Nr URL Description Date Author OS/Arch Info
1 QSEE TrustZone Kernel Integer Overflow Vulnerability 01-07-2014 Dan Rosenberg Android N/A
1 Here Be Dragons: Vulnerabilities in TrustZone 14-08-2014 Nathan Keltner ARM N/A
2 Exploiting Trustzone on Android xx-08-2015 Di Shen Android CVE-2015-4421, CVE-2015-4422
3 Intel x86 considered harmful xx-10-2015 Joanna Rutkowska Intel x86 N/A
4 State considered harmful - A proposal for a stateless laptop xx-12-2015 Joanna Rutkowska - N/A

Compilers, Interpreters

Nr URL Description Date Author OS/Arch Info
1 Exploring the STL: Owning erase( ) 20-07-2009 Chris Rohlf Linux -


Nr URL Description Date Author OS/Arch Info

Operating System


Nr URL Description Date Author OS/Arch Info
1 Understanding the heap by breaking it xx-08-2007 Jusint N. Ferguson Linux N/A
2 Advanced Heap Manipulation in Windows 8 15-03-2013 Zhenhua (Eric) Liu Windows 8 N/A
3 Windows 10 x86/wow64 Userland heap 05-07-2016 corelanc0d3r Windows 10 N/A
4 WINDOWS 10 SEGMENT HEAP INTERNALS xx-08-2016 Mark Vincent Yason Windows 10 N/A


Nr URL Description Date Author OS/Arch Info
1 Binding the Daemon: FreeBSD Kernel Stack and Heap Exploitation 22-04-2010 Patroklos (argp) Argyroudis FreeBSD CVE-2008-3531
2 Kernel Pool Exploitation on Windows 7 12-01-2011 Tarjei (kernelpool) Mandt Windows N/A
3 The Linux kernel memory allocators from an exploitation perspective 03-01-2012 Patroklos (argp) Argyroudis Linux N/A
4 iOS Kernel Heap Armageddon 26-07-2012 Stefan Esser iOS N/A
5 Attacking Zone Page Metadata in iOS 7 and OS X Mavericks 19-12-2013 Tarjei (kernelpool) Mandt iOS N/A


Nr URL Description Date Author OS/Arch Info
1 Windows Services – All roads lead to SYSTEM 31-10-2014 Article Windows N/A
2 Fuzzing Objects d’ART: Digging Into the New Android L Runtime Internals 18-06-2015 Anestis Bechtsoudis Android Lollipop N/A
3 Revisiting Apple IPC: (1) Distributed Objects 28-09-2015 Ian Beer Mac N/A
4 The Definitive Guide on Win32 to NT Path Conversion 29-02-2016 James Forshaw Windows N/A
5 QNX: Security Architecture Whitepaper 16-03-2016 Alex Plaskett, Georgi Geshev QNX N/A
6 Subverting Trust in Windows xx-09-2017 Matt Graeber Windows N/A


Just-In-Time (JIT) and Virtual Machines (VM)

Nr URL Description Date Author OS/Arch Info
1 Application-Specific Attacks: Leveraging the ActionScript Virtual Machine xx-04-2008 Mark Dowd - -
2 Writing JIT-Spray Shellcode for fun and profit 05-03-2010 Alexey Sintsov Windows, x86-32 N/A
3 Attacking Clientside JIT Compilers 07-08-2011 Chris Rohlf, Yan Ivnitsky - N/A
4 Understanding JIT spray 29-08-2011 Chris Leary - N/A
5 JIT Spraying Primer and CVE-2010-3654 26-05-2012 Gal Badishi Windows CVE-2010-3654
6 http://mainisusuallyafunction.blogspot.d... Attacking hardened Linux systems with kernel JIT spraying 17-11-2012 keegan Linux NA
7 Flash JIT – Spraying info leak gadgets 19-07-2013 Fermin J. Serna - N/A
8 Research report on using JIT to trigger RowHammer 09-06-2015 R3dF09 - N/A

Custom or Application-specific Heaps

Nr URL Description Date Author OS/Arch Info
1 Adobe Reader's Custom Memory Management: A Heap Of Trouble 22-04-2010 Haifei Li, Guillaume Lovet - CVE-2010-1241
2 Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap 25-07-2012 Patroklos (argp) Argyroudis, Chariton (huku) Karamitas *nix N/A
3 Windows 8 Heap Internals 31-07-2012 Chris Valasek Windows N/A
4 PartitionAlloc - A shallow dive and some rand 22-01-2016 Chris Rohlf - N/A

Application Internals And Attacks

Nr URL Description Date Author OS/Arch Info
1 Exploiting Memory Corruption Vulnerabilities in the Java Runtime 15-12-2011 Joshua (jduck) J. Drake - CVE-2009-3869, CVE-2010-3552
2 DIGGING DEEP INTO THE FLASH SANDBOXES xx-xx-2012 Paul Sabanal, Mark Vincent Yason - N/A
3 Google Native Client - Analysis Of A Secure Browser Plugin Sandbox 25-07-2012 Whitepaper - N/A
4 Internet Explorer Script Interjection Code Execution (updated) 06-09-2012 Derek Soeder Windows N/A
5 Smashing the Heap with Vector: Advanced Exploitation Technique in Recent Flash Zero-day Attack xx-02-2013 Haifei Li - CVE-2013-0634
6 Exploit IE Using Scriptable ActiveX Controls (version English) 22-03-2014 Yuki (guhe120) Chen Windows N/A
7 Advanced Exploit Techniques Attacking the IE Script Engine 16-06-2014 Zhenhua 'Eric' Liu Windows N/A
8 Thinking outside the sandbox - Violating trust boundaries in uncommon ways 05-08-2014 Brian Gorenc, Jasiel Spelman Windows CVE-2014-1705, CVE-2014-4015, CVE-2014-0506, CVE-2014-1713
10 The art of reverse-engineering Flash exploits xx-07-2016 Jeong Wook Oh - CVE-2015-5122, CVE-2015-8651, CVE-2016-1010, CVE-2015-0336, CVE-2015-8446, CVE-2015-8651

Exploitation Techniques

Nr URL Description Date Author OS/Arch Info
1 Vector Rewrite Attack - Exploitable NULL Pointer Vulnerabilities on ARM and XScale Architectures xx-03-2007 Barnaby Jack ARM/XScale -
2 Memory disclosure technique for Internet Explorer 09-06-2011 Ivan Fratric Windows, x86-32 N/A
3 White Phosphorus Exploit Pack Sayonara ASLR DEP Bypass Technique 21-06-2011 Note Windows, x86-32 N/A
4 Post Memory Corruption Memory Analysis 03-08-2011 Jonathan Brossard Linux, x86 N/A
5 CVE-2012-0769, the case of the perfect info leak 09-04-2012 Fermin J. Serna Windows CVE-2012-0769
6 Android exploitation primers: lifting the veil on mobile offensive security (Vol. I) xx-08-2012 Larry H, Bastian F Android CVE-2010-4577
7 Verifying Windows Kernel Vulnerabilities 30-10-2013 Article Windows N/A
8 "Hack Away at the Unessential" with ExpLib2 in Metasploit 07-04-2014 Wei Chen Windows N/A
9 Corrupting the ARM Exception Vector Table 30-04-2014 Amat "acez" Cama ARM N/A
10 Turn it into a UAF 11-01-2015 Alexander Eubanks - N/A
11 Abusing GDI for ring0 exploit primitives 28-09-2015 Diego Juarez Windows N/A
12 Exploitation Advancements 07-10-2015 Aaron Adams - N/A
13 #BadWinMail: The "Enterprise Killer" Attack Vector in Microsoft Outlook xx-12-2015 Haifei Li Windows N/A
14 Tetris heap spraying: spraying the heap on a budget 18-11-2016 skylined - N/A


Nr URL Description Date Author OS/Arch Info
1 Heap Feng Shui in JavaScript 2007 Alexander Sotirov Windows, x86-32 N/A
2 Targeted Heap Spraying – 0x0c0c0c0c is a Thing of the Past 29-08-2011 Matt Graeber - N/A
3 Exploit writing tutorial part 11 : Heap Spraying Demystified 31-12-2011 corelanc0d3r Windows, x86-32 N/A
4 DEPS – Precise Heap Spray on Firefox and IE10 19-02-2013 corelanc0d3r Windows N/A
5 Stars aligner’s how-to: kernel pool spraying and VMware CVE-2013-1406 06-03-2013 Article Windows CVE-2013-1406
6 Sheep Year Kernel Heap Fengshui: Spraying in the Big Kids’ Pool 29-12-2014 Alex Ionescu Windows N/A
7 Windows kernel pool spraying fun - Part 1 - Determine kernel object size 05-09-2017 theevilbit Windows N/A
8 Windows kernel pool spraying fun - Part 2 - More objects 11-09-2017 theevilbit Windows N/A
9 Windows kernel pool spraying fun - Part 3 - Let's make holes 14-09-2017 theevilbit Windows N/A

Mitigation Techniques

Nr URL Description Date Author OS/Arch Info
1 Windows Kernel Address Protection xx-08-2011 Mateusz (j00ru) Jurczyk Windows N/A
2 BlueHat Prize Submission (/ROP) xx-03-2012 Jared DeMott Windows N/A


Nr URL Description Date Author OS/Arch Info
1 Securing Application Software in Modern Adversarial Settings xx-07-2015 Felix Schuster - N/A
2 BlueBorne xx-09-2017 Ben Seri, Gregory Vishnepolsky - N/A
3 The Stack Clash 19-06-2017 Qualys - N/A
4 Escalating Privileges in Linux using Voltage Fault Injection xx-10-2017 Niek Timmers, Cristofaro Mune Linux N/A

results matching ""

    No results matching ""