TODO

Tasks

Urgent

  1. add links from "Waiting List" to categories
  2. add more links to "Browser Exploitation"
  3. add more links to "Mobile Exploitation"
  4. rename "Mitigations" sections
  5. rename all section names, change categories
  6. Browser Exploitation: add columns (software version, vulnerability type)
  7. update and sort out "Various Sutff" section
  8. split categories by pages

Later

  1. Secure Coding: add more links
  2. Heap-Fuzzing: add more links
  3. Hardware: add categories
  4. Heap: sort out
  5. update missing CVEs
  6. fix dead links, move to webarchive
  7. update "Malware" section
  8. add more ancient links
  9. rewrite to use nunjucks template

Waiting List

These links are about to be added. ~90 Links to go...

2016 (19)

http://blog.vectranetworks.com/blog/microsoft-windows-printer-wateringhole-attack

https://blog.fortinet.com/2016/07/20/analysis-of-cve-2016-4203-adobe-acrobat-and-reader-cooltype-handling-heap-overflow-vulnerability

https://census-labs.com/news/2016/07/22/android-stagefright-impeg2d_dec_pic_data_thread-overflow/

https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/

http://keenlab.tencent.com/en/2016/07/29/The-Journey-of-a-complete-OSX-privilege-escalation-with-a-single-vulnerability-Part-1/

http://blog.quarkslab.com/xen-exploitation-part-3-xsa-182-qubes-escape.html

https://blog.xyz.is/2016/webkit-360.html

https://blog.fortinet.com/2016/08/17/deep-analysis-of-cve-2016-3820-remote-code-execution-vulnerability-in-android-mediaserver

https://blog.xyz.is/2016/vita-netps-ioctl.html

https://sektioneins.de/en/blog/16-09-02-pegasus-ios-kernel-vulnerability-explained.html

https://googleprojectzero.blogspot.de/2016/09/return-to-libstagefright-exploiting.html

https://labs.nettitude.com/blog/analysing-the-null-securitydescriptor-kernel-exploitation-mitigation-in-the-latest-windows-10-v1607-build-14393/

https://info.lookout.com/rs/051-ESQ-475/images/pegasus-exploits-technical-details.pdf

http://keenlab.tencent.com/en/2016/11/18/A-Link-to-System-Privilege/

https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html

https://googleprojectzero.blogspot.de/2016/12/bitunmap-attacking-android-ashmem.html

http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/

http://srcincite.io/blog/2016/12/13/word-up-microsoft-word-onetabledocumentstream-underflow.html

https://googleprojectzero.blogspot.de/2016/12/chrome-os-exploit-one-byte-overflow-and.html

2017 (70)

https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/

https://googleprojectzero.blogspot.de/2017/02/lifting-hyper-visor-bypassing-samsungs.html

http://blog.quarkslab.com/analysis-of-ms16-104-url-files-security-feature-bypass-cve-2016-3353.html

https://www.endgame.com/blog/chakra-exploit-and-limitations-modern-mitigation-techniques

https://medium.com/@justin.schuh/securing-browsers-through-isolation-versus-mitigation-15f0baced2c2#.6948zz5lj

https://samdb.xyz/revisiting-windows-security-hardening-through-kernel-address-protection/

https://medium.com/@mxatone/mitigation-bounty-4-techniques-to-bypass-mitigations-2d0970147f83#.y0v90tw9k

https://ricklarabee.blogspot.de/2017/01/virtual-memory-page-tables-and-one-bit.html

https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/#iyhRpeiGze7ZohQt.97

https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html

https://googleprojectzero.blogspot.de/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html

https://blogs.technet.microsoft.com/mmpc/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/

https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf

https://scarybeastsecurity.blogspot.de/2017/05/proving-missing-aslr-on-dropboxcom-and.html

https://blogs.technet.microsoft.com/askpfeplat/2017/04/24/windows-10-memory-protection-features/

https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5

https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf

https://www.zerodayinitiative.com/blog/2017/5/4/auditing-adobe-reader-the-open-source-attack-surface-in-closed-source-software

https://bugzilla.mozilla.org/show_bug.cgi?id=1299686

https://bugzilla.mozilla.org/show_bug.cgi?id=1287266

https://snf.github.io/2017/05/04/exploit-protection-i-page-heap/

https://googleprojectzero.blogspot.de/2017/04/exception-oriented-exploitation-on-ios.html

https://googleprojectzero.blogspot.de/2017/04/exploiting-net-managed-dcom.html

https://grsecurity.net/the_infoleak_that_mostly_wasnt.php

https://www.endgame.com/blog/disarming-control-flow-guard-using-advanced-code-reuse-attacks

https://struct.github.io/oilpan_metadata.html

https://phoenhex.re/2017-06-09/pwn2own-diskarbitrationd-privesc

https://blog.fortinet.com/2017/06/04/an-inside-look-at-cve-2017-0199-hta-and-scriptlet-file-handler-vulnerability

https://risksense.com/_api/filesystem/468/EternalBlue_RiskSense-Exploit-Analysis-and-Port-to-Microsoft-Windows-10_v1_2.pdf

https://bugs.chromium.org/p/project-zero/issues/detail?id=1258

https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis/

https://blogs.technet.microsoft.com/srd/2017/06/20/tales-from-the-msrc-from-pixels-to-poc/

https://blogs.technet.microsoft.com/mmpc/2017/06/16/analysis-of-the-shadow-brokers-release-and-mitigation-with-windows-10-virtualization-based-security/

https://www.thezdi.com/blog/2017/6/26/use-after-silence-exploiting-a-quietly-patched-uaf-in-vmware

http://acez.re/the-weak-bug-exploiting-a-heap-overflow-in-vmware/

https://www.coresecurity.com/blog/solving-post-exploitation-issue-cve-2017-7308

https://blogs.technet.microsoft.com/srd/2017/07/20/englishmansdentist-exploit-analysis/

https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/amp/

https://github.com/MortenSchenk/BHUSA2017/blob/master/us-17-Schenk-Taking-Windows-10-Kernel-Exploitation-To-The-Next-Level–Leveraging-Write-What-Where-Vulnerabilities-In-Creators-Update-wp.pdf

https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-cve-2017-0190-wmf-flaws-can-lead-data-theft-code-execution/#sf101390209

https://tyranidslair.blogspot.de/2017/07/dg-on-windows-10-s-executing-arbitrary.html

https://blog.trailofbits.com/2017/08/02/microsoft-didnt-sandbox-windows-defender-so-i-did/

https://googleprojectzero.blogspot.de/2017/08/windows-exploitation-tricks-arbitrary.html

https://beingwinsysadmin.blogspot.de/2017/07/bug-windows-10-default-user-profile-is.html

https://comsecuris.com/blog/posts/path_of_least_resistance/

https://www.zerodayinitiative.com/blog/2017/8/1/pythonizing-the-vmware-backdoor

https://sensepost.com/blog/2017/abusing-gdi-objects-for-ring0-primitives-revolution/

https://www.zerodayinitiative.com/blog/2017/8/9/the-blue-frost-security-challenge-an-exploitation-journey-for-fun-and-free-drinks

http://blog.talosintelligence.com/2017/08/windbg-and-javascript-analysis.html

https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/

https://tyranidslair.blogspot.de/2017/08/the-art-of-becoming-trustedinstaller.html

https://googleprojectzero.blogspot.de/2017/08/bypassing-virtualbox-process-hardening.html

https://alephsecurity.com/2017/08/30/untethered-initroot/

https://kitctf.de/writeups/hitb2017/babyqemu

https://github.com/hatRiot/token-priv/blob/master/abusing_token_eop_1.0.txt

https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/

https://blog.checkpoint.com/wp-content/uploads/2016/08/Exploiting-PHP-7-unserialize-Report-160829.pdf

https://comsecuris.com/blog/posts/vmware_vgpu_shader_vulnerabilities/

https://github.com/nccgroup/CVE-2017-8759/

https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/

https://blogs.technet.microsoft.com/enterprisemobility/2017/09/18/active-directory-access-control-list-attacks-and-defense/

https://hatriot.github.io/blog/2017/09/19/abusing-delay-load-dll/

https://github.com/deroko/activationcontexthook

http://www.synacktiv.ninja/posts/exploit/rce-vulnerability-in-hp-ilo.html

https://kvakil.github.io/ropchain.html

https://duo.com/assets/ebooks/Duo-Labs-The-Apple-of-Your-EFI.pdf

https://googleprojectzero.blogspot.de/2017/09/over-air-vol-2-pt-1-exploiting-wi-fi.html

https://www.zerodayinitiative.com/blog/2017/9/26/duck-assisted-code-execution-in-emc-data-protection-advisor

https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf

https://securingtomorrow.mcafee.com/mcafee-labs/microsoft-kills-potential-remote-code-execution-vulnerability-in-office-cve-2017-8630/#sf115825366

https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor

https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/

https://www.talosintelligence.com/reports/TALOS-2017-0432

https://googleprojectzero.blogspot.de/2017/10/over-air-vol-2-pt-3-exploiting-wi-fi.html

https://tyranidslair.blogspot.de/2017/10/bypassing-sacl-auditing-on-lsass.html

https://www.zerodayinitiative.com/blog/2017/10/17/wrapping-the-converter-within-foxit-reader

https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing/

https://www.cyberark.com/threat-research-blog/boundhook-exception-based-kernel-controlled-usermode-hooking/

https://hvinternals.blogspot.de/2015/10/hyper-v-debugging-for-beginners.html

https://hvinternals.blogspot.de/2017/10/hyper-v-debugging-for-beginners-part-2.html

https://theevilbit.blogspot.de/2017/10/abusing-gdi-objects-bitmap-objects-size.html

https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability

https://www.zerodayinitiative.com/blog/2017/10/27/on-the-trail-to-mobile-pwn2own

https://nickbloor.co.uk/2017/10/22/analysis-of-cve-2017-12628/

https://www.zerodayinitiative.com/blog/2017/8/24/deconstructing-a-winning-webkit-pwn2own-entry

https://riscybusiness.wordpress.com/2017/10/07/hiding-your-process-from-sysinternals/

https://statuscode.ch/2017/11/from-markdown-to-rce-in-atom/

https://hackernoon.com/afl-unicorn-part-2-fuzzing-the-unfuzzable-bea8de3540a5

https://signal11.io/index.php/2017/11/19/attacking-uninitialized-variables-with-recursion/

https://bugs.chromium.org/p/project-zero/issues/detail?id=1332

https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/

https://posts.specterops.io/lateral-movement-using-outlooks-createobject-method-and-dotnettojscript-a88a81df27eb

https://bugs.chromium.org/p/chromium/issues/detail?id=766253

https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about

https://salls.github.io/Linux-Kernel-CVE-2017-5123/

https://pleasestopnamingvulnerabilities.com/

results matching ""

    No results matching ""