Research

Hardware

Nr URL Description Date Author OS/Arch Info
1 https://www.blackhat.com/docs/us-14/mate... QSEE TrustZone Kernel Integer Overflow Vulnerability 01-07-2014 Dan Rosenberg Android N/A
1 http://atredispartners.blogspot.de/2014/... Here Be Dragons: Vulnerabilities in TrustZone 14-08-2014 Nathan Keltner ARM N/A
2 https://www.blackhat.com/docs/us-15/mate... Exploiting Trustzone on Android xx-08-2015 Di Shen Android CVE-2015-4421, CVE-2015-4422
3 http://blog.invisiblethings.org/papers/2... Intel x86 considered harmful xx-10-2015 Joanna Rutkowska Intel x86 N/A
4 http://blog.invisiblethings.org/papers/2... State considered harmful - A proposal for a stateless laptop xx-12-2015 Joanna Rutkowska - N/A

Compilers, Interpreters

Nr URL Description Date Author OS/Arch Info
1 https://code.google.com/p/em386/download... Exploring the STL: Owning erase( ) 20-07-2009 Chris Rohlf Linux -

Virtualization

Nr URL Description Date Author OS/Arch Info
1 https://www.ernw.de/download/newsletter/ERN... XENPWN: BREAKING PARAVIRTUALIZED DEVICES 17-07-2016 Felix Wilhelm - N/A

Operating System

Heap

Nr URL Description Date Author OS/Arch Info
1 https://www.blackhat.com/presentations/b... Understanding the heap by breaking it xx-08-2007 Jusint N. Ferguson Linux N/A
2 https://media.blackhat.com/eu-13/briefin... Advanced Heap Manipulation in Windows 8 15-03-2013 Zhenhua (Eric) Liu Windows 8 N/A
3 https://www.corelan.be/index.php/2016/07... Windows 10 x86/wow64 Userland heap 05-07-2016 corelanc0d3r Windows 10 N/A
4 https://www.blackhat.com/docs/us-16/mate... WINDOWS 10 SEGMENT HEAP INTERNALS xx-08-2016 Mark Vincent Yason Windows 10 N/A

Kernel

Nr URL Description Date Author OS/Arch Info
1 http://census-labs.com/media/bheu-2010-w... Binding the Daemon: FreeBSD Kernel Stack and Heap Exploitation 22-04-2010 Patroklos (argp) Argyroudis FreeBSD CVE-2008-3531
2 http://www.mista.nu/research/MANDT-kerne... Kernel Pool Exploitation on Windows 7 12-01-2011 Tarjei (kernelpool) Mandt Windows N/A
3 http://sysc.tl/2012/01/03/linux-kernel-h... The Linux kernel memory allocators from an exploitation perspective 03-01-2012 Patroklos (argp) Argyroudis Linux N/A
4 https://media.blackhat.com/bh-us-12/Brie... iOS Kernel Heap Armageddon 26-07-2012 Stefan Esser iOS N/A
5 http://blog.azimuthsecurity.com/2013/12/... Attacking Zone Page Metadata in iOS 7 and OS X Mavericks 19-12-2013 Tarjei (kernelpool) Mandt iOS N/A

General

Nr URL Description Date Author OS/Arch Info
1 https://labs.mwrinfosecurity.com/system/... Windows Services – All roads lead to SYSTEM 31-10-2014 Article Windows N/A
2 http://census-labs.com/media/Fuzzing_Object... Fuzzing Objects d’ART: Digging Into the New Android L Runtime Internals 18-06-2015 Anestis Bechtsoudis Android Lollipop N/A
3 http://googleprojectzero.blogspot.de/2015... Revisiting Apple IPC: (1) Distributed Objects 28-09-2015 Ian Beer Mac N/A
4 https://googleprojectzero.blogspot.de/20... The Definitive Guide on Win32 to NT Path Conversion 29-02-2016 James Forshaw Windows N/A
5 https://labs.mwrinfosecurity.com/publications/qnx-architectural/ QNX: Security Architecture Whitepaper 16-03-2016 Alex Plaskett, Georgi Geshev QNX N/A
6 https://specterops.io/assets/resources/S.... Subverting Trust in Windows xx-09-2017 Matt Graeber Windows N/A

Application

Just-In-Time (JIT) and Virtual Machines (VM)

Nr URL Description Date Author OS/Arch Info
1 http://www.inf.fu-berlin.de/groups/ag-si... Application-Specific Attacks: Leveraging the ActionScript Virtual Machine xx-04-2008 Mark Dowd - -
2 http://dsecrg.com/files/pub/pdf/Writing%20J... Writing JIT-Spray Shellcode for fun and profit 05-03-2010 Alexey Sintsov Windows, x86-32 N/A
3 http://www.matasano.com/research/Attacki... Attacking Clientside JIT Compilers 07-08-2011 Chris Rohlf, Yan Ivnitsky - N/A
4 http://blog.cdleary.com/2011/08/understa... Understanding JIT spray 29-08-2011 Chris Leary - N/A
5 https://web.archive.org/web/201502060818... JIT Spraying Primer and CVE-2010-3654 26-05-2012 Gal Badishi Windows CVE-2010-3654
6 http://mainisusuallyafunction.blogspot.d... Attacking hardened Linux systems with kernel JIT spraying 17-11-2012 keegan Linux NA
7 http://zhodiac.hispahack.com/my-stuff/se... Flash JIT – Spraying info leak gadgets 19-07-2013 Fermin J. Serna - N/A
8 https://xuanwulab.github.io/2015/06/09/R... Research report on using JIT to trigger RowHammer 09-06-2015 R3dF09 - N/A

Custom or Application-specific Heaps

Nr URL Description Date Author OS/Arch Info
1 https://sites.google.com/site/zerodayres... Adobe Reader's Custom Memory Management: A Heap Of Trouble 22-04-2010 Haifei Li, Guillaume Lovet - CVE-2010-1241
2 https://media.blackhat.com/bh-us-12/Brie... Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap 25-07-2012 Patroklos (argp) Argyroudis, Chariton (huku) Karamitas *nix N/A
3 https://communities.coverity.com/blogs/s... Windows 8 Heap Internals 31-07-2012 Chris Valasek Windows N/A
4 https://struct.github.io/partition_alloc... PartitionAlloc - A shallow dive and some rand 22-01-2016 Chris Rohlf - N/A

Application Internals And Attacks

Nr URL Description Date Author OS/Arch Info
1 http://media.blackhat.com/bh-ad-11/Drake... Exploiting Memory Corruption Vulnerabilities in the Java Runtime 15-12-2011 Joshua (jduck) J. Drake - CVE-2009-3869, CVE-2010-3552
2 https://media.blackhat.com/bh-us-12/Brie... DIGGING DEEP INTO THE FLASH SANDBOXES xx-xx-2012 Paul Sabanal, Mark Vincent Yason - N/A
3 https://web.archive.org/web/201301190934... Google Native Client - Analysis Of A Secure Browser Plugin Sandbox 25-07-2012 Whitepaper - N/A
4 http://seclists.org/bugtraq/2012/Sep/29 Internet Explorer Script Interjection Code Execution (updated) 06-09-2012 Derek Soeder Windows N/A
5 https://sites.google.com/site/zerodayres... Smashing the Heap with Vector: Advanced Exploitation Technique in Recent Flash Zero-day Attack xx-02-2013 Haifei Li - CVE-2013-0634
6 http://www.slideshare.net/xiong120/explo... Exploit IE Using Scriptable ActiveX Controls (version English) 22-03-2014 Yuki (guhe120) Chen Windows N/A
7 http://blog.fortinet.com/post/advanced-e... Advanced Exploit Techniques Attacking the IE Script Engine 16-06-2014 Zhenhua 'Eric' Liu Windows N/A
8 https://www.blackhat.com/docs/us-14/mate... Thinking outside the sandbox - Violating trust boundaries in uncommon ways 05-08-2014 Brian Gorenc, Jasiel Spelman Windows CVE-2014-1705, CVE-2014-4015, CVE-2014-0506, CVE-2014-1713
9 https://www.blackhat.com/docs/us-15/mate... UNDERSTANDING THE ATTACK SURFACE AND ATTACK RESILIENCE OF PROJECT SPARTAN'S (EDGE) NEW EDGEHTML RENDERING ENGINE xx-08-2015 Mark Vincent Yason Windows N/A
10 https://www.blackhat.com/docs/us-16/mate... The art of reverse-engineering Flash exploits xx-07-2016 Jeong Wook Oh - CVE-2015-5122, CVE-2015-8651, CVE-2016-1010, CVE-2015-0336, CVE-2015-8446, CVE-2015-8651

Exploitation Techniques

Nr URL Description Date Author OS/Arch Info
1 http://cansecwest.com/slides07/Vector-Re... Vector Rewrite Attack - Exploitable NULL Pointer Vulnerabilities on ARM and XScale Architectures xx-03-2007 Barnaby Jack ARM/XScale -
2 http://ifsec.blogspot.com/2011/06/memory... Memory disclosure technique for Internet Explorer 09-06-2011 Ivan Fratric Windows, x86-32 N/A
3 https://web.archive.org/web/20130524082... White Phosphorus Exploit Pack Sayonara ASLR DEP Bypass Technique 21-06-2011 Note Windows, x86-32 N/A
4 https://media.blackhat.com/bh-us-11/Bros... Post Memory Corruption Memory Analysis 03-08-2011 Jonathan Brossard Linux, x86 N/A
5 http://zhodiac.hispahack.com/my-stuff/se... CVE-2012-0769, the case of the perfect info leak 09-04-2012 Fermin J. Serna Windows CVE-2012-0769
6 http://diyhpl.us/~bryan/papers2/security... Android exploitation primers: lifting the veil on mobile offensive security (Vol. I) xx-08-2012 Larry H, Bastian F Android CVE-2010-4577
7 http://h30499.www3.hp.com/t5/HP-Security... Verifying Windows Kernel Vulnerabilities 30-10-2013 Article Windows N/A
8 https://community.rapid7.com/community/m... "Hack Away at the Unessential" with ExpLib2 in Metasploit 07-04-2014 Wei Chen Windows N/A
9 https://doar-e.github.io/blog/2014/04/30... Corrupting the ARM Exception Vector Table 30-04-2014 Amat "acez" Cama ARM N/A
10 http://tfpwn.com/blog/turn-it-into-a-uaf... Turn it into a UAF 11-01-2015 Alexander Eubanks - N/A
11 https://blog.coresecurity.com/2015/09/28... Abusing GDI for ring0 exploit primitives 28-09-2015 Diego Juarez Windows N/A
12 https://www.nccgroup.trust/uk/our-resear... Exploitation Advancements 07-10-2015 Aaron Adams - N/A
13 https://0b3dcaf9-a-62cb3a1a-s-sites.goog... #BadWinMail: The "Enterprise Killer" Attack Vector in Microsoft Outlook xx-12-2015 Haifei Li Windows N/A
14 http://blog.skylined.nl/20161118001.html Tetris heap spraying: spraying the heap on a budget 18-11-2016 skylined - N/A

Heap/Pool-spray

Nr URL Description Date Author OS/Arch Info
1 http://www.phreedom.org/presentations/he... Heap Feng Shui in JavaScript 2007 Alexander Sotirov Windows, x86-32 N/A
2 http://www.exploit-monday.com/2011/08/ta... Targeted Heap Spraying – 0x0c0c0c0c is a Thing of the Past 29-08-2011 Matt Graeber - N/A
3 https://www.corelan.be/index.php/2011/12... Exploit writing tutorial part 11 : Heap Spraying Demystified 31-12-2011 corelanc0d3r Windows, x86-32 N/A
4 https://www.corelan.be/index.php/2013/02... DEPS – Precise Heap Spray on Firefox and IE10 19-02-2013 corelanc0d3r Windows N/A
5 http://blog.ptsecurity.com/2013/03/stars... Stars aligner’s how-to: kernel pool spraying and VMware CVE-2013-1406 06-03-2013 Article Windows CVE-2013-1406
6 http://www.alex-ionescu.com/?p=231 Sheep Year Kernel Heap Fengshui: Spraying in the Big Kids’ Pool 29-12-2014 Alex Ionescu Windows N/A
7 https://theevilbit.blogspot.de/2017/09/p... Windows kernel pool spraying fun - Part 1 - Determine kernel object size 05-09-2017 theevilbit Windows N/A
8 https://theevilbit.blogspot.de/2017/09/w... Windows kernel pool spraying fun - Part 2 - More objects 11-09-2017 theevilbit Windows N/A
9 https://theevilbit.blogspot.de/2017/09/w... Windows kernel pool spraying fun - Part 3 - Let's make holes 14-09-2017 theevilbit Windows N/A

Mitigation Techniques

Nr URL Description Date Author OS/Arch Info
1 http://j00ru.vexillium.org/?p=1038 Windows Kernel Address Protection xx-08-2011 Mateusz (j00ru) Jurczyk Windows N/A
2 http://www.vdalabs.com/tools/DeMott_Blue... BlueHat Prize Submission (/ROP) xx-03-2012 Jared DeMott Windows N/A

General

Nr URL Description Date Author OS/Arch Info
1 http://reversing.it/thesis.pdf Securing Application Software in Modern Adversarial Settings xx-07-2015 Felix Schuster - N/A
2 http://go.armis.com/hubfs/BlueBorne%20Te... BlueBorne xx-09-2017 Ben Seri, Gregory Vishnepolsky - N/A
3 https://www.qualys.com/2017/06/19/stack-... The Stack Clash 19-06-2017 Qualys - N/A
4 https://www.riscure.com/uploads/2017/10/... Escalating Privileges in Linux using Voltage Fault Injection xx-10-2017 Niek Timmers, Cristofaro Mune Linux N/A

results matching ""

    No results matching ""