-2016-0020
23 http://warchest.fusionx.com/cve-2015-5090-adobe-readeracrobat-pro-privilege-escalation/ CVE-2015-5090 – Adobe Reader/Acrobat Pro Privilege Escalation 19-01-2016 Bryan Alexander - CVE-2015-5090
24 https://phoenhex.re/2017-07-06/pwn2own-sandbox-escape Pwn2Own: Safari sandbox part 2 – Wrap your way around to root 06-07-2017 niklasb, saelo Mac CVE-2017-2533, CVE-2017-2535, CVE-2017-2534, CVE-2017-6977

Exploits

This page will gather links to all publicly-disclosed exploits.

Nr URL Description Date Author OS/Arch Info
1 https://bugs.chromium.org/p/chromium/iss... Pwnium 1.3 - an exploit for an integer overflow in WebGLUnsignedIntArray. 01-03-2010 Skylined Windows, x86-32 N/A
2 https://bugs.chromium.org/p/chromium/iss... PWN2OWN: Bad cast in SVGViewSpec::viewTarget 07-03-2013 MWR Labs Windows CVE-2013-0912
3 https://bugs.chromium.org/p/chromium/iss... Full chain exploit + sandbox escape: Array.concat -> extension install -> download exec 20-06-2014 lokihardt ? N/A
4 https://github.com/laginimaineb/MSM8974... Full TrustZone exploit for MSM8974 09-08-2015 laginimaineb TrustZone N/A
5 https://github.com/laginimaineb/cve-2014... Exploit code for CVE-2014-7920 and CVE-2014-7921 - code-exec in mediaserver up to Android 5.1 24-01-2016 laginimaineb < Android 5.1 CVE-2014-7921, CVE-2014-7920
6 https://github.com/secmob/cansecwest20... full exploit for CVE-2015-6764 used in pwn2own mobile 2015 19-03-2016 secmob Nexus, Android CVE-2015-6764
7 https://github.com/vysec/CVE-2017-8759 CVE-2017-8759 Weaponisation PoC 14-09-2017 Vincent Yiu Windows CVE-2017-8759
8 https://github.com/hacksysteam/WpadEscape WPAD Sandbox Escape 15-11-2018 hacksysteam Windows N/A
9 https://github.com/niklasb/sploits GitHub (Exploits by niklasb) xx-11-2018 niklasb - N/A

TODO: add exploits from "exploit site:bugs.chromium.org"

Exploit lists

Nr URL Description
1 https://docs.google.com/spreadsheets/d/1vY_GipkYMlaitw17UEvIl7J3oyw8iY59v97rSzjX4GM/edit#gid=0 Hacking Team Exploits Summary
2 https://github.com/hackedteam/vector-exploit Hacking Team exploits
3 https://github.com/android-rooting-tools Android rooting tools
4 https://github.com/DonnchaC/shadowbrokers-exploits Mirror of the Shadow Brokers dump

Fuzzing and Bug Hunting

Nr URL Description Date Author OS/Arch Info
1 http://j00ru.vexillium.org/?p=1695 SyScan 2013, Bochspwn paper and slides 24-04-2013 Mateusz (j00ru) Jurczyk, Gynvael Coldwind Windows N/A
2 https://googleprojectzero.blogspot.de/20... A year of Windows kernel font fuzzing #2: the techniques 01-07-2016 Mateusz (j00ru) Jurczyk Windows N/A
3 https://labs.mwrinfosecurity.com/publica... Bug hunting with static code analysis 08-07-2016 Nick Jones - N/A
4 https://github.com/google/fuzzer-test-su... libFuzzer Tutorial xx-xx-201 ? - N/A
5 https://dl.packetstormsecurity.net/paper... A Review of Fuzzing Tools and Methods 10-03-2017 James Fell - N/A
6 https://symeonp.github.io/2017/09/17/fuz... Fuzzing the MSXML6 library with WinAFL 17-09-2017 Symeon Windows N/A
7 https://kciredor.com/fuzzing-adobe-reade... Fuzzing Adobe Reader for exploitable vulns (fun != profit) 25-04-2018 kciredor - N/A
8 https://www.fuzzingbook.org/ Generating Software Tests xx-xx-2018 Andreas Zeller, Rahul Gopinath, Marcel Böhme, Gordon Fraser, Christian Holler - N/A

Around security

These are the articles which have something in common with computer security but do not directly discuss software or hardware exploitation.

Nr URL Description Date Author OS/Arch
1 http://www.triplefault.io/2017/07/introd... Introduction to IA-32e hardware paging 07-07-2017 triplefault -
2 https://doar-e.github.io/blog/2017/08/05... Binary Rewriting With Syzygy, Pt. I 05-08-2017 Axel (0vercl0k) Souchet -
3 https://tech.ahrefs.com/skylake-bug-a-d... Skylake bug: a detective story 28-07-2017 Joris Giovannangeli Intel CPU Skylake N/A
4 https://blog.elcomsoft.com/2017/09/new-s... New Security Measures in iOS 11 and Their Forensic Implications 07-09-2017 Oleg Afonin iOS
5 https://blog.didierstevens.com/2017/09/0... Abusing A Writable Windows Service 05-09-2017 Didier Stevens Windows

results matching ""

    No results matching ""