table of contents - cloudinary · pdf filezef cekaj 9 ... criminals are getting smarter:...
TRANSCRIPT
0
1
1.1
1.2
1.3
1.4
1.5
2
3
TableofContentsIntroduction
SoftwareExploitation
AnalysisandExploitation(unprivileged)
AnalysisandExploitation(privileged)
ShellcodeDevelopment
Mitigations
Research
Malware
VariousStuff
ITSecurityCatalog
2
ITSecurityCatalogv.2.0
Previouslyprojectwaslocatedhere:https://code.google.com/p/it-sec-catalog/,butasGoogleCodehostingisgoingtoshutdown,allstuffhasbeenmigratedhere.Manychangestocontenthavebeenmadetoo:
rearrangedandsplitintomoreappropriatesections;removedsectiononanalysisofthebugsandmergedwith"BugAnalysisandExploitation";fixedlinksandinformation,restoredmanydeadlinks;replaced"Type"columnwith"Author"column;addedmeta-informationalongwithCVE,i.e.bugname.
AboutprojectThisprojecthasappearedasanattempttoindexandsummarizelinkstocomputersecurityrelatedstuff.Slides(thereisotherprojectcollectingthem),copy-pastes,wronganderroneousarticlesarenotincluded.Mainfocusissoftwareexploitation—memorycorruptionbugsandnon-corruptionbugsleadingtoremotecodeexecution(excludingweb),privilegeescalation,dataexfiltration,DoS.Malwaresectionisindevelopment.
Highlighteditems:
vulnerabilitydevelopment,softwareexploitation-sortedbytypeofvulnerability;malwareanalysis;
DisclaimerIfyounoticelinkpointingtoanarticlewithpotentiallypromotionalcharacter,pleasebeawarethatIamnotaffiliatedinanywaywithanyrelatedcompanies.LinkspostedherearepostedonlybecauseImayfindcontentinteresting.Iamnotpaidtorunthisproject,orpublishlinks.
Errorsmayoccur,soplease,don'thesitatetocontactmeifyouencounterone.
Thankstoeveryonewhocontributedtotheproject.
ITSecurityCatalog
3Introduction
SoftwareexploitationHereyoucanfindlinkstoarticlesonsoftwareexploitation,vulnerabilitydevelopment,exploitanalysis,sourcecodeanalysis,differentresearches,andotherstuff.
Followingheadingscorrespondtotheclassificationofvulnerabilitiesandrelatedtopics.
ITSecurityCatalog
4SoftwareExploitation
Buganalysisandexploitation(unprivileged)Bugandexploitanalysisanddevelopmentinuser-land.
Bufferoverflows
Stack-basedbufferoverrun
StructuredExceptionHandler
ITSecurityCatalog
5AnalysisandExploitation(unprivileged)
Nr URL Description Date Author
1 https://web.archive.org/web/2012072413294...
UnderstandingSEH(StructuredExceptionHandler)Exploitation
06-07-2009
DonnyHubener
2 http://www.corelan.be/index.php/2009...
Exploitwritingtutorialpart3:SEHBasedExploits
25-07-2009
corelanc0d3r
3 http://www.corelan.be/index.php/2009...
Exploitwritingtutorialpart3b:SEHBasedExploits–justanotherexample
28-07-2009
corelanc0d3r
4 http://grey-corner.blogspot.com/2010/01/...
SEHStackBasedBufferOverflowTutorial
07-01-2010
StephenBradshaw
5 http://www.ethicalhacker.net/content/vie...
Tutorial:SEHBasedExploitsandtheDevelopmentProcess
04-05-2010
Mark(n1p)Nicholls
6 https://docs.google.com/viewer?a=v&pid=e... DebugginganSEH0day
29-05-2010
mr_me
7 http://resources.infosecinstitute.com/se...
SEHBasedOverflowExploitTutorial
28-04-2011
StephenBradshaw
Stackbufferoverrun
Nr URL Description Date Author
1 http://blogs.securiteam.com/index.php/ar...
HeapSpraying:ExploitingInternetExplorerVML0-day
23-09-2006
TriratKiraP
Exploit
ITSecurityCatalog
6AnalysisandExploitation(unprivileged)
2 http://www.corelan.be/index.php/200...writingtutorialpart1:StackBasedOverflows
19-07-2009
corelanc0d3r
3 http://www.corelan.be/index.php/200...
Exploitwritingtutorialpart2:StackBasedOverflows–jumpingtoshellcode
23-07-2009
corelanc0d3r
4 http://grey-corner.blogspot.com/2010/01/...
StackBasedBufferOverflowTutorial
07-01-2010
StephenBradshaw
5 http://www.phreedom.org/research/vulnera...WindowsANIheaderbufferoverflow
29-03-2010
AlexanderSotirov
6 http://www.offensive-security.com/vulnde...
EvocamRemoteBufferOverflowonOSX
04-06-2010
Paul(d1dn0t)Harrington
7 http://turkeyland.net/projects/overflow/...BufferOverflowsandYou
04-08-2010
JeffreyA.Turkstra
8 http://dvlabs.tippingpoint.com/blog/2010...
SecurityAdvisoryforNetWare6.5OpenSSH
01-09-2010
ZefCekaj
9 http://www.vupen.com/blog/20100909.Adobe...
CriminalsAreGettingSmarter:AnalysisoftheAdobeAcrobat/Reader0-DayExploit
09-09-2010
NicolasJoly
10 http://www.exploit-db.com/bypassing-uac-...
BypassingUACwithUserPrivilegeunderWindowsVista/7–
26-11-2010
muts
ITSecurityCatalog
7AnalysisandExploitation(unprivileged)
Mirror
11 http://www.exploit-db.com/docs/16030.pdf...
Non-ExecutableStackARMExploitation
23-01-2011
Itzhak(Zuk)Avraham
12 http://0x1byte.blogspot.co.il/2011/02/cv...
AnalysisofCVE2010-3333MicrosoftOfficeRTFFileStackBufferOverflowVulnerability
20-02-2011
AlexanderGavrun
13 http://resources.infosecinstitute.com/st...
StackBasedBufferOverflowTutorial,part1—Introduction
09-03-2011
StephenBradshaw
14 http://resources.infosecinstitute.com/st...
StackBasedBufferOverflowTutorial,part2—Exploitingthestackoverflow
09-03-2011
StephenBradshaw
15 http://resources.infosecinstitute.com/st...
StackBasedBufferOverflowTutorial,part3—Addingshellcode
09-03-2011
StephenBradshaw
16 https://web.archive.org/web/201310071419...SmashingthestackinWindows8
xx-09-2011
DavideQuarta
17 http://research.reversingcode.com/index....
AppleQuickTimePlayerH.264issues
01-09-2011
rmallof
18 http://blogs.securiteam.com/index.php/ar...VMwareUDFStackBufferOverflow
10-10-2011
SecventureGroup
19 http://www.greyhathacker.net/?p=380
RemoteExecComputersListBuffer
06-11- Parvez
ITSecurityCatalog
8AnalysisandExploitation(unprivileged)
OverflowROPExploit
2011
20 https://web.archive.org/web/20131207185...
ATextbookBufferOverflow:ALookattheFreeBSDtelnetdCode
25-12-2011
DustinSchultz
21 http://www.poppopret.org/?p=40
AnatomyofaSCADAExploit:Part1–FromOverflowtoEIP
07-01-2012
MichaelCoppola
22 http://www.greyhathacker.net/?p=549
HeapsprayinginInternetExplorerwithropnops
19-06-2012
Parvez
23 http://www.poppopret.org/?p=141
AnatomyofaSCADAExploit:Part2–FromEIPtoShell
21-08-2012
MichaelCoppola
24 https://community.rapid7.com/community/m...
NewMetapsloitExploit:SAPNetWeaverCVE-2012-2611
06-09-2012
JuanVasquez
25 http://www.devttys0.com/2012/10/exploiti...ExploitingaMIPSStackOverflow
08-10-2012
Craig
26 http://www.cyvera.com/how-to-exploit-cve...
HOWTOEXPLOITCVE-2010-3333
28-11-2012
GalBadishi
27 http://shar33f12.blogspot.com.es/2012/10... ROP01-11-2012
shareef12
28 http://www.exploit-db.com/papers/24085/
StackSmashingOnAModernLinuxSystem
21-12-2012
jip
29 http://blog.exodusintel.com/2013/01/07/w...DoS?ThenWhoWas
07-01- exodusintel.com
ITSecurityCatalog
9AnalysisandExploitation(unprivileged)
Phone? 2013
30 http://sitsec.net/blog/2013/04/22/stack-...
Stack-basedBufferOverflowintheVPNSoftwaretincforAuthenticatedPeers
22-04-2013
MartinSchobert
31 https://web.archive.org/web/201307080736...
Analysisofnginx1.3.9/1.4.0stackbufferoverflowandx64exploitation(CVE-2013-2028)
21-05-2013
w00d
32 http://www.exploit-db.com/docs/27657.pdf...
Smashingthestack,anexamplefrom2013
17-08-2013
BenjaminRandazzo
33 http://csmatt.com/notes/?p=96
MIPSBufferOverflowswithBowcaster
13-10-2013
MattDefenthaler
34 http://funoverip.net/2013/10/watchguard-...
WatchGuard–CVE-2013-6021–StackBasedBufferOverflowExploit
27-10-2013
foip
35 http://dl.packetstormsecurity.net/papers...
64BitsLinuxStackBasedBufferOverflow
09-06-2014
Mr.Un1k0d3r
36 https://hatriot.github.io/blog/2015/01/0...NtpdcLocalBufferOverflow
06-01-2015
BryanAlexander
37 http://blog.techorganic.com/2015/04/10/64...
64-bitLinuxStackSmashingTutorial:Part1
10-04-2015
superkojiman
38 http://blog.techorganic.com/2015/04/21/64...
64-bitLinuxStackSmashing
21-04- superkojiman
ITSecurityCatalog
10AnalysisandExploitation(unprivileged)
38 http://blog.techorganic.com/2015/04/21/64... StackSmashingTutorial:Part2
21-04-2015
superkojiman
39 http://5d4a.wordpress.com/2010/10/13/my-... Smashingthestackin2010
xx-09-2015
MarianoGraziano,AndreaCugliari
40 http://googleprojectzero.blogspot.de/201...
Kaspersky:MoUnpackers,MoProblems.
22-09-2015
TavisOrmandy
UnicodeStackBufferOverrun
Nr URL Description Date Author OS/Arch
1 http://newsoft-tech.blogspot.com/2012/01...
MS11-014:thisisnotthebugyourarelookingfor…
10-01-2012
newsoft Windows,x86-32
CVE-2011-0039
2 http://www.floyd.ch/?p=629
AutomatedgenerationofcodealignmentcodeforUnicodebufferoverflowexploitation
17-01-2012
floyd Windows,x86-32 N/A
Heap-basedbufferoverrun
Out-of-boundsread/write
Off-by-oneerrors
ITSecurityCatalog
11AnalysisandExploitation(unprivileged)
Nr URL Description Date Author
1 http://site.pi3.com.pl/adv/libopie-adv.t...
libopie__readrec()off-byone(FreeBSDftpdremotePoC)
27-05-2010
MaksymilianArciemowicz,Adam(pi3)Zabrocki
2 https://drive.google.com/file/d/0B6P-iHu...
Skypev5.9.0.123andBelowRemoteDefaultUnauthenticatedOff-By-One
06-10-2012
KostyaKortchinsky
3 http://doar-e.github.io/blog/2013/09/09/...
PinpointingHeap-relatedIssues:OllyDbg2Off-by-oneStory
09-09-2013
Axel(0vercl0k)Souchet
4 http://googleprojectzero.blogspot.de/201...ThepoisonedNULbyte,2014edition
25-08-2014
ChrisEvans
Heapbufferoverrun
Nr URL Description Date
1 http://www.cgsecurity.org/exploit/heaptu... w00w00onHeapOverflows xx-01-1999
2 http://immunitysec.com/downloads/msrpche...,http://immunitysec.com/downloads/msrpche
ExploitingtheMSRPCHeapOverflow
11-09-2003
3 https://web.archive.org/web/201205211422...WindowsHeapOverflowExploitation
02-02-2004
4 http://www.exploit-db.com/papers/13178/
WindowsHeapOverflowsusingtheProcessEnvironmentBlock(PEB)
31-05-2006
5 http://www.h-online.com/security/feature...
Aheapofrisk:Bufferoverflowsontheheapandhowtheyareexploited
28-06-2006
Engineering
ITSecurityCatalog
12AnalysisandExploitation(unprivileged)
6 https://web.archive.org/web/201309030849... HeapOverowExploitswithJavaScript
08-09-2008
7 http://www.blackhat.com/presentations/bh...
PracticalWindowsXP/2003HeapExploitation
xx-07-09
8 https://web.archive.org/web/201003271111...
0x41-weeklyexploitationmatters-Heapoverflowfundamentals
23-03-2010
9 http://blogs.cisco.com/security/comments...
ExploringHeap-BasedBufferOverflowswiththeApplicationVerifier
29-03-2010
10 http://grey-corner.blogspot.com/2010/03/...
TheDifferenceBetweenHeapOverflowandUseAfterFreeVulnerabilities
31-03-2010
11 http://index-of.es/Misc/HeapCacheExploi...
HeapCacheExploitation-WhitePaperbyIBMInternetSecuritySystems
xx-07-2010
12 https://web.archive.org/web/201110070918...HeapOverflowsForHumans–101
24-10-2010
13 https://web.archive.org/web/201112310609... WhenADoSIsn'tADoS 16-12-2010
14 http://www.vupen.com/blog/20101221.Exim_...
TechnicalAnalysisofExim"string_vformat()"BufferOverflowVulnerability
21-12-2010
15 https://web.archive.org/web/201111090317...
FromPatchtoProof-of-Concept:MS10-081
10-01-2011
16 http://vreugdenhilresearch.nl/ms11-002-p...MS11-002Pwn2Ownheapoverflow
12-01-2011
ITSecurityCatalog
13AnalysisandExploitation(unprivileged)
17 http://www.skullsecurity.org/blog/2011/a... Adeeperlookatms11-058 23-08-2011
18 https://web.archive.org/web/201110070919...HeapOverflowsForHumans–102
02-09-2011
19 http://www.vupen.com/blog/20120117.Advan...
Analysis&AdvancedExploitationofWindowsMultimediaLibraryHeapOverflow(MS12-004)
17-01-2012
20 https://web.archive.org/web/201502190758... HeapOverflowsForHumans104 11-03-2012
21 http://www.vupen.com/blog/20120710.Advan...
AdvancedExploitationofInternetExplorerHeapOverflow(Pwn2Own2012Exploit)
10-07-2012
22 https://community.rapid7.com/community/m...
New0dayExploits:NovellFileReporterVulnerabilities
16-11-2012
23 https://community.rapid7.com/community/m...
NewMetasploitExploit:CrystalReportsViewerCVE-2010-2590
19-12-2012
24 https://www.corelan.be/index.php/2013/02...
RootCauseAnalysis–MemoryCorruptionVulnerabilities
26-02-2013
25 http://blog.binamuse.com/2013/05/readerb...
AdobeReaderBMP/RLEheapcorruption-CVE-2013-2729
14-05-2013
26 http://blog.stalkr.net/2013/06/golang-he...
Golangheapcorruptionduringgarbagecollection
04-06-2013
TheDualUseExploit:CVE-2013-3906Used
ITSecurityCatalog
14AnalysisandExploitation(unprivileged)
27 https://www.fireeye.com/blog/threat-rese... inBothTargetedAttacksandCrimewareCampaigns
07-11-2013
28 http://www.crowdstrike.com/blog/analysis...AnalysisofaCVE-2013-3906Exploit
09-12-2013
29 https://hackerone.com/reports/1356
PHPHeapOverflowVulnerabilityinimagecrop()
06-02-2014
30 http://h30499.www3.hp.com/t5/HP-Security...
TechnicalAnalysisofCVE-2014-1761RTFVulnerability
07-04-2014
31 http://radare.today/technical-analysis-o...
TechnicalAnalysisOfTheGnuTLSHelloVulnerability
01-06-2014
32 http://h30499.www3.hp.com/t5/HP-Security...
ZDI-14-173/CVE-2014-0195-OpenSSLDTLSFragmentOut-of-BoundsWrite:Breakingupishardtodo
05-06-2014
33 http://googleprojectzero.blogspot.de/201...pwn4funSpring2014-Safari-PartI
24-07-2014
34 http://www.vupen.com/blog/20140725.Advan...
AdvancedExploitationofVirtualBox3DAccelerationVMEscapeVulnerability(CVE-2014-0983)
25-07-2014
35 https://fail0verflow.com/blog/2014/hubca...HubCap:pwningtheChromeCastpt.1
29-08-2014
36 https://fail0verflow.com/blog/2014/hubca...HubCap:pwningtheChromeCastpt.2
04-09-2014
37 http://googleprojectzero.blogspot.de/201...
ExploitingCVE-2014-0556inFlash 23-09-2014
ITSecurityCatalog
15AnalysisandExploitation(unprivileged)
Flash
38 http://acez.re/ps-vita-level-1-webkittie... PSVitaLevel1:Webkitties 31-10-2014
39 https://labs.integrity.pt/articles/from-...
FROM0-DAYTOEXPLOIT–BUFFEROVERFLOWINBELKINN750(CVE-2014-1635)
06-11-2014
40 http://blog.beyondtrust.com/cve-2014-182...
CVE-2014-1824–ANewWindowsFuzzingTarget
25-11-2014
41 http://www.openwall.com/lists/oss-securi...GHOST:glibcgethostbynamebufferoverflow
27-05-2015
42 http://www.isightpartners.com/2015/07/mi...
MicrosoftOfficeZero-DayCVE-2015-2424LeveragedByTsarTeam
15-07-2015
43 http://blogs.cisco.com/security/talos/ap...
VulnerabilitySpotlight:AppleQuicktimeCorruptstblAtomRemoteCodeExecution
30-07-2015
44 http://blog.trendmicro.com/trendlabs-sec...
MediaServerTakesAnotherHitwithLatestAndroidVulnerability
17-08-2015
45 https://blog.exodusintel.com/2015/08/13/... 13-08-2015 JordanGruskovnjak
46 http://googleprojectzero.blogspot.de/201... 16-09-2015 MarkBrand
47 http://blog.fortinet.com/post/windows-jo...
WindowsJournalVulnerabilityDisclosedPlusAWeekendBonus
18-09-2015
ExploitingHeapCorruptiondueto
ITSecurityCatalog
16AnalysisandExploitation(unprivileged)
inAndroidlibcutils
Global,staticdataoverrun,and.bssoverrun
Datasegmentcontainsinitializedstaticlocalandglobaldata.BSS(BlockStartedbySymbol)segmentcontainsuninitializedstaticlocalandglobaldata.
Nr URL Description Date Author OS/Arch
1 http://roeehay.blogspot.com/2008/10/grap...
GraphvizBufferOverflowCodeExecution
08-10-2008
RoeeHay -
Formatstringinjection
ITSecurityCatalog
17AnalysisandExploitation(unprivileged)
Nr URL Description Date Author
1 https://docs.google.com/viewer?a=v&pid=e...
Windows2000FormatStringVulnerabilities
01-05-2001
DavidLitchfield
2 http://crypto.stanford.edu/cs155old/cs15...ExploitingFormatStringVulnerabilities
01-09-2001
scut/teamteso
3 https://web.archive.org/web/201012121658...Formatstringexploitationonwindows
02-02-2009
AbyssecInc
4 http://infond.blogspot.com/2010/07/tutor...Tutorialexploitationformatstring
30-07-2010
infond
5 https://docs.google.com/viewer?a=v&pid=e...Formatstrings,from%xtocalc
24-10-2010
mr_me
6 http://www.exploit-monday.com/2011/06/le...
LeveragingformatstringvulnerabilitiestointerrogateWin32processmemory
20-06-2011
MattGraeber
7 http://www.viva64.com/en/b/0129/
Wadenotinunknownwaters.Parttwo
01-02-2012
AndreyKarpov
8 http://www.vnsecurity.net/research/2012/...
ExploitingSudoformatstringvunerability
16-02-2012
longlg
9 https://web.archive.org/web/201211031120...
EIP-2012-0001:Whenwrappingitupgoeswrong…
29-08-2012
exodusintel
IntegerVulnerabilitiesIncludesintegeroverflows,underflows,signednessissues,truncationerrors.
Nr URL Description Date
ITSecurityCatalog
18AnalysisandExploitation(unprivileged)
1 http://blogs.msdn.com/b/oldnewthing/arch... Integeroverflowinthenew[]operator
01-29-2004
2 http://www.fefe.de/intof.html CatchingIntegerOverflowsinC
01-26-2007
3 http://dividead.wordpress.com/2009/06/01... glibctimezoneintegeroverflow
01-06-2009
4 http://roeehay.blogspot.com/2009/06/appl...
AppleQuickTimeImageDescriptionAtomSignExtensionMemoryCorruption
02-06-2009
5 http://site.pi3.com.pl/adv/xpdf.txt
Xpdf-IntegeroverflowwhichcausesheapoverflowandNULLpointerderefernce
06-07-2009
6 http://roeehay.blogspot.com/2009/08/advi...
Advisory:AdobeFlashPlayerandAIRAVM2intf_countIntegerOverflow
02-08-2009
7 https://code.google.com/p/em386/download... CVE-2009-3608-explained
01-10-2009
8 http://site.pi3.com.pl/adv/mod_proxy.txt
Mod_proxyfromapache1.3-Integeroverflowwhichcausesheapoverflow
27-01-2010
9 http://projects.webappsec.org/Integer-Ov... IntegerOverflowsxx-01-2010
10 https://web.archive.org/web/201107221137...
Adelicious,yetslightlycoldbanquettepreparedonthe(jump)table
xx-03-2010(?)
11 https://www.securecoding.cert.org/conflu...
INT32-C.Ensurethatoperationsonsignedintegersdonotresultinoverflow
09-09-2010
12 http://cissrt.blogspot.com/2011/02/cve-2...
CVE-2011-0045:MSWindowsXPWmiTraceMessageVaIntegerTruncationVulnerability
26-02-2011
ITSecurityCatalog
19AnalysisandExploitation(unprivileged)
13 http://scarybeastsecurity.blogspot.de/20...libxmlvulnerabilityandinterestingintegerissues
27-05-2011
14 https://bugzilla.mozilla.org/show_bug.cg...MozillaFirefox4.0.1Array.reduceRight()Vulnerability
14-06-2011
15 https://web.archive.org/web/201201080914...
Exploitingglibc__tzfile_readintegeroverflowtobufferoverflowandvsftpd
13-12-2011
16 https://web.archive.org/web/201201080914...
Moreonexploitingglibc__tzfile_readintegeroverflowtobufferoverflowandvsftpd
15-12-2011
17 http://kqueue.org/blog/2012/01/10/cve-20...CVE-2012-0038:XFSACLcountintegeroverflow
10-01-2012
18 http://www.halfdog.net/Security/2011/Apa... ApacheModSetEnvIfIntegerOverflow
11-01-2012
19 http://gdtr.wordpress.com/2012/02/22/exp...
ExploitingCVE-2011-2371(FFreduceRight)withoutnon-ASLRmodules
22-02-2012
20 http://kqueue.org/blog/2012/04/12/cve-20... CVE-2012-2100:afixtofixafixinext4
12-04-2012
21 http://axtaxt.wordpress.com/2012/07/08/a...AnalysisofCVE-2011-3545(ZDI-11-307)
08-07-2012
22 http://labs.mwrinfosecurity.com/blog/201...
MWRLabsPwn2Own2013Write-up-WebkitExploit
19-04-2013
23 http://www.vupen.com/blog/20130522.Advan...
AdvancedExploitationofInternetExplorer10/Windows8Overflow(Pwn2Own2013)
22-05-2013
24 https://www.corelan.be/index.php/2013/07... RootCauseAnalysis–IntegerOverflows
02-07-2013
25 http://secunia.com/blog/in-memory-of-a-z...Inmemoryofazero-day–MS13-051
01-11-
ITSecurityCatalog
20AnalysisandExploitation(unprivileged)
day–MS13-051 2013
26 http://blog.securitymouse.com/2014/06/ra...RaisingLazarus-The20YearOldBugthatWenttoMars
26-06-2014
27 http://blog.lekkertech.net/blog/2014/07/...LZO,onintegeroverflowsandauditing
02-07-2014
28 http://googleprojectzero.blogspot.de/201...AnalysisandExploitationofanESETVulnerability
23-06-2015
29 http://googleprojectzero.blogspot.fr/201... When‘int’isthenew‘short’
07-07-2015
30 http://blogs.flexerasoftware.com/vulnera...
VulnerabilityinMicrosoft'sUnicodeScriptsProcessorallowsexecutionofarbitrarycode
11-12-2015
NULLpointerissues
ITSecurityCatalog
21AnalysisandExploitation(unprivileged)
Nr URL Description
1 http://www.theregister.co.uk/2007/06/13/...
Embeddedproblems:exploitingNULLpointerdereferences
2 http://searchsecurity.techtarget.com.au/...
Q&A:MarkDowdonNULLpointerdereferencebugs
3 https://web.archive.org/web/20090706021311/http://blogs.iss.net/archive/cve-2008-0017.html...
WhatYouMayHaveMissedAboutCVE-2008-0017:AFirefoxNULLDereferenceBug
4 http://j00ru.vexillium.org/?p=932
CVE-2011-1282:User-ModeNULLPointerDereference&co.
Datatypeconfusion
Nr URL Description
1 http://em386.blogspot.com/2010/12/webkit... WebKitCSSTypeConfusion
2 http://www.vupen.com/blog/20110326.Techn...
TechnicalAnalysisandAdvancedExploitationofAdobeFlash0-Day(CVE-2011-0609)
3 http://blogs.technet.com/b/mmpc/archive/...AnalysisoftheCVE-2011-0611AdobeFlashPlayervulnerabilityexploitation
4 http://secunia.com/blog/210
AdobeFlashPlayer0-dayExploitAnalysis(CVE-2011-
ITSecurityCatalog
22AnalysisandExploitation(unprivileged)
0611)
5 http://www.offensive-security.com/vulnde... CAARCserveCVE-2012-2971
6 http://blogs.technet.com/b/srd/archive/2...ThestoryofMS13-002:Howincorrectlycastingfatpointerscanmakeyourcodeexplode
7 https://www.sektioneins.de/en/blog/14-08...
SPLArrayObject/SPLObjectStorageUnserializationTypeConfusionVulnerabilities
7 http://blog.azimuthsecurity.com/2015/01/...Bl8ckPwn:BlackPhoneSilentTextTypeConfusionVulnerability
9 http://googleprojectzero.blogspot.de/201... ATaleofTwoExploits
10 http://blogs.technet.com/b/mmpc/archive/... Understandingtypeconfusionvulnerabilities:CVE-2015-0336
11 http://googleprojectzero.blogspot.com/20... OnePerfectBug:ExploitingTypeConfusioninFlash
12 http://googleprojectzero.blogspot.de/201... AttackingECMAScriptEngineswithRedefinition
ITSecurityCatalog
23AnalysisandExploitation(unprivileged)
Objectlifetimeissues
Use-after-free
Nr URL Description
1 https://www.blackhat.com/presentations/b... DanglingPointer-SmashingthePointerforFunandProfit
2 http://grey-corner.blogspot.com/2010/01/...HeapSprayExploitTutorial:InternetExplorerUseAfterFreeAuroraVulnerability
3 http://d0cs4vage.blogspot.com/2011/06/in...Insecticidesdon'tkillbugs,PatchTuesdaysdo(use-after-free)
4 http://www.exploit-monday.com/2011/07/po...Post-mortemAnalysisofaUse-After-FreeVulnerability(CVE-2011-1260)
5 http://blogs.norman.com/2011/malware-det... DragandDropVulnerabilityinMS11-050
6 http://picturoku.blogspot.com/2011/08/di... Diariesofavulnerability:UnderstandingCVE-2011-1260
7 http://picturoku.blogspot.com/2011/09/di...Diariesofavulnerability-take2:Stage1exploit-ControllingEIP
8 http://picturoku.blogspot.com/2011/11/di...Diariesofavulnerability-take3:Prayafterfreeanduseafterpray
9 https://community.qualys.com/blogs/secur... MS11-077:FromPatchtoProof-of-Concept
10 http://www.vupen.com/blog/20120110.Techn...
TechnicalAnalysisofProFTPDResponsePoolRemoteUse-after-free(CVE-2011-4130)-PartI
11 http://www.vupen.com/blog/20120116.Advan...
AdvancedExploitationofProFTPDResponsePoolUse-after-free(CVE-2011-4130)-PartII
12 http://ifsec.blogspot.com/2012/02/reliab...,PoC
ReliableWindows7Exploitation:ACaseStudy
ITSecurityCatalog
24AnalysisandExploitation(unprivileged)
13 http://dvlabs.tippingpoint.com/blog/2012... Pwn2OwnChallenges:Heapspraysareforthe99%
14 http://www.vupen.com/blog/20120625.Advan...AdvancedExploitationofMozillaFirefoxUse-after-freeVulnerability(MFSA2012-22)
15 http://blog.exodusintel.com/2013/01/02/h... HappyNewYearAnalysisofCVE-2012-4792
16 http://scarybeastsecurity.blogspot.de/20... Exploiting64-bitLinuxlikeaboss
17 http://securityintelligence.com/use-afte...Use-after-frees:Thatpointermaybepointingtosomethingbad
18 http://blog.trailofbits.com/2013/05/20/w... WritingExploitswiththeElderwoodKit(Part2)
19 https://securityintelligence.com/cve-201...
CVE-2013-1347:MicrosoftInternetExplorerCGenericElementobjectUse-After-FreeVulnerability
20 http://blogs.technet.com/b/srd/archive/2...ThestoryofMS13-002:Howincorrectlycastingfatpointerscanmakeyourcodeexplode
21 http://h30499.www3.hp.com/t5/blogs/bloga...CVE-2013-3112:FromNULLtoControl-Persistencepaysoffwithcrashes
22 http://cyvera.com/cve-2013-3893-analysis... CVE-2013-3893–ANALYSISOFTHENEWIE0-DAY
23 http://cyvera.com/cve-2013-3897-analysis... CVE-2013-3897–ANALYSISOFYETANOTHERIE0-DAY
24 http://blog.spiderlabs.com/2013/10/anoth... AnotherDay,SpiderLabsDiscoversAnotherIEZero-Day
25 http://blog.spiderlabs.com/2013/10/ie-ze...TheTechnicalAspectsofExploitingIEZero-DayCVE-2013-3897
26 http://nakedsecurity.sophos.com/2013/10/...Anatomyofanexploit-insidetheCVE-2013-3893Internet
ITSecurityCatalog
25AnalysisandExploitation(unprivileged)
Explorerzero-day-Part1
27 http://nakedsecurity.sophos.com/2013/10/...Anatomyofanexploit-insidetheCVE-2013-3893InternetExplorerzero-day-Part2
28 http://blog.exodusintel.com/2013/11/26/b... Abrowserisonlyasstrongasitsweakestbyte
29 http://www.fireeye.com/blog/technical/cy... CVE-2013-3346/5065TechnicalAnalysis
30 http://blog.exodusintel.com/2013/12/09/a... Abrowserisonlyasstrongasitsweakestbyte-Part2
31 http://carterjones.logdown.com/posts/201... CVE-2014-0301Analysis
32 http://vrt-blog.snort.org/2014/05/anatom... Anatomyofanexploit:CVE2014-1776
33 http://www.cyphort.com/blog/dig-deeper-i...DigdeeperintotheIEVulnerability(CVE-2014-1776)exploit
34 http://h30499.www3.hp.com/t5/HP-Security...Double-Dip:UsingthelatestIE0-daytogetRCEandanASLRBypass
35 http://h30499.www3.hp.com/t5/HP-Security...ThemechanismbehindInternetExplorerCVE-2014-1776exploits
36 http://www.vupen.com/blog/20140520.Advan...AdvancedExploitationofMozillaFirefoxUse-After-FreeVulnerability(Pwn2Own2014)
37 http://blog.trendmicro.com/trendlabs-sec...“Gifts”FromHackingTeamContinue,IEZero-DayAddedtoMix
RootCauseAnalysisofCVE-
ITSecurityCatalog
26AnalysisandExploitation(unprivileged)
38 http://blog.trendmicro.com/trendlabs-sec... 2014-1772–AnInternetExplorerUseAfterFreeVulnerability
39 http://googleprojectzero.blogspot.de/201...ExploitingNVMAPtoescapetheChromesandbox-CVE-2014-5332
40 https://www.trustwave.com/Resources/Spid...ANewZero-DayofAdobeFlashCVE-2015-0313ExploitedintheWild
41 http://blog.trendmicro.com/trendlabs-sec... AnalyzingCVE-2015-0313:TheNewFlashPlayerZeroDay
42 https://blog.coresecurity.com/2015/04/13...AnalysisofAdobeFlashPlayersharedByteArrayUse-After-FreeVulnerability
43 http://labs.bromium.com/2015/07/07/adobe... AdobeFlashZeroDayVulnerabilityExposedtoPublic
44 http://blog.vectranetworks.com/blog/micr... MicrosoftInternetExplorer11Zero-day
45 http://blog.ropchain.com/2015/07/27/anal... AnalyzingVUPEN’sCVE-2012-1856
46 http://www.securityfocus.com/archive/1/5...
BFS-SA-2015-001:InternetExplorerCTreeNode::GetCascadedLangUse-After-FreeVulnerability
47 https://cxsecurity.com/issue/WLB-2015080... OpenSSH6.9p1AuthenticationBypass/Use-After-Free
48 https://labs.portcullis.co.uk/blog/cve-2...CVE-2015-5119FlashByteArrayUaF:Abeginner’swalkthrough
49 https://www.nccgroup.trust/uk/our-resear...ExploitingCVE-2015-1642MicrosoftOfficeCTaskSymbolUse-After-FreeVulnerability
50 https://www.nccgroup.trust/uk/our-resear... ExploitingCVE-2014-0282
51https://www.fireeye.com/blog/threat-rese...,https://www.fireeye.com/content/dam/... TheEPSAwakens
ITSecurityCatalog
27AnalysisandExploitation(unprivileged)
https://www.fireeye.com/content/dam/...
Double-free
Nr URL Description Date Author
1 http://www.symantec.com/connect/blogs/do...,http://www.symantec.com/connect/blogs/do...
DoubleFreeVulnerabilities
19/22-01-2007
Article
2 http://blog.spiderlabs.com/2014/03/deep-...
DeepAnalysisofCVE-2014-0502–ADoubleFreeStory
12-03-2014
BenHayak
Raceconditions
Nr URL Description Date Author
1 http://cecs.wright.edu/~pmateti/Internet...RaceConditionExploits
xx-xx-2012
PrabhakerMateti
Non-memory-corruptionissues
Accesscontrolandpermissionproblems
ITSecurityCatalog
28AnalysisandExploitation(unprivileged)
Nr URL Description Date
1 http://blog.zx2c4.com/749LinuxLocalPrivilegeEscalationviaSUID/proc/pid/memWrite
21-01-2012
2 http://googleprojectzero.blogspot.de/201... Didthe“ManWithNoName”FeelInsecure?
20-08-2014
3 http://googleprojectzero.blogspot.de/201...InternetExplorerEPMSandboxEscapeCVE-2014-6350
01-12-2014
4 http://blog.trendmicro.com/trendlabs-sec...
EscapingtheInternetExplorerSandbox:AnalyzingCVE-2014-6349
03-12-2014
5 http://blog.trendmicro.com/trendlabs-sec...CVE-2015-0016:EscapingtheInternetExplorerSandbox
27-01-2015
6 https://truesecdev.wordpress.com/2015/07/... Exploitingrootpipeagain
01-07-2015
7 https://www.sektioneins.de/en/blog/15-07-...
OSX10.10DYLD_PRINT_TO_FILELocalPrivilegeEscalationVulnerability
07-07-2015
8 http://h30499.www3.hp.com/t5/HP-Security-...
Adobe'sCVE-2015-5090-UpdatingtheUpdatertobecomethebossman
16-07-2015
ImplementationErrors
ITSecurityCatalog
29AnalysisandExploitation(unprivileged)
Nr URL Description Date Author
1 http://www.saurik.com/id/17Exploit(&Fix)Android"MasterKey"
xx-07-2013
JayFreeman(saurik)
2 http://www.contextis.com/resources/blog/...
EXPRESSINGYOURSELF:ANALYSISOFADOTNETELEVATIONOFPRIVILEGEVULNERABILITY
17-12-2013
JamesForshaw
3 http://security.coverity.com/blog/2014/N...
EricLippertDissectsCVE-2014-6332,a19year-oldMicrosoftbug
14-11-2014
EricLippert
4 http://researchcenter.paloaltonetworks.c...AddressingCVE-2014-6332SWFExploit
26-11-2014
AlonLivne
5 https://community.rapid7.com/community/me...
R7-2015-04Disclosure:MozillaFirefoxProxyPrototypeRCE(CVE-2014-8636)
23-03-2015
TodBeardsley
6 https://securityintelligence.com/one-clas...
OneClasstoRuleThemAll:NewAndroidSerializationVulnerabilityGivesUnderprivilegedAppsSuperStatus
10-08-2015
OrPeles,RoeeHay
7 http://rotlogix.com/2015/08/22/remote-cod...
RemoteCodeExecutioninDolphinBrowserforAndroid
22-08-2015
rotlogix
8 http://googleprojectzero.blogspot.de/2015...
FireEyeExploitation:ProjectZero’sVulnerabilityoftheBeast
15-12-2015
TavisOrmandy
9 https://blog.coresecurity.com/2015/12/09/...ExploitingWindowsMediaCenter
09-12-2015
FranciscoFalcón
ITSecurityCatalog
30AnalysisandExploitation(unprivileged)
Informationleakage
Nr URL Description Date Author
1 http://blog.binamuse.com/2014/09/coregra...
CoreGraphicsInformationDisclosure-CVE-2014-4378
18-09-2014
binamuse.com
2 http://googleprojectzero.blogspot.de/201...
EnablingQRcodesinInternetExplorer,orastoryofacross-platformmemorydisclosure
14-09-2015
Mateusz(j00ru)Jurczyk
Uninitializedmemory
Nr URL Description Date Author
1 http://www.vupen.com/blog/20120717.Advan...
AdvancedExploitationofIEMSXMLRemoteUninitializedMemory(MS12-043/CVE-2012-1889)
17-07-2012
NicolasJoly
2 http://immunityproducts.blogspot.de/2013...
AdobeXFAexploitsforall!FirstPart:TheInfo-leak
24-06-2013
NicoWaisman
3 http://labs.portcullis.co.uk/blog/cve-20...
CVE-2013-0640:AdobeReaderXFAoneOfChildUn-initializedmemory
26-09-2013
MTB
ITSecurityCatalog
31AnalysisandExploitation(unprivileged)
vulnerability(part1)
4 http://labs.portcullis.co.uk/blog/cve-20...
CVE-2013-0640:AdobeReaderXFAoneOfChildUn-initializedmemoryvulnerability(part2)
15-10-2013
MTB
5 http://ifsec.blogspot.de/2013/11/exploit...
ExploitingInternetExplorer1164-bitonWindows8.1Preview
06-11-2013
IvanFratric
6 https://labs.mwrinfosecurity.com/system...
MicrosoftOfficeUninitialisedMemoryUseVulnerability
25-06-2015
YongChuan,Koh
7 http://sourceincite.com/2015/11/16/ms15-...
MS15-116–PARSETHE[POINT]EROFNORETURN
16-11-2015
Steven
8 https://www.blackhat.com/docs/eu-15/mate...
HeyMan,HaveYouForgottentoInitializeYourMemory?
xx-xx-2015
Qihoo360VulcanTeam
Logicerrors
ITSecurityCatalog
32AnalysisandExploitation(unprivileged)
Nr URL Description Date Author OS/Arch
1 https://code.google.com/p/google-securit...
Flashlogicerrorinbytecodeverifier
15-09-2014
IanBerr -
2 http://h30499.www3.hp.com/t5/HP-Security...
TechnicalanalysisoftheSandWormVulnerability(CVE-2014-4114)
20-10-2014
MattOh Windows
3 https://blogs.mcafee.com/mcafee-labs/byp...
BypassingMicrosoft’sPatchfortheSandwormZeroDay:aDetailedLookattheRootCause
11-11-2014
HaifeiLi Windows
4 https://blogs.mcafee.com/mcafee-labs/byp...
BypassingMicrosoft’sPatchfortheSandwormZeroDay:Even‘Editing’CanCauseHarm
12-11-2014
HaifeiLi Windows
5 https://www.fireeye.com/blog/threat-rese...
CVE-2015-0097ExploitedintheWild
30-07-2015
SudeepSingh,KennethHsu
Windows
6 https://github.com/QubesOS/qubes-secpack...
CriticalXenbuginPVmemoryvirtualizationcode(XSA148)
29-10-2015
TheQubesSecurityTeam
XEN
Chainedandmultiplebugs
Chainedbugs
ITSecurityCatalog
33AnalysisandExploitation(unprivileged)
Nr URL Description Date Author
1 http://blog.chromium.org/2012/05/tale-of...ATaleofTwoPwnies(Part1)
22-05-2012
JorgeLucangeliObes,JustinSchuh
2 http://blog.chromium.org/2012/06/tale-of...ATaleOfTwoPwnies(Part2)
11-06-2012
KenBuchanan,ChrisEvans,CharlieReis,TomSepez
3 https://web.archive.org/web/201408191742... PostpwniumWriteup
11-06-2013
Ralf-PhilippWeinmann
4 https://web.archive.org/web/201502091121...
HowImetFirefox:Ataleaboutchainedvulnerabilities
02-10-2013
Sebastian
5 http://blog.trendmicro.com/trendlabs-sec...
AKillerCombo:CriticalVulnerabilityand‘Godmode’ExploitationonCVE-2014-6332
13-11-2014
WeiminWu
6 http://researchcenter.paloaltonetworks.c...
GoogleChromeExploitation–ACaseStudy
14-12-2014
AlonLivne
7 http://newosxbook.com/articles/28DaysLat...28DaysLater-TaiG2(Partthe1st)
23-07-2015
JonathanLevin
ITSecurityCatalog
34AnalysisandExploitation(unprivileged)
Multiplebugs
Nr URL Description Date Author
1 http://www.cis.syr.edu/~wedu/Teaching/Co...
Buffer-OverflowVulnerabilitiesandAttacks
??? KevinDu
2 https://lock.cmpxchg8b.com/sophailv2.pdf
Sophail:AppliedattacksagainstSophosAntivirus
xx-10-2012
TavisOrmandy
3 http://kqueue.org/blog/2012/03/05/memory...
Memoryallocatorsecurityrevisited
05-03-2012
XiWang
4 http://antid0te.com/syscan_2013/SyScan20...
MountainLion/iOSVulnerabilitiesGarageSale
24-04-2013
StefanEsser
5 http://blog.azimuthsecurity.com/2013/06/...
AttackingCryptoPhones:WeaknessesinZRTPCPP
27-06-2013
MarkDowd
6 http://seclists.org/fulldisclosure/2014/...
Informationonrecently-fixedOracleVMVirtualBoxvulnerabilities
07-02-2014
MatthewDaley
7 http://googleprojectzero.blogspot.de/201...
Findingandexploitingntpdvulnerabilities
02-0-1-2015
StephenRöttger
SAPLZC
ITSecurityCatalog
35AnalysisandExploitation(unprivileged)
8 http://www.coresecurity.com/advisories/s... CompressionMultipleVulnerabilities
05-2015
coresecurity
9 http://googleprojectzero.blogspot.de/201...
OwningInternetPrinting-ACaseStudyinModernSoftwareExploitation
19-06-2015
NeelMehta
10 https://docs.google.com/document/d/1sIYg...
EscapingVMwareWorkstationthroughCOM1
07-09-2015
KostyaKortchinsky
ArbitrarydatamanipulationSomeprimitivesdon'tnecessarilycomefromstackorheapoverrunsorwhatever--theremaybemoreexoticsituationswhichproduceunexpectedprogramflow.
ITSecurityCatalog
36AnalysisandExploitation(unprivileged)
Nr URL Description Date Author
1 http://dvlabs.tippingpoint.com/blog/2009...
ExploitingMSAdvisory971778:QuickTimeDirectShow
28-05-2009
AaronPortnoy
2 http://www.offensive-security.com/vulnde... MS11-080–AVoyageintoRingZero
06-12-2011
offensive-security.com
3 http://blog.azimuthsecurity.com/2013/02/... Re-visitingtheExynosMemoryMappingBug
14-02-2013
DanRosenberg
4 https://www.sektioneins.de/advisories/ad...
Advisory01/2013:PHPopenssl_x509_parse()MemoryCorruptionVulnerability
13-12-2013
StefanEsser
5 http://h30499.www3.hp.com/t5/HP-Security...
TechnicalAnalysisofCVE-2014-0515AdobeFlashPlayerExploit
21-05-2014
MattOh
6 http://googleprojectzero.blogspot.de/201...
Onefontvulnerabilitytorulethemall#1:IntroducingtheBLENDvulnerability
31-07-2015
Mateusz(j00ru)Jurczyk
7 http://googleprojectzero.blogspot.de/201...
Onefontvulnerabilitytorulethemall#2:AdobeReaderRCEexploitation
06-08-2015
Mateusz(j00ru)Jurczyk
GeneralArticles,blogs,commentsonvulnerabilitiesandtheirexploitationwhicharehardtofindcategoryfor.
ITSecurityCatalog
37AnalysisandExploitation(unprivileged)
Nr URL Description Date
1 https://www.sans.org/reading-room/whitep... BufferOverflowsforDummies
01-05-2002
2 http://www.viva64.com/en/a/0046/ Safetyof64-bitcode06-08-2009
3 http://www.matasano.com/research/NaCl_Su... NaClContest-Summaryoffindings
xx-xx-2009
4 http://code.google.com/p/chromium/issues...Pwnium1.3-anexploitforanintegeroverflowinWebGLUnsignedIntArray.
01-03-2010
5 http://www.exploit-db.com/wp-content/themes/exploit/docs/16151.pdf
ExploitingARMLinuxSystems
31-01-2011
6 https://www.virusbtn.com/virusbulletin/a...
VB2014paper:UbiquitousFlash,ubiquitousexploits,ubiquitousmitigation
01-01-2015
7 http://www.ma.rhul.ac.uk/static/techrep/20...BufferOverflowsintheMicrosoftWindows®Environment
16-02-2015
8 http://matthias.vallentin.net/course-work/... OntheEvolutionofBufferOverows
20-05-2015
9 http://googleprojectzero.blogspot.de/201...Whatisa"good"memorycorruptionvulnerability?(Part1/4)
26-06-2015
10 http://blogs.technet.com/b/srd/archive/20... TriagingtheexploitabilityofIE/EDGEcrashes
12-01-2016
ITSecurityCatalog
38AnalysisandExploitation(unprivileged)
Buganalysisandexploitation(privileged)Bugandexploitanalysisanddevelopmentforsoftwarerunninginring0.
Bufferoverflows
Stack-basedbufferoverrun
Stackbufferoverrun
Nr URL Description Date Author OS/Arch
1 http://sysc.tl/2009/07/04/cve-2008-3531-...
CVE-2008-3531:FreeBSDkernelstackoverflowexploitdevelopment
04-07-2009
Patroklos(argp)Argyroudis
FreeBSD
2 http://blog.0x80.org/kernel-stack-overfl...
Kernelstackoverflows(basics)
18-01-2013
EssaAlkuwari Linux
Stackoverflow
Nr URL Description Date Author
1 http://jon.oberheide.org/blog/2010/11/29...
ExploitingStackOverflowsintheLinuxKernel
29-11-2010
JonOberheide
Heap/Pool-basedbufferoverrun
Out-of-boundsread/write
ITSecurityCatalog
39AnalysisandExploitation(privileged)
Nr URL Description Date Author
1 http://blog.coresecurity.com/2011/08/24/...
Lookingbehindthecurtain:Makingexploitsworkliketheydointhemovies...
24-08-2011
NicolasEconomou
2 http://labs.portcullis.co.uk/blog/cve-20...
CVE-2013-5065:NDProxyarrayindexingerrorunpatchedvulnerability
06-12-2013
MTB
3 http://blog.includesecurity.com/2014/03/...
Howtoexploitthex32recvmmsg()kernelvulnerabilityCVE2014-0038
06-03-2014
?
4 http://blog.talosintel.com/2015/10/dange...
DANGEROUSCLIPBOARD:ANALYSISOFTHEMS15-072PATCH
20-10-2015
MarcinNoga,JaesonSchultz
Off-by-oneerrors
Nr URL Description Date Author
1 http://blog.coresecurity.com/2012/05/10/...
THEBIGTRICKBEHINDEXPLOITMS12-034
10-05-2012
NicolasEconomou
2 http://poppopret.org/2013/11/20/csaw-ctf...
CSAWCTF2013KernelExploitationChallenge
20-11-2013
MichaelCoppola
Heap/Poolbufferoverrun
Nr URL Description Date Author
Linux04-
ITSecurityCatalog
40AnalysisandExploitation(privileged)
1 http://isec.pl/papers/linux_kernel_do_br... Kerneldo_brk()Vulnerability
12-2003
http://isec.pl/
2 https://web.archive.org/web/201205160320...
Thestoryofexploitingkmalloc()overflows
20-09-2005
Sebastian(qobaiashi)Haase
3 http://jon.oberheide.org/blog/2010/09/10...
LinuxKernelCANSLUBOverflow
27-11-2010
JonOberheide
4 http://vsecurity.com/download/papers/slo...
AHeapofTrouble:BreakingtheLinuxKernelSLOBAllocator
22-01-2012
DanRosenberg
5 http://blog.ptsecurity.com/2013/02/surpr...
SurpriseforNetworkResourcesfromkernel32(MS12-081,DetailedAnalysisofVulnerabilityinMicrosoftFileHandlingComponent)
11-02-2013
KirillNesterov
6 https://labs.mwrinfosecurity.com/blog/20...
MWRLabsPwn2Own2013Write-up-KernelExploit
06-09-2013
mwrinfosecurity.com
7 http://resources.infosecinstitute.com/ex...
ExploitingLinuxKernelHeapCorruptions(SLUBAllocator)
19-11-2013
MohammedGhannam
8 http://doar-e.github.io/blog/2014/03/11/...
FirstDipIntotheKernelPool:MS10-058
11-03-2014
Jeremy(__x86)Fetiveau
ITSecurityCatalog
41AnalysisandExploitation(privileged)
9 http://blogs.flexerasoftware.com/vulnera... YetAnotherWindowsGDIStory
22-04-2015
HosseinLotfi
Integerissues
Nr URL Description Date
1 https://media.blackhat.com/bh-us-11/Esse... ExploitingtheiOSKernel
13-07-2011
StefanEsser
2 http://esec-lab.sogeti.com/post/Analysis...Analysisofthejailbreakmev3fontexploit
18-07-2011
jean
3 https://web.archive.org/web/201402090016... CVE-2012-0148:ADeepDiveIntoAFD
17-02-2012
Tarjei(kernelpool)Mandt
4 https://web.archive.org/web/201308171134...
[email protected]'ssemtex.c:LocalLinuxrootexploit,2.6.37-3.8.8inclusive(and2.6.32onCentOS)0-day
15-05-2013
spender
5 http://timetobleed.com/a-closer-look-at-...
AcloserlookatarecentprivilegeescalationbuginLinux(CVE-2013-2094)
20-05-2013
JoeDamato
6 https://www.blackhat.com/docs/us-14/mate...
QSEETrustZoneKernelIntegerOverflowVulnerability
01-07-2014
DanRosenberg
7 http://randomthoughts.greyhats.it/2014/1...MacOSXlocalprivilegeescalation(IOBluetoothFamily)
30-10-2014
RobertoPaleari,joystick
8 http://blog.beyondtrust.com/the-delicate...
TheDelicateArtofRemoteChecks–AGlanceIntoMS15-034
15-04-2015
BillFinlayson
9 https://blog.sucuri.net/2015/04/website-...CriticalMicrosoftIISVulnerabilityLeadstoRCE(MS15-034)
16-04-2015
RafaelCapovilla
ITSecurityCatalog
42AnalysisandExploitation(privileged)
10 http://www.securitysift.com/an-analysis-... AnAnalysisOfMS15-0341
18-04-2015
MikeCzumak
11 https://community.qualys.com/blogs/secur...MS15-034AnalysisAndRemoteDetection
20-04-2015
SesWang
12 https://blog.coresecurity.com/2015/09/17...
MS15-083–MicrosoftWindowsSMBMemoryCorruptionVulnerability
17-09-2015
NicolasEconomou
13 http://theroot.ninja/disclosures/TRUSTNO... TRUSTNONE28-11-2015
SeanBeaupre
14 http://hmarco.org/bugs/CVE-2015-8370-Gru...
Backto28:Grub2Authentication0-Day
14-12-2015
HectorMarco,IsmaelRipoll
NULLpointerissues
Nr URL Description Date Author
1 http://blog.ksplice.com/2010/04/exploiti...
MuchadoaboutNULL:ExploitingakernelNULLdereference
13-04-2010
nelhage
2 http://j00ru.vexillium.org/?p=1272
IntroducingtheUSBStickofDeath
21-10-2012
Mateusz(j00ru)Jurczyk
3 http://endgame.com/news/microsoft-win32k...
MicrosoftWin32kNULLPageVulnerabilityTechnicalAnalysis
xx-10-2013
DanZentner
4 http://immunityproducts.blogspot.de/2013...
ExploitingCVE-2013-3881:AWin32kNULLPageVulnerability
04-11-2013
NicolasWaisman
ITSecurityCatalog
43AnalysisandExploitation(privileged)
5 http://blog.spiderlabs.com/2013/12/the-k...
TheKerneliscallingazero(day)pointer–CVE-2013-5065–RingRing
11-12-2013
BenHayak
6 http://blog.trendmicro.com/trendlabs-sec...
AnAnalysisofAWindowsKernel-ModeVulnerability(CVE-2014-4113)
19-10-2014
WeiminWu
7 https://www.codeandsec.com/CVE-2014-4113...
CVE-2014-4113DetailedVulnerabilityandPatchAnalysis
24-10-2014
?
8 http://www.exploit-db.com/docs/35937.pdf...
AnalysisofCVE-2014-4113
xx-10-2014
RonnieJohndas
9 http://www.jodeit.org/research/Exploitin...
ExploitingCVE-2014-4113onWindows8.1
31-10-2014
MoritzJodeit
10 http://blog.qwertyoruiop.com/?p=69
Aboutthe“tpwn”LocalPrivilegeEscalation
01-09-2015
Adam(@jk9357)
11 http://istuarysec.blogspot.ca/2015/09/cve...
CVE-2015-5275(WhiteheatUSB-SerialDrivervulnerability)
17-09-2015
MoeinGhasemzadeh
Datatypeconfusion
ITSecurityCatalog
44AnalysisandExploitation(privileged)
Nr URL Description Date Author
1 https://code.google.com/p/google-securit...
Windows:NtCreateTransactionManagerTypeConfusionElevationofPrivilege
30-01-2015
JamesForshaw
Objectlifetimeissues
Use-after-free
Nr URL Description
1 http://www.vupen.com/blog/20101018.Stuxn...TechnicalAnalysisoftheWindowsWin32K.sysKeyboardLayoutStuxnetExploit
2 http://j00ru.vexillium.org/?p=893CVE-2011-1281:AstoryofaWindowsCSRSSPrivilegeEscalationvulnerability
3 http://j00ru.vexillium.org/?p=1479CVE-2012-2553:WindowsKernelVDMuse-after-freeinwin32k.sys
4 https://www.nccgroup.trust/uk/about-us/n...
Exploitingthewin32k!xxxEnableWndSBArrowsuse-after-free(CVE-2015-0057)bugonboth32-bitand64-bit
5 http://breakingmalware.com/vulnerabilitie... ClassDismissed:4Use-After-FreeVulnerabilitiesinWindows
6 https://www.nccgroup.trust/us/about-us/ne...ExploitingMS15-061Use-After-FreeWindowsKernelVulnerability
7 http://hdwsec.fr/blog/CVE-2015-0057.html [MS15-010/CVE-2015-0057]Exploitation
8 https://www.fireeye.com/content/dam/firee...
CVE-2015-2546–tagPOPUPMENUUse-After-Free(UAF)PrivilegeEscalationExploit
9 https://cyseclabs.com/page?n=02012016 CVE-2014-2851group_infoUAFExploitation
ITSecurityCatalog
45AnalysisandExploitation(privileged)
Double-free
Nr URL Description Date Author
1 http://www.siberas.de/papers/Pwn2Own_201...
Pwn2Own2014-AFD.SYSDANGLINGPOINTERVULNERABILITY
11-07-2014
SebastianApelt
2 https://web.archive.org/web/201411212105...
CVE-2014-1767Afd.sysdouble-freevulnerabilityAnalysisandExploit
19-11-2014
0x710DDDD
Raceconditions
Nr URL Description Date Author
1 http://blog.includesecurity.com/2014/06/...
ExploitingCVE-2014-0196awalk-throughoftheLinuxptyraceconditionPoC
03-06-2014
SamuelGroß
2 https://web.archive.org/web/201503280116...
CVE-2014-4699:LinuxKernelptrace/sysretvulnerabilityanalysis
21-07-2014
VitalyNikolenko
3 https://www.insinuator.net/2015/12/xen-x...
XenXSA155:Doublefetchesinparavirtualizeddevices
17-12-2015
FelixWilhelm
Non-memory-corruptionissues
AccessControl/PermissonIssues
ITSecurityCatalog
46AnalysisandExploitation(privileged)
Nr URL Description Date Author
1 http://labs.portcullis.co.uk/blog/in-the...
Inthelab,poppingCVE-2013-2171forFreeBSD9.0…
11-12-2013
TMB
2 https://github.com/stealth/troubleshooter troubleshooter02-04-2015
stealth
3 http://googleprojectzero.blogspot.de/201... In-Console-Able
04-05-2015
JamesForshaw
4 http://googleprojectzero.blogspot.de/201...BetweenaRockandaHardLink
04-12-2015
JamesForshaw
ImplementationErrors
I.e.failingtoperformsufficientvalidation,improperdatahandling,etc.
ITSecurityCatalog
47AnalysisandExploitation(privileged)
Nr URL Description Date Author OS/Arch
1 http://blog.azimuthsecurity.com/2013/02/...
FromUSRtoSVC:Dissectingthe'evasi0n'KernelExploit
13-02-2013
TarjeiMandt iOS
2 http://researchcenter.paloaltonetworks.c...
CVE-2014-7911–ADeepDiveAnalysisofAndroidSystemServiceVulnerabilityandExploitation
06-01-2015
YaronLavi,NadavMarkus
Android
3 http://blog.trendmicro.com/trendlabs-sec...
ExploringCVE-2015-1701—AWin32kElevationofPrivilegeVulnerabilityUsedinTargetedAttacks
22-05-2015
JackTang Windows
4 http://googleprojectzero.blogspot.co.uk/...
WindowsDriversareTrue’lyTricky
15-10-2015
JamesForshaw Windows
Informationleakage
Nr URL Description Date Author
1 http://sysexit.wordpress.com/2014/11/12/...
ANALYSISOFCVE-2014-8476:AFREEBSDKERNELMEMORYDISCLOSUREVULNERABILITY
12-11-2014
fdfalcon
Uninitializedmemory
ITSecurityCatalog
48AnalysisandExploitation(privileged)
Nr URL Description Date Author OS/Arch
1 http://esec-lab.sogeti.com/posts/2010/12...
CVE-2010-3830-iOS<4.2.1packetfilterlocalkernelvulnerability
18-12-2010
Jean iOS<4.2.1
2 http://j00ru.vexillium.org/blog/20_05_12...
ThestoryofCVE-2011-2018exploitation
xx-04-2012
Mateusz(j00ru)Jurczyk
Windows,x86-32
3 http://seclists.org/fulldisclosure/2013/...
exploitationideasundermemorypressure
17-05-2013
TavisOrmandy Windows
SpecificbugsHardwarebugsoronesthatdonotfallintoothercategories.
Nr URL Description Date Author
1 http://fail0verflow.com/blog/2012/cve-20...
CVE-2012-0217:Intel'ssysretKernelPrivilegeEscalation(onFreeBSD)
05-07-2012
iZsh
2 https://media.blackhat.com/bh-us-12/Brie...
StitchInTimeSavesNine:AStitchInTimeSavesNine:ACaseOfMultipleOSVulnerability
25-07-2012
RafalWojtczuk
3 http://www.vupen.com/blog/20120806.Advan...
AdvancedExploitationofWindowsKernelIntel64-BitModeSysretVulnerability(MS12-042)
06-08-2012
JordanGruskovnjak
4 http://www.vupen.com/blog/20120904.Advan...
AdvancedExploitationofXenHypervisorSysretVMEscape
04-09-2012
MatthieuBonetti
ITSecurityCatalog
49AnalysisandExploitation(privileged)
Vulnerability
5 http://blog.coresecurity.com/2013/04/01/...
MS13-017–THEHARMLESSSILENTPATCH…
01-04-2013
NicolasEconomou
6 http://blog.azimuthsecurity.com/2013/04/...UnlockingtheMotorolaBootloader
08-04-2013
DanRosenberg
7 https://web.archive.org/web/201411081027... DisARMingtheiOSkernel
30-05-2014
winocm
8 https://hackerone.com/reports/13388 LinuxPIfutexself-requeuebug
19-06-2014
comex
9 http://tinyhack.com/2014/07/07/exploitin...
ExploitingtheFutexBuganduncoveringTowelroot
07-07-2014
YohanesNugroho
10 http://blog.nativeflow.com/the-futex-vul... TheFutexVulnerability
11-09-2014
DanyZatuchna
11 http://www.icewall.pl/?p=680&lang=en StoryaboutMS14-063
25-10-2014
icewall
12 http://googleprojectzero.blogspot.de/201...pwn4funSpring2014-Safari-PartII
24-11-2014
IanBerr
13 http://labs.bromium.com/2015/02/02/explo...
Exploiting“BadIRET”vulnerability(CVE-2014-9322,Linuxkernelprivilegeescalation)
02-02-2015
RafalWojtczuk
14 http://blog.cr4.sh/2015/02/exploiting-ue...ExploitingUEFIbootscripttablevulnerability
06-02-2015
Dmytro(Cr4sh)Oleksiuk
14 http://bits-please.blogspot.gr/2015/08/a...
Androidlinuxkernelprivilegeescalationvulnerabilityandexploit(CVE-
16-08-2015
laginimaineb
ITSecurityCatalog
50AnalysisandExploitation(privileged)
2014-4322)
15 http://perception-point.io/2016/01/14/an...
ANALYSISANDEXPLOITATIONOFALINUXKERNELVULNERABILITY(CVE-2016-0728)
14-01-2016
PerceptionPointResearchTeam
ChainedandMultipleBugs
Nr URL Description Date Author
1 http://sill0t3.blogspot.in/2015/06/window...
WindowsKernelExploitationUsingHackSys
03-06-2015
sill0t3
2 http://blog.quarkslab.com/kernel-vulnerab...
KernelVulnerabilitiesintheSamsungS4
21-09-2015
JonathanSalwan
ArbitrarydatamanipulationSomeprimitivesdon'tnecessarilycomefromstackorheapoverrunsorwhatever--theremaybemoreexoticsituationswhichproduceunexpectedprogramflow.
ITSecurityCatalog
51AnalysisandExploitation(privileged)
Nr URL Description Date Author
1 http://googleprojectzero.blogspot.de/201...
Onefontvulnerabilitytorulethemall#3:Windows8.132-bitsandboxescapeexploitation
13-08-2015
Mateusz(j00ru)Jurczyk
2 http://bits-please.blogspot.gr/2015/08/f...
FullTrustZoneexploitforMSM8974
10-08-2015
laginimaineb
3 http://googleprojectzero.blogspot.de/201...
Onefontvulnerabilitytorulethemall#4:Windows8.164-bitsandboxescapeexploitation
21-08-2015
Mateusz(j00ru)Jurczyk
4 http://bits-please.blogspot.de/2015/08/a...
Androidlinuxkernelprivilegeescalation(CVE-2014-4323)
26-08-2015
laginimaineb
General
ITSecurityCatalog
52AnalysisandExploitation(privileged)
Nr URL Description Date Author
1 http://phrack.org/issues/64/6.html
AttackingtheCore:KernelExploitingNotes
27-05-2005
sgrakkyu,twiz
2 http://www.blackhat.com/presentations/bh... KernelWarsxx-08-2007
KarlJanmar
3 http://rikiji.it/2013/05/10/CVE-2013-209...CVE-2013-2094porttox86
10-05-2013
Riccardo
4 http://blog.cmpxchg8b.com/2013/05/introd...
IntroductiontoWindowsKernelSecurityResearch
15-05-2013
TavisOrmandy
5 http://labs.lastline.com/unmasking-kerne...UnmaskingKernelExploits
07-07-2015
RomanVasilenko
ITSecurityCatalog
53AnalysisandExploitation(privileged)
Shell-codedevelopment
Egg-hunters
ITSecurityCatalog
54ShellcodeDevelopment
Nr URL Description Date Author
1 http://www.corelan.be/index.php/201...
Exploitwritingtutorialpart8:Windows,x86-32EggHunting
09-01-2010
corelanc0d3r
2 http://grey-corner.blogspot.com/2010/02/...
WindowsBufferOverflowTutorial:AnEgghunterandaConditionalJump
13-02-2010
StephenBradshaw
3 http://www.corelan.be/index.php/201...
Exploitnotes–win32eggs-to-omelet
22-08-2010
corelanc0d3r
4 http://www.exploit-db.com/foxit-reader-s...
FoxitReaderStackOverflowExploit–EgghunterEdition
14-11-2010
dookie2000ca
5 http://www.corelan.be/index.php/2011/05/...
HackNotes:Roppingeggsforbreakfast
12-05-2011
corelanc0d3r
6 https://community.rapid7.com/community/m...
AnexampleofEggHuntingtoexploitCVE-2012-0124
06-07-2012
JuanVazquez
7 http://www.bigendiansmalls.com/creating-...
Buildingshellcode,egghuntersanddecoders.
23-07-2015
bigendiansmalls
Ingeneral
ITSecurityCatalog
55ShellcodeDevelopment
Nr URL Description Date Author
1 http://hick.org/code/skape/papers/win32-...UnderstandingWindowsShellcode
12-06-2003
Matt(skape)Miller
2 http://www.vividmachines.com/shellcode/s...
ShellcodingforLinuxandWindowsTutorial
xx-06-2007
SteveHanna
3 http://blog.harmonysecurity.com/2009/08/... CallingAPIFunctions
05-08-2009
StephenFewer
4 http://blog.harmonysecurity.com/search/l...
ImplementingaWindows,x86-32KernelShellcode
05-11-2009
StephenFewer
5 http://www.corelan.be/index.php/201...
Exploitwritingtutorialpart9:IntroductiontoWindows,x86-32shellcoding
25-02-2010
corelanc0d3r
6 http://www.exploit-db.com/papers/15652/
HowtoCreateaShellcodeonARMArchitecture
25-11-2010
JonathanSalwan
7 http://mcdermottcybersecurity.com/articl... Windowsx64shellcode
11-01-2011
McDermott
8 http://resources.infosecinstitute.com/st...
StackBasedBufferOverflowTutorial,part3—Addingshellcode
09-03-2011
StephenBradshaw
9 http://gdtr.wordpress.com/2011/07/23/uni...
UniversalROPshellcodeforOSXx64
23-07-2011
pa_kt
10 http://www.vnsecurity.net/2011/07/yet-an...
YetanotheruniversalOSXx86_64dyldROPshellcode
30-07-2011
longld
11 http://www.codeproject.com/Articles/3257...TheArtofWin32
06-02- AmrThabet
ITSecurityCatalog
56ShellcodeDevelopment
Shellcoding 2012
12 https://web.archive.org/web/201402262333... 64-bitLinuxShellcode
10-06-2012
MarkLoiseau
13 https://www.offensive-security.com/vulnd...FunwithAIXShellcodeandMetasploit
20-11-2012
?
14 http://www.exploit-monday.com/2013/08/wr...
WritingOptimizedWindowsShellcodeinC
16-08-2013
MattGraeber
ITSecurityCatalog
57ShellcodeDevelopment
BugsandtheirmitigationsThissectionisallaboutbugclassesandimplementedmitigationsagainstthem.
StackoverrunsCWE-121:Stack-basedBufferOverflow
Userand
Nr URL Description Date Author
1 http://seclists.org/fulldisclosure/2012/...
SafeSEH+SEHOPall-at-oncebypassexplotationmethodprinciples
10-01-2012
x90c
2 http://blogs.msdn.com/b/sdl/archive/2012...Enhancementsto/GSinVisualStudio11
26-01-2012
DaveLadd
3 https://community.rapid7.com/community/m...
StackSmashing:WhenCodeExecutionBecomesaNightmare
06-07-2012
WeiChen
4 https://community.rapid7.com/community/m...
TheStackCookiesBypassonCVE-2012-0549
15-08-2012
JuanVazquez
Kernelmode
Nr URL Description Date Author OS/Arch Info
1 http://j00ru.vexillium.org/?p=690
Exploitingtheotherwisenon-exploitable:WindowsKernel-modeGScookiessubverted
11-01-2011
Mateusz‘j00ru’Jurczyk
Windows,x86-32
CVE-2010-4398
ITSecurityCatalog
58Mitigations
General
Nr URL Description Date Author
1 http://site.pi3.com.pl/papers/ASSP.pdf
AdventurewithStackSmashingProtector(SSP)
11-11-2013
Adam'pi3'Zabrocki
2 http://wiki.osdev.org/Stack_Smashing_Protec...StackSmashingProtector
22-10-2014
(osdev.org)
Heapoverrunshttps://cwe.mitre.org/data/definitions/122.html
Userland
Nr URL Description Date Author
1 http://www.symantec.com/connect/articles...
AnewwaytobypassWindowsheapprotections
31-08-2005
NicolasFalliere
2 http://blogs.technet.com/b/srd/archive/2...
Preventingtheexploitationofusermodeheapcorruptionvulnerabilities
04-08-2009
swiat
3 http://blogs.technet.com/b/srd/archive/2...
SoftwareDefense:mitigatingheapcorruptionvulnerabilities
29-10-2013
swiat
4 http://blog.lse.epita.fr/articles/74-get...
GettingbackdeterminismintheLowFragmentationHeap
02-11-2014
BrunoPujos
Kernelmode
ITSecurityCatalog
59Mitigations
Nr URL Description Date Author OS/Arch
1 http://blogs.technet.com/b/srd/archive/2...
SafeUnlinkingintheKernelPool
26-05-2012
swiat Windows
2 http://www.inertiawar.com/unlink/
Windows8andSafeUnlinkinginNTDLL
14-07-2012
Note Windows
Staticbufferoverflows
Nr URL Description Date Author OS/Arch
1 http://em386.blogspot.com/2008/05/self-p...
SelfProtectingGlobalOffsetTable(GOT)
24-04-2008
ChrisRohlf -
2 http://isisblogs.poly.edu/2011/06/01/rel...RELRO:RELocationRead-Only
01-06-2011
JulianCohen Linux
Uninitializeddatahttps://cwe.mitre.org/data/definitions/824.html
Nr URL Description Date Author OS/Arch
1 http://blogs.msdn.com/b/sdl/archive/2012...
Guardingagainstuninitializedclassmemberpointers
08-03-2012
ThomasGarnier Windows
Lifetimeissueshttps://cwe.mitre.org/data/definitions/416.htmlhttps://cwe.mitre.org/data/definitions/415.html
Use-after-free,double-freebugs.
Nr URL Description Date
ITSecurityCatalog
60Mitigations
1 http://blog.fortinet.com/post/is-use-aft...
Isuse-after-freeexploitationdead?ThenewIEmemoryprotectorwilltellyou
16-06-2014
Zhenhua'Eric'Liu
2 http://researchcenter.paloaltonetworks.c...
IsIttheBeginningoftheEndForUse-After-FreeExploitation?
16-06-2014
TaoYan,BoQu,RoyceLu
3 http://blog.trendmicro.com/trendlabs-sec...
MitigatingUAFExploitswithDelayFreeforInternetExplorer
17-06-2014
JackTang
4 https://labs.mwrinfosecurity.com/blog/20...
IsolatedHeap&Friends-ObjectAllocationHardeninginWebBrowsers
20-06-2014
mwrinfosecurity.com
5 http://blog.trendmicro.com/trendlabs-sec...
IsolatedHeapforInternetExplorerHelpsMitigateUAFExploits
01-07-2014
JackTang
6 http://h30499.www3.hp.com/t5/HP-Security...
EfficacyofMemoryProtectionagainstuse-after-freevulnerabilities
28-07-2014
SimonZuckerbraun
7 http://securityintelligence.com/understa...
UnderstandingIE’sNewExploitMitigations:TheMemoryProtectorandtheIsolatedHeap
29-08-2014
MarkYason
8 https://web.archive.org/web/201411020020...
USE-AFTER-FREENOTDEADININTERNETEXPLORER:PART1
13-10-2014
k33nteam
9 http://h30499.www3.hp.com/hpeb/attachmen...Newdirectionsinuse-after-freemitigations
18-10-2014
HPSecurity
10 http://blog.trendmicro.com/trendlabs-sec...
Windows10SharpensBrowserSecurityWithMicrosoftEdge
21-07-2015
Henryli
ITSecurityCatalog
61Mitigations
NULL-pointerhttps://cwe.mitre.org/data/definitions/476.html
Nr URL Description Date Author
1 https://web.archive.org/web/201209131910...
LockingDowntheWindowsKernel:MitigatingNullPointerExploitation
07-07-2011
Tarjei(kernelpool)Mandt
Integerbugshttps://cwe.mitre.org/data/definitions/189.html
Nr URL Description Date Author OS/Arch
1 http://forums.grsecurity.net/viewtopic.p...
InsidetheSizeOverflowPlugin
28-08-2012
ephox -
Hardeningsandtheirbypasses
AddressSpaceLayoutRandomiztion(ASLR)
Userland
Nr URL Description Date Author
1 https://web.archive.org/web/201001020008...AttackingASLRonLinux2.6
27-05-2009
drraid
2 http://recxltd.blogspot.com/2011/12/curi...
TheCuriousCaseofVirtualAlloc,ASLRandanSDL
13-12-2011
Ollie
3 http://blog.duosecurity.com/2012/02/a-lo...
AlookatASLRinAndroidIceCream
17-02-2012
JonOberheide
ITSecurityCatalog
62Mitigations
Sandwich4.0
4 http://recxltd.blogspot.com/2012/03/part...
APartialTechniqueAgainstASLR-MultipleO/Ss
02-03-2012
Ollie
5 http://blog.ptsecurity.com/2012/12/windo...Windows8ASLRInternals
04-12-2012
ArtemShishkin,IlyaSmith
6 http://kingcope.wordpress.com/2013/01/24...
AttackingtheWindows7/8AddressSpaceRandomization
24-01-2013
kingcope
7 http://www.fireeye.com/blog/technical/cy...
ASLRBypassApocalypseinRecentZero-DayExploits
15-10-2013
XiaboChen
8 https://www.cert.org/blogs/certcc/post.c...
DifferencesBetweenASLRonWindowsandLinux
10-02-2014
WillDormann
9 http://www.greyhathacker.net/?p=894
BypassingWindowsASLRinMicrosoftOfficeusingActiveXcontrols
04-12-2015
Parvez
Kernelmode(KASLR)
ITSecurityCatalog
63Mitigations
Nr URL Description Date Author
1 https://dl.packetstormsecurity.net/pap...BypassingWindows7KernelASLR
11-10-2011
StefanLeBerre
2 http://shell-storm.org/blog/ASLR-impleme...
ASLRimplementationinLinuxKernel3.7
19-01-2013
JonathanSalwan
3 http://forums.grsecurity.net/viewtopic.p...
KASLR:AnExerciseinCargoCultSecurity
20-03-2013
spender
4 http://www.alex-ionescu.com/?p=82
KASLRBypassMitigationsinWindows8.1
17-11-2013
AlexIonescu
5 http://labs.bromium.com/2014/10/27/tsx-i...
TSXimprovestimingattacksagainstKASLR
27-10-2014
RafalWojtzcuk
6 https://copperhead.co/2015/05/11/aslr-an...
TheStateofASLRonAndroidLollipop
11-05-2015
DanielMicay
DataExecutionPrevention(DEP)
Nr URL Description Date
1 https://docs.google.com/viewer?a=v&pid=e...x86-64bufferoverflowexploitsandtheborrowedcodechunks
28-09-2005
2 http://www.uninformed.org/?v=2&a=4BypassingWindowsHardware-enforcedDataExecutionPrevention
02-10-2005
3 http://cseweb.ucsd.edu/~hovav/papers/s07...
TheGeometryofInnocentFleshontheBone:Return-into-libcwithoutFunctionCalls(onthex86)
xx-10-2007
4 http://www.packetstormsecurity.org/paper...BypassinghardwarebasedDEPonWindowsServer2003SP2
10-06-2009
DEPbypasswith09-
ITSecurityCatalog
64Mitigations
5 http://bernardodamele.blogspot.com/2009/... DEPbypasswithSetProcessDEPPolicy()
12-2009
6 http://vrt-blog.snort.org/2009/12/dep-an... DEPandHeapSprays17-12-2009
7 http://blog.zynamics.com/2010/03/12/a-ge...Agentleintroductiontoreturn-orientedprogramming
12-03-2010
8 http://archives.neohapsis.com/archives/f...ExploitationWithWriteProcessMemory()/YetAnotherDEPTrick
xx-03-2010
9 http://blog.harmonysecurity.com/2010/04/...AlittlereturnorientedexploitationonWindowsx86(Part1)
12-04-2010
10 http://blog.harmonysecurity.com/2010/04/...AlittlereturnorientedexploitationonWindowsx86(Part2)
16-04-2010
11 https://web.archive.org/web/201207070114... AdvancedReturn-OrientedExploit
05-05-2010
12 http://www.corelan.be:8800/index.php/201...
Exploitwritingtutorialpart10:ChainingDEPwithROP–theRubik’s[TM]Cube
16-06-2010
13 http://eticanicomana.blogspot.com/2010/0... ThesocalledReturnOrientedProgramming...
21-06-2010
14 http://www.exploit-db.com/osx-rop-exploi... OSXROPExploit–EvoCamCaseStudy
06-07-2010
15 http://repository.root-me.org/Exploit... Payloadalreadyinside:datareuseforropexploits
28-07-2010
16 http://www.vnsecurity.net/research/2010/... SimpleMacOSXret2libcexploit(x86)
05-10-2010
17 http://vulnfactory.org/blog/2011/09/21/d... DefeatingWindows8ROPMitigation
21-09-2011
18 http://www.exploit-monday.com/2011/11/ma...Manvs.ROP-OvercomingAdversityOneGadgetataTime
14-11-2011
ITSecurityCatalog
65Mitigations
19 https://web.archive.org/web/201201200400... AdvancedGenericROPchainforWindows8
11-2011
20 http://www.accuvant.com/blog/2011/12/01/... MeasureTwice,CutOnce01-12-2011
21 http://codearcana.com/posts/2013/05/28/i...Introductiontoreturnorientedprogramming(ROP)
28-05-2013
22 https://codeinsecurity.wordpress.com/201...
W^XpolicyviolationaffectingallWindowsdriverscompiledinVisualStudio2013andprevious
03-09-2015
Return-Oriented-Programming(ROP)mitigations
Nr URL Description Date Author
7 http://www.kryptoslogic.com/download/ROP...
SecurityMitigationsforReturn-OrientedProgrammingAttacks
20-08-2010
PiotrBania
39 http://c0decstuff.blogspot.com.es/2012/1...
DefeatingWindows8ROPMitigation
19-12-2012
c0decstuff
ExportAddressTableAccessFiltering(EAF)
ITSecurityCatalog
66Mitigations
Nr URL Description Date Author
30 http://www.greyhathacker.net/?p=483
BypassingEMET’sEAFwithcustomshellcodeusingkernelpointer
19-12-2011
Parvez
33 http://piotrbania.com/all/articles/anti_...
BYPASSINGEMETExportAddressTableAccessFilteringfeature
19-01-2012
PiotrBania
44 http://scrammed.blogspot.de/2014/03/reve...
ReversingEMET'sEAF(andacoupleofcuriousfindings...)
20-03-2014
giulia
53 http://tekwizz123.blogspot.de/2015/01/by...
AnTheoreticalApproachtoGettingAroundEMET'sEAFProtection
18-01-2015
tekwizz
ControlFlowIntegrity/ControlFlowGuard
ITSecurityCatalog
67Mitigations
Nr URL Description Date
1 http://blogs.msdn.com/b/vcblog/archive/2...
VisualStudio2015Preview:Work-in-ProgressSecurityFeature
08-12-2014
2 http://blog.trendmicro.com/trendlabs-sec...
ExploringControlFlowGuardinWindows10
30-01-2015
3 https://blog.coresecurity.com/2015/03/25/...
ExploitingCVE-2015-0311,PartII:BypassingControlFlowGuardonWindows8.1Update3
25-03-2015
4 http://sjc1-te-ftp.trendmicro.com/assets/wp...
ExploringControlFlowGuardinWindows10
xx-05-2015
5 http://research.microsoft.com/pubs/64250/ccs05.pdf
Control-FlowIntegrity:Principles,Implementations,andApplications
11-07-2015
6 http://labs.bromium.com/2015/09/28/an-int...
AninterestingdetailaboutControlFlowGuard
28-09-2015
MitigationsAgainstUse-After-Free
ITSecurityCatalog
68Mitigations
Nr URL Description Date
1 http://h30499.www3.hp.com/hpeb/attachments/...
AbusingSilentMitigations:UnderstandingweaknesseswithinInternetExplorer’sIsolatedHeapandMemoryProtection
19-06-2015
Abdul-AzizHariri,SimonZuckerbraun,BrianGorenc
2 http://googleprojectzero.blogspot.de/2015/0... Dude,where’smyheap?
15-06-2015
IvanFratric
Multiplemitigationsdiscussed
Userland
Nr URL Description Date Author
1 http://www.azimuthsecurity.com/resources/...
BypassingBrowserMemoryProtections
07-08-2008
AlexSotirov,MarkDowd
2 https://www.blackhat.com/presentations/b...Bufferoverflowsonlinux-x86-64
22-01-2009
HagenFritsch
3 http://www.corelan.be/index.php/200...
Exploitwritingtutorialpart6:BypassingStackCookies,SafeSeh,SEHOP,HWDEPandASLR
12-09-2009
corelanc0d3r
4 https://docs.google.com/viewer?a=v&pid=e...
BypassingASLRandDEPunderWindows
17-06-2010
mr_me
5 https://labs.mwrinfosecurity.com/blog/2010...
AssessingtheTuxStrength:Part1-UserspaceMemoryProtection
29-07-2010
?
ITSecurityCatalog
69Mitigations
6 http://blogs.technet.com/b/srd/archive/2...
OntheeffectivenessofDEPandASLR
08-12-2010
swiat
7 http://msdn.microsoft.com/en-us/library/...
WindowsISVSoftwareSecurityDefenses
xx-12-2010
MichaelHoward,MattMiller,JohnLambert,MattThomlinson
8 http://www.secfence.com/whitepapers/Whit... BypassingASLR/DEP
25-09-2011
VinayKatoch
9 http://www.microsoft.com/download/en/det...MitigatingSoftwareVulnerabilities
12-07-2011
MattMiller,TimeBurrell,MichaelHoward
10 http://forums.grsecurity.net/viewtopic.p...
RecentAdvances:HowWeLearnFromExploits
15-02-2012
spender
11 http://blogs.msdn.com/b/ie/archive/2012/...
EnhancedMemoryProtectionsinIE10
13-03-2012
ForbesHigman
12 http://esec-lab.sogeti.com/post/Bypassin...
BypassingASLRandDEPonAdobeReaderX
22-06-2012
guillaume
13 http://security.stackexchange.com/questi...HowdoASLRandDEPwork?
12-08-2012
polynomial
14 http://blogs.technet.com/b/srd/archive/2...
Softwaredefense:safeunlinkingandreferencecounthardening
06-11-2013
swiat
15 http://bromiumlabs.files.wordpress.com/2... BYPASSINGEMET4.1
xx-02-2014
JaresDeMott
Bypassing
ITSecurityCatalog
70Mitigations
16 http://www.contextis.com/resources/blog/... Windows8.1MitigationsusingUnsafeCOMObjects
15-06-2014
JamesForshaw
17 http://www.offensive-security.com/vulnde...
DisarmingEnhancedMitigationExperienceToolkit
01-07-2014
offensive-security.com
18 https://www.offensive-security.com/vulnd... DisarmingEMETv5.0
29-09-2014
offensive-security.com
19 https://www.offensive-security.com/vulnd...
DisarmingandBypassingEMET5.1
18-11-2014
Blogpost
20 http://casual-scrutiny.blogspot.in/2015/...DefeatingEMET5.2Protections
15-03-2015
r41p41
21 http://casual-scrutiny.blogspot.in/2015/...
DefeatingEMET5.2Protections(2)
21-03-2015
r41p41
22 http://int3pids.blogspot.de/2015/04/conf...
Confidence2015Teaser:QuarantineWrite-Up(pwn500)
30-04-2015
EloiSanfelix
23 http://googleprojectzero.blogspot.com/20...
SignificantFlashexploitmitigationsareliveinv18.0.0.209
16-07-2015
MarkBrand,ChrisEvans
24 https://www.endgame.com/blog/adobe-flash...
AdobeFlashVulnerabilityCVE-2015-7663andMitigatingExploits
xx-xx-2015
CodyPierce
25 https://duo.com/assets/pdf/WoW64-Bypassi...
WoW64andSoCanYou-BypassingEMETWithaSingleInstruction
xx-xx-2015
DarrenKemp,MikhailDavidov
BypassDEP
ITSecurityCatalog
71Mitigations
26 http://xlab.tencent.com/en/2015/12/09/by...andCFGusingJITcompilerinChakraengine
09-12-2015
tombkeeper
Kernelmode
Nr URL Description Date Author
1 http://sysc.tl/2010/04/26/kernel-exploit...FreeBSDkernelexploitationmitigations
26-04-2010
Patroklos(argp)Argyroudis
2 https://web.archive.org/web/201112171438...
AssessingtheTuxStrength:Part2-IntotheKernel
02-09-2010
RadoslawMadej
3 https://wiki.ubuntu.com/Security/Feature... Security/Features-UbuntuWiki
17-02-2011
ubuntu.com
4 http://census.gr/media/bheu-2011-wp.pdf
ProtectingtheCore:KernelExploitationMitigations
18-03-2011
Patroklos(argp)Argyroudis,DimitrisGlynos
5 http://blogs.msdn.com/b/sdl/archive/2012...Guardingagainstre-useofstaleobjectreferences
24-04-2012
DougCavit
6 https://blog.duosecurity.com/2012/07/exp...
ExploitMitigationsinAndroidJellyBean4.1
16-07-2012
JonOberheide
7 http://0xfeedface.org/blog/lattera/2012-...NewExploitProtectionsinAndroid4.1
19-07-2012
ShawnWebb
8 http://blogs.technet.com/b/srd/archive/2...
EMET3.5TechPreviewleveragessecuritymitigationsfromtheBlueHatPrize
24-07-2012
swiat
9 http://blogs.technet.com/b/srd/archive/2...
TechnicalAnalysisoftheTopBlueHatPrizeSubmissions
26-07-2012
swiat
ITSecurityCatalog
72Mitigations
10 http://forums.grsecurity.net/viewtopic.p...RecentARMsecurityimprovements
18-02-2013
spender
11 http://0xdabbad00.com/wp-content/uploads...
EMET4.1Uncovered
18-11-2013
0xdabbad00
12 http://blogs.technet.com/b/srd/archive/2...
Softwaredefense:mitigatingcommonexploitationtechniques
11-12-2013
swiat
13 https://labs.mwrinfosecurity.com/blog/20...
Windows8KernelMemoryProtectionsBypass
15-08-2014
Jérémy(__x86)Fetiveau
14 http://breakingmalware.com/vulnerabiliti...
One-BitToRuleThemAll:BypassingWindows’10ProtectionsusingaSingleBit
10-02-2015
UdiYavo
General
ITSecurityCatalog
73Mitigations
Nr URL Description Date Author
1 http://www.freeinfosociety.com/media/pdf/2708.pdf
ABufferOverflowStudy-Attacks&Defenses
2002
Pierre-AlainFAYOLLE,VincentGLAUME
2 https://static.googleusercontent.com/medi...
NativeClient:ASandboxforPortable,Untrustedx86NativeCode
2009
BennetYee,DavidSehr,GregoryDardyk,J.BradleyChen,RobertMuth,TavisOrmandy,ShikiOkasaka,NehaNarula,andNicholasFullagar
3 https://drive.google.com/file/d/0B5pT4hU_...
AnEvaluationoftheEffectivenessofEMET5.1AtProtectingEverydayApplicationsAgainstTargetedAttacks
2015 GrantWillcox
Hardware-basedmitigations
ITSecurityCatalog
74Mitigations
Nr URL Description
1 https://web.archive.org/web/20120120072718/http://falken.tuxfamily.org/?p=115
BeatSMEPonLinuxwithReturn-OrientedProgramming
2 http://forums.grsecurity.net/viewtopic.p...SupervisorModeAccessPrevention
3 http://blog.ptsecurity.com/2012/09/intel...
IntelSMEPoverviewandpartialbypassonWindows8
4 http://www.cyvera.com/the-case-for-smep-...
THECASEFORSMEP–EXPLOITINGAKERNELVULNERABILITY
5 http://atredispartners.blogspot.de/2014/...
HereBeDragons:VulnerabilitiesinTrustZone
6 https://www.nccgroup.com/en/blog/2015/01...
Intel®SoftwareGuardExtensions(SGX):AResearcher’sPrimer
7 https://www.nccgroup.trust/uk/about-us/n... XenSMEP(andSMAP)bypass
8 http://www.alex-ionescu.com/Enclave%20Su...
IntelSGXEnclaveSupportinWindows10FallUpdate(Threshold2)
Specificmitigations
ITSecurityCatalog
75Mitigations
Nr URL Description Date Author
1 http://blog.ptsecurity.com/2014/09/micro...
MicrosoftWindows8.1KernelPatchProtectionAnalysis&AttackVectors
17-08-2014
MarkErmolov,ArtemShishkin
2 http://vrt-blog.snort.org/2014/08/the-wi...
TheWindows8.1KernelPatchProtection
24-08-2014
AndreaAllievi
3 http://scarybeastsecurity.blogspot.de/20...UsingASANasaprotection
25-09-2014
ChrisEvans
4 http://blogs.cisco.com/security/mitigati...
MitigationsAvailablefortheDRAMRowHammerVulnerability
09-03-2015
OmarSantos
5 http://googleprojectzero.blogspot.de/2015/08/three-bypasses-and-fix-for-one-of.html
ThreebypassesandafixforoneofFlash'sVector.<*>mitigations
19-08-2015
ChrisEvans
OtherexploitationobstaclesNon-compiler,OS,orhardwareenforcedexploitationdifficulties.
Nr URL Description Date Author
1 http://www.corelan.be/index.php/200...
Exploitwritingtutorialpart7:Unicode–from0×00410041tocalc
06-11-2009
corelanc0d3r
WindowsBuffer
ITSecurityCatalog
76Mitigations
2 http://grey-corner.blogspot.com/2010/01/...OverflowTutorial:DealingwithCharacterTranslation
17-01-2010
StephenBradshaw
3 https://web.archive.org/web/201104170711...
KenWardZipperStackBOF0day–anotsotypicalSEHexploit
18-03-2010
corelanc0d3r
4 http://www.corelan.be/index.php/201...
ExploitingKenWardZipper:Takingadvantageofpayloadconversion
27-03-2010
Tutorial
5 http://www.corelan.be/index.php/201...
QuickZipStackBOF0day:aboxofchocolates(2parts)
27-03-2010
corelanc0d3r
6 https://docs.google.com/viewer?a=v&pid=e...
Unicode,themagicofexploiting0×00410041
29-05-2010
mr_me
7 http://www.exploit-db.com/winamp-5-58-fr...
Winamp5.58fromDenialofServicetoCodeExecution
20-10-2010
muts
8 http://www.exploit-db.com/winamp-exploit...
Winamp5.58fromDenialofServicetoCodeExecutionPart2
02-11-2010
muts
9 https://www.corelan.be/index.php/2011/07...
MetasploitBounty–theGood,theBadandtheUgly
27-07-2011
Lincoln
ITSecurityCatalog
77Mitigations
ResearchFromhardwaretoapplications,frommitigationstoattacks.
Hardware-based
Nr URL Description Date Author
1 https://www.blackhat.com/docs/us-14/mate...
QSEETrustZoneKernelIntegerOverflowVulnerability
01-07-2014
DanRosenberg
1 http://atredispartners.blogspot.de/2014/...
HereBeDragons:VulnerabilitiesinTrustZone
14-08-2014
NathanKeltner
2 https://www.blackhat.com/docs/us-15/mate...
ExploitingTrustzoneonAndroid
xx-08-2015
DiShen
3 http://blog.invisiblethings.org/papers/2...Intelx86consideredharmful
xx-10-2015
JoannaRutkowska
4 http://blog.invisiblethings.org/papers/2...
Stateconsideredharmful-Aproposalforastatelesslaptop
xx-12-2015
JoannaRutkowska
CompilerOrLanguage-Specific
Nr URL Description Date Author
1 https://code.google.com/p/em386/download...
ExploringtheSTL:Owningerase()
20-07-2009
ChrisRohlf
ITSecurityCatalog
78Research
OperatingSystemInternals
Heap
Nr URL Description Date Author
1 https://www.blackhat.com/presentations/b...Understandingtheheapbybreakingit
xx-08-2007
JusintN.Ferguson
2 https://media.blackhat.com/eu-13/briefin...
AdvancedHeapManipulationinWindows8
15-03-2013
Zhenhua(Eric)Liu
Kernel
Nr URL Description Date Author
1 http://census-labs.com/media/bheu-2010-w...
BindingtheDaemon:FreeBSDKernelStackandHeapExploitation
22-04-2010
Patroklos(argp)Argyroudis
2 http://www.mista.nu/research/MANDT-kerne...
KernelPoolExploitationonWindows7
12-01-2011
Tarjei(kernelpool)Mandt
3 http://sysc.tl/2012/01/03/linux-kernel-h...
TheLinuxkernelmemoryallocatorsfromanexploitationperspective
03-01-2012
Patroklos(argp)Argyroudis
4 https://media.blackhat.com/bh-us-12/Brie...
iOSKernelHeapArmageddon
26-07-2012
StefanEsser
5 http://blog.azimuthsecurity.com/2013/12/...
AttackingZonePageMetadatainiOS7andOSXMavericks
19-12-2013
Tarjei(kernelpool)Mandt
ITSecurityCatalog
79Research
VariousMechanisms
Nr URL Description Date Author
1 https://labs.mwrinfosecurity.com/system/...
WindowsServices–AllroadsleadtoSYSTEM
31-10-2014
Article
2 http://census-labs.com/media/Fuzzing_Object...
FuzzingObjectsd’ART:DiggingIntotheNewAndroidLRuntimeInternals
18-06-2015
AnestisBechtsoudis
3 http://googleprojectzero.blogspot.de/2015...
RevisitingAppleIPC:(1)DistributedObjects
28-09-2015
IanBeer
Application-Specific
Just-In-Time(JIT)andVirtualMachines(VM)
ITSecurityCatalog
80Research
Nr URL Description Date Author
1 http://www.inf.fu-berlin.de/groups/ag-si...
Application-SpecificAttacks:LeveragingtheActionScriptVirtualMachine
xx-04-2008
MarkDowd
2 http://dsecrg.com/files/pub/pdf/Writing%20J...
WritingJIT-SprayShellcodeforfunandprofit
05-03-2010
AlexeySintsov
3 http://www.matasano.com/research/Attacki...AttackingClientsideJITCompilers
07-08-2011
ChrisRohlf,YanIvnitsky
4 http://blog.cdleary.com/2011/08/understa... UnderstandingJITspray
29-08-2011
ChrisLeary
5 https://web.archive.org/web/201502060818...
JITSprayingPrimerandCVE-2010-3654
26-05-2012
GalBadishi
6 http://mainisusuallyafunction.blogspot.d...
AttackinghardenedLinuxsystemswithkernelJITspraying
17-11-2012
keegan
7 http://zhodiac.hispahack.com/my-stuff/se...FlashJIT–Sprayinginfoleakgadgets
19-07-2013
FerminJ.Serna
8 https://xuanwulab.github.io/2015/06/09/R...
ResearchreportonusingJITtotriggerRowHammer
09-06-2015
R3dF09
CustomorApplicationSpecificHeaps
ITSecurityCatalog
81Research
Nr URL Description Date Author
1 https://sites.google.com/site/zerodayres...
AdobeReader'sCustomMemoryManagement:AHeapOfTrouble
22-04-2010
HaifeiLi,GuillaumeLovet
2 https://media.blackhat.com/bh-us-12/Brie...
ExploitingthejemallocMemoryAllocator:OwningFirefox'sHeap
25-07-2012
Patroklos(argp)Argyroudis,Chariton(huku)Karamitas
3 https://communities.coverity.com/blogs/s...Windows8HeapInternals
31-07-2012
ChrisValasek
ApplicationInternalsAndAttacks
Nr URL Description Date Author
1 http://media.blackhat.com/bh-ad-11/Drake...
ExploitingMemoryCorruptionVulnerabilitiesintheJavaRuntime
15-12-2011
Joshua(jduck)J.Drake
2 https://web.archive.org/web/201301190934...
GoogleNativeClient-AnalysisOfASecureBrowserPluginSandbox
25-07-2012
Whitepaper
3 https://sites.google.com/site/zerodayres...
SmashingtheHeapwithVector:AdvancedExploitationTechniqueinRecentFlashZero-dayAttack
xx-02-2013
HaifeiLi
4 http://www.slideshare.net/xiong120/explo...
ExploitIEUsingScriptableActiveXControls(versionEnglish)
22-03-2014
Yuki(guhe120)Chen
5 http://blog.fortinet.com/post/advanced-e...
AdvancedExploitTechniquesAttackingtheIE
16-06- Zhenhua
'Eric'Liu
ITSecurityCatalog
82Research
ScriptEngine 2014
6 https://www.blackhat.com/docs/us-14/mate...
Thinkingoutsidethesandbox-Violatingtrustboundariesinuncommonways
05-08-2014
BrianGorenc,JasielSpelman
7 http://seclists.org/bugtraq/2012/Sep/29
InternetExplorerScriptInterjectionCodeExecution(updated)
06-09-2012
DerekSoeder
8 https://www.blackhat.com/docs/us-15/mate...
UNDERSTANDINGTHEATTACKSURFACEANDATTACKRESILIENCEOFPROJECTSPARTAN'S(EDGE)NEWEDGEHTMLRENDERINGENGINE
xx-08-2015
MarkVincentYason
ExploitationTechniques
Nr URL Description Date Author
1 http://cansecwest.com/slides07/Vector-Re...
VectorRewriteAttack-ExploitableNULLPointerVulnerabilitiesonARMandXScaleArchitectures
xx-03-2007
BarnabyJack
2 http://ifsec.blogspot.com/2011/06/memory...
MemorydisclosuretechniqueforInternetExplorer
09-06-2011
IvanFratric
White
ITSecurityCatalog
83Research
3 https://web.archive.org/web/20130524082...
PhosphorusExploitPackSayonaraASLRDEPBypassTechnique
21-06-2011
Note
4 https://media.blackhat.com/bh-us-11/Bros...
PostMemoryCorruptionMemoryAnalysis
03-08-2011
JonathanBrossard
5 http://zhodiac.hispahack.com/my-stuff/se...
CVE-2012-0769,thecaseoftheperfectinfoleak
09-04-2012
FerminJ.Serna
6 http://diyhpl.us/~bryan/papers2/security...
Androidexploitationprimers:liftingtheveilonmobileoffensivesecurity(Vol.I)
xx-08-2012
LarryH,BastianF
7 http://h30499.www3.hp.com/t5/HP-Security...
VerifyingWindowsKernelVulnerabilities
30-10-2013
Article
8 https://community.rapid7.com/community/m...
"HackAwayattheUnessential"withExpLib2inMetasploit
07-04-2014
WeiChen
9 https://doar-e.github.io/blog/2014/04/30...
CorruptingtheARMExceptionVectorTable
30-04-2014
Amat"acez"Cama
10 http://tfpwn.com/blog/turn-it-into-a-uaf... TurnitintoaUAF
11-01-2015
AlexanderEubanks
11 https://blog.coresecurity.com/2015/09/28...
AbusingGDIforring0exploitprimitives
28-09-2015
DiegoJuarez
12 https://www.nccgroup.trust/uk/our-resear... ExploitationAdvancements
07-10-2015
AaronAdams
#BadWinMail:The
ITSecurityCatalog
84Research
13 https://0b3dcaf9-a-62cb3a1a-s-sites.goog..."EnterpriseKiller"AttackVectorinMicrosoftOutlook
xx-12-2015
HaifeiLi
Heap/Pool-spray
Nr URL Description Date Author
1 http://www.phreedom.org/presentations/he...HeapFengShuiinJavaScript
2007 AlexanderSotirov
2 http://www.exploit-monday.com/2011/08/ta...
TargetedHeapSpraying–0x0c0c0c0cisaThingofthePast
29-08-2011
MattGraeber
3 https://www.corelan.be/index.php/2011/12...
Exploitwritingtutorialpart11:HeapSprayingDemystified
31-12-2011
corelanc0d3r
4 https://www.corelan.be/index.php/2013/02...
DEPS–PreciseHeapSprayonFirefoxandIE10
19-02-2013
corelanc0d3r
5 http://blog.ptsecurity.com/2013/03/stars...
Starsaligner’show-to:kernelpoolsprayingandVMwareCVE-2013-1406
06-03-2013
Article
6 http://www.alex-ionescu.com/?p=231
SheepYearKernelHeapFengshui:SprayingintheBigKids’Pool
29-12-2014
AlexIonescu
ITSecurityCatalog
85Research
MitigationTechniques
Nr URL Description Date Author
1 http://j00ru.vexillium.org/?p=1038
WindowsKernelAddressProtection
xx-08-2011
Mateusz(j00ru)Jurczyk
2 http://www.vdalabs.com/tools/DeMott_Blue...
BlueHatPrizeSubmission(/ROP)
xx-03-2012
JaredDeMott
Bugfinding
Nr URL Description Date Author OS/Arch Info
1 http://j00ru.vexillium.org/?p=1695
SyScan2013,Bochspwnpaperandslides
24-04-2013
Mateusz(j00ru)Jurczyk,GynvaelColdwind
Windows N/A
General
Nr URL Description Date Author OS/Arch Info
1 http://reversing.it/thesis.pdf
SecuringApplicationSoftwareinModernAdversarialSettings
xx-07-2015
FelixSchuster - N/A
ITSecurityCatalog
86Research
Malware
BlogsThesearelinkstodifferentblogscontainingmalwareanalysis.
Nr URL Title/Description
1 http://www.inreverse.net/inREVERSE-malwareanalysisblog
2 http://blog.threatexpert.com/
Ablogaboutautomatedthreatanalysis...andthebadguysittargets
3 http://www.secureworks.com/research/threats/ Threatanalyses
4 http://xylibox.blogspot.com/
"AnotherBlog,AnotherBox"-malwareanalysisblog
5 http://contagiodump.blogspot.com/
Contagioisacollectionofthelatestmalwaresamples,threats,observations,andanalyses.
6 http://www.avertlabs.com/research/blog/index.php/category/malware-research/
McAfee-Archiveforthe'MalwareResearch'Category
7 http://evilcodecave.blogspot.com/
ITSecurityResearchBlog:ReverseEngineering-MalwareAnalysis-Cryptography-SoftwareEngineering-SoftwareSecurity/Audit
8 http://extraexploit.blogspot.com/"EVERYTHINGORNOTHING"-malwareanalysisblog
9 http://ddanchev.blogspot.com/
DanchoDanchev'sBlog-MindStreamsofInformationSecurityKnowledge
ITSecurityCatalog
87Malware
10 http://blog.armorize.com/"ArmorizeBlog"-malwareanalysisblog
11 http://securityblog.s21sec.com/ S21secSecurityBlog
12 http://blog.malwaretracker.com/ malwaretracker
13 http://www.abuse.ch/ TheSwissSecurityBlog
14 http://blogs.paretologic.com/malwarediaries/ MalwareDiaries
15 http://perpetualhorizon.blogspot.com/ PerpetualHorizon
16 http://mnin.blogspot.com/ Coding,Reversing,Exploiting
17 http://blog.eset.com/ ESETThreatBlog
18 http://code.google.com/p/malware-lu/Malwarestechnicalanalysisfromhttp://www.malware.lu
19 http://stratsec.blogspot.de/BAESystemssecurityresearchblog
20 http://fumalwareanalysis.blogspot.com.au/p/malware-analysis-tutorials-reverse.html
MalwareAnalysisTutorials:aReverseEngineeringApproach
Articles
Malwareanalysis
Nr URL
1 http://mtc.sri.com/Conficker/
2 http://www.eset.com/resources/white-papers/Stuxnet_Under_the_Microscope.pdf
3 http://www.aall86.altervista.org/TDLRootkit/TDL4_Analysis_Paper.pdf
4 http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4
ITSecurityCatalog
88Malware
5 http://blog.fireeye.com/research/2011/03/an-overview-of-rustock.html
6 http://www.eset.com/us/resources/white-papers/The_Evolution_of_TDL.pdf
7 http://www.prevxresearch.com/zeroaccess_analysis.pdf
8 http://sophosnews.files.wordpress.com/2012/03/blackhole_paper_mar2012.pdf
9 http://www.crysys.hu/skywiper/skywiper.pdf
10 http://reverse.put.as/2012/08/06/tales-from-crisis-chapter-1-the-droppers-box-of-tricks/
11 https://community.rapid7.com/community/infosec/blog/2012/08/08/finfisher
12 http://reverse.put.as/2012/08/20/tales-from-crisis-chapter-2-backdoors-first-steps/
13 http://reverse.put.as/2012/08/21/tales-from-crisis-chapter-3-the-italian-rootkit-job/
14 https://www.securelist.com/en/blog/750/Full_Analysis_of_Flame_s_Command_Control_servers
15 http://www.ikarus.at/fileadmin/user_upload/Download/Report_MarionMarschalek.pdf
16 http://oweng.myweb.port.ac.uk/fbi-tor-malware-analysis/
17 http://www.welivesecurity.com/2013/08/27/the-powerloader-64-bit-update-based-on-leaked-exploits/
18 https://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf
19 https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
20 https://www.virusbtn.com/pdf/conference/vb2014/VB2014-Wardle.pdf
ITSecurityCatalog
89Malware
General
Nr URL Title/Description Date Author
1 http://www.dfrws.org/2015/procee...AdvancingMacOSXrootkitdetection
2015
AndrewCase,GoldenG.RichardIII
Malwaretrackers
Nr URL Title/Description
1 http://www.malwaredomainlist.com/mdl.php MalwareDomainList
2 https://zeustracker.abuse.ch/ ZeuSTracker
3 https://spyeyetracker.abuse.ch/ SpyEyeTracker
4 http://www.malwareurl.com/listing-urls.php?urls=on
MalwareURL-Websitestatusverification
5 http://hosts-file.net/?s=Browse hpHostsOnline-Simple,Searchable&FREE!
6 http://virustracker.info/ VirusTracker
Onlinemalwareanalysis
ITSecurityCatalog
90Malware
Nr URL Title/Description
1 http://wepawet.iseclab.org/ Wepawet(JavaScriptandFlash)
2 http://www.urlvoid.com/CheckReputationofDomainsandSubdomains
3 http://anubis.iseclab.org/ Anubisisaserviceforanalyzingmalware
4 http://eureka.cyber-ta.org/ AnAutomatedMalwareBinaryAnalysisService
5 http://camas.comodo.com/ ComodoInstantMalwareAnalysis
6 http://ether.gtisc.gatech.edu/web_unpack/
Ether:MalwareAnalysisviaHardwareVirtualizationExtensions
7 http://www.ipvoid.com/ ScanURLformaliciousactivities
8 http://www.norman.com/security_center/security_tools/SubmitaSuspiciousFileforaFREEMalwareAnalysis
9 http://www.threatexpert.com/submit.aspx SubmitYourSampleToThreatExpert
10 http://www.malwaretracker.com/pdf.php ExaminePDFonline
11 http://mwanalysis.org/?site=1&page=submit MalwareAnalysisSystem
12 https://new.virustotal.com/
VirusTotalisafreeservicethatanalyzessuspiciousfilesandURLs
Tools&Projects
ITSecurityCatalog
91Malware
Nr URL Title/Description
1 http://malzilla.sourceforge.net/index.html Malwarehuntingtool
2 http://code.mwcollect.org/ Malwareandattacktracecollectiondaemon
3 http://code.google.com/p/phoneyc/ Purepythonhoneyclientimplementation
4 http://www.mlsec.org/malheur/ AutomaticAnalysisofMalwareBehavior
5 http://www.team-cymru.org/Services/MHR/WinMHR/
WinMHR-FreeMalwareDetector-TeamCymru
6 https://addons.mozilla.org/en-US/firefox/addon/team-cymrus-mhr/
QuicklycheckdownloadedfilesagainstTeamCymru'smalwaredatabasewithjustoneclick!
7 http://www.stoned-vienna.com/ StonedBootkit-TheofficialsiteofStonedBootkit
8 http://sarvam.ece.ucsb.edu/submit.html SARVAM:SearchAndRetrieVAlofMalware
9 http://code.google.com/p/malwasm/ Malwasmwasdesignedtohelppeoplethatdoreverseengineering
10 http://www.cuckoosandbox.org/ CuckooSandboxisamalwareanalysissystem
11 http://rehints.com/ Sharingreverseengineeringknowledge
12 https://objective-see.com/products.html FreeOSXSecurityTools
Onlineself-check
Nr URL Title/Description
1 http://www.dcwg.org/ TheDNSChangerWorkingGroup(DCWG)
Uncategorized
ITSecurityCatalog
92Malware
Nr URL Title/Description
1 http://zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html
Reverse-EngineeringMalwareCheatSheet
2 http://www.malwaredomainlist.com/forums/index.php?board=2.0 Hugelistofblogs
3 http://www.prevx.com/malwarecenter.aspVerylatesthotfilenamesusedbymalware
4 http://blogs.technet.com/b/markrussinovich/archive/2011/02/27/3390475.aspxTheCaseoftheMaliciousAutostart
ITSecurityCatalog
93Malware
VariousStuffHereyoucanfindotherstuffrelatedtosecurity--tools,notesondebugging,blogs,wikis,etc.
Onlinetoolsandservices
Nr URL Description
1 http://skypher.com/SkyLined/heap_spray/small_heap_spray_generator.html Heapspraygenerator
2 http://gorope.me/
FREEOnlineROPGadgetsSearch
3 https://www.corelan.be/index.php/security/corelan-ropdb/ CorelanROPdb
Toolsanddevelopment
Nr URL
1 http://reverse.put.as/wp-content/uploads/2011/06/hackingleopard.pdf
HackingLeopard:ToolsandTechniquesforAttackingtheNewestMacOSX
2 http://www.corelan.be/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/
StartingtowriteImmunityDebuggerPyCommands:mycheatsheet
3 http://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
Exploitwritingtutorialpart4:FromExploittoMetasploit–Thebasics
ITSecurityCatalog
94VariousStuff
4 http://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development
Exploitwritingtutorialpart5:Howdebuggermodules&pluginscanspeedupbasicexploitdevelopment
5 https://blog.mandiant.com/archives/1899
ExploringArtifactsinHeapMemorywithHeapInspector
6 http://redmine.corelan.be/projects/mona
CorelanTeamprojectpagefor'mona',aPyCommandforImmunityDebugger
7 http://blog.metasploit.com/2008/08/byakugan-windbg-plugin-released.html
SetofextensionsforexploitdevelopmentunderWinDbg
8 https://github.com/djrbliss/libplayground
AsimpleframeworkfordevelopingLinuxkernelheapexploittechniques
9 http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Heappie
Heappie!isanexploit-writing-orientedmemoryanalysistool
10 http://www.hsc.fr/ressources/outils/skyrack/index.html.en ROPgadgetsearchtool
11 https://github.com/neuromancer/seaSymbolicExploitAssistant
12 https://www.corelan.be/index.php/2012/12/31/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2/
JingleBOFs,JingleROPs,Sploitingallthethings…
ITSecurityCatalog
95VariousStuff
withMonav2!!
13 https://community.rapid7.com/community/metasploit/blog/2011/10/11/monasploit MonaSploit
14 https://wapiflapi.github.io/2015/04/22/single-null-byte-heap-overflow/
Visualizingasinglenull-byteheapoverflowexploitation
15 https://blog.skullsecurity.org/2015/how-i-nearly-almost-saved-the-internet-starring-afl-fuzz-and-dnsmasq
HowInearlyalmostsavedtheInternet,starringafl-fuzzanddnsmasq
16 http://googleprojectzero.blogspot.de/2015/11/windows-sandbox-attack-surface-analysis.html
WindowsSandboxAttackSurfaceAnalysis
Blogsbysecuritypeopleorteams
ITSecurityCatalog
96VariousStuff
Nr URL Description
1 http://sysc.tl/ Patroklos(argp)Argyroudisblog
2 http://jon.oberheide.org/ JonOberheideBlog
3 http://blog.cr0.org/ JulienTinnesblog(Kernel-levelbugs)
4 http://xorl.wordpress.com/category/bugs/ VulnerabilitiesdescriptionsmappedtoCVE
5 http://www.abysssec.com/blog/tag/binary-... VulnerabilitiesbinaryanalysisbyAbysssec
6 http://exploitshop.wordpress.com/ VulnerabilityanalysisblogusingDarunGrim
7 http://0x1byte.blogspot.com/search/label... AlexanderGavrunpublishedvulnerabilities
8 http://sysc.tl/category/advisories/ Patroklos(argp)Argyroudisadvisories
9 http://trapkit.de/advisories/published.h... PublishedSecurityAdvisoriesbyTobiasKlein
10 http://www.scary.beasts.org/security/ChrisEvans:Softwaresecurityholesfoundviaauditing,fuzzing,etc.
11 http://poppopret.blogspot.com/ Hacking&ITSecurityStuff
12 https://www.corelan.be/index.php/articles/ CorelanTeamArticles
13 http://sf-freedom.blogspot.com/ SoftwareVulnerabilityExploitationBlog
14 http://invisiblethingslab.com/itl/Resources.html invisiblethingslab.comResources
15 http://googleprojectzero.blogspot.com ProjectZero
Wikiandweb-sitesonsecurity
ITSecurityCatalog
97VariousStuff
Nr URL Description
1 http://www.phrack.org PhrackMagazine
2 http://theiphonewiki.com/wiki/index.php?title=Category:Exploits TheiPhoneWiki
3 http://en.wikibooks.org/wiki/Metasploit TheMetasploitBook
4 http://www.blackhatlibrary.net/ShellcodecsShellcodecsisacollectionofshellcodes,loaders,sources,andgenerators
5 http://skypher.com/wiki/index.php/Main_Page Skypher-thewikiforabsolutelynothing
6 http://grsecurity.net/research.php AcademicResearchPublicationsMentioninggrsecurity/PaX
7 http://uninformed.org/index.cgi? INFORMATIVEINFORMATIONFORTHEUNINFORMED
Collections,lists
Nr URL
1 http://www.shell-storm.org/papers/index.php?lg=english
2 http://secdocs.lonerunners.net/
3 http://www.theamazingking.com/exploit.html
4 http://packetstormsecurity.org/files/tags/paper/
5 http://6dev.net/mirror/doc.bughunter.net/
6 http://www.fuzzysecurity.com/tutorials.html
7 http://projectshellcode.com/
8 http://tools.securitytube.net/index.php?title=Open_Security_Training
ITSecurityCatalog
98VariousStuff
19 http://jon.oberheide.org/mokb/
20 http://jon.oberheide.org/moab/
21 http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
22 http://www.securityaegis.com/the-big-fat-metasploit-post/
23 http://www.gimpel.com/html/bugs.htm
24 http://reverse.put.as/papers/
25 [http://www.xchg.info/ARTeam/conferences/
26 https://code.google.com/p/pentest-bookmarks/
27 https://www.evernote.com/pub/wishi/crazylazy/
28 https://fuzzing-project.org/
29 code.google.com/p/chromium/issues/list...
30 bugzilla.mozilla.org/buglist.cgi...
31 http://www.ioactive.com/ioactive_labs_ad...
ITSecurityCatalog
99VariousStuff
32 https://docs.google.com/spreadsheets/d/1vY_GipkYMlaitw17UEvIl7J3oyw8iY59v97rSzjX4GM/edit#gid=0
Damnvulnerablethings
Nr URL Description
1 http://exploit-exercises.com/ Providesavarietyofvirtualmachinestoexploit
2 http://sourceforge.net/projects/metasploitable/files/ Metasploitable2
Trainings
Nr URL Description
1 https://www.corelan-training.com/
Win32ExploitDevelopmentclass
2 http://www.opensecuritytraining.info/Training.html TrainingClasses
3 http://pentest.cryptocity.net/
PenetrationTestingandVulnerabilityAnalysis
4 http://www.cis.syr.edu/~wedu/Teaching/CompSec/lecturenotes.html LectureNotes
5 https://community.rapid7.com/community/metasploit/blog/2012/07/05/part-1-metasploit-module-development--the-series
Metasploitexploitdevelopment-TheseriesPart1.
6 http://security.cs.rpi.edu/courses/binexp-spring2015/ModernBinaryExploitation
(tobecontinued...)
ArticlesonDebugging
ITSecurityCatalog
100VariousStuff
Nr URL Description
1 http://msdn.microsoft.com/en-us/magazine/cc163311.aspx
AnalyzeCrashestoFindSecurityVulnerabilitiesinYourApps
2https://blogs.technet.com/b/srd/archive/2009/01/28/stack-overflow-stack-exhaustion-not-the-same-as-stack-buffer-overflow.aspxnotthesameasstackbufferoverflow)
Stackoverflow(stackexhaustion)notthesameasstackbufferoverflow
3 http://sysc.tl/2009/07/02/freebsd-kernel-debugging/FreeBSDkerneldebugging
4 https://blogs.msdn.com/b/sudeepg/archive/2010/04/29/debugging-a-crash-an-example.aspx
debuggingacrash–Anexample
5 http://resources.infosecinstitute.com/debugging-fundamentals-for-exploit-development/
DebuggingFundamentalsforExploitDevelopment
6 http://resources.infosecinstitute.com/in-depth-seh-exploit-writing-tutorial-using-ollydbg/
OllyDbgTricksforExploitDevelopment
7 http://blogs.msdn.com/b/ntdebugging/archive/2013/06/14/understanding-pool-corruption-part-1-buffer-overflows.aspx
UnderstandingPoolCorruptionPart1–BufferOverflows
8 http://blogs.msdn.com/b/ntdebugging/archive/2013/08/22/understanding-pool-corruption-part-2-special-pool-for-buffer-overruns.aspx
UnderstandingPoolCorruptionPart2–SpecialPoolforBufferOverruns
9 http://blogs.msdn.com/b/ntdebugging/archive/2008/02/01/kernel-stack-overflows.aspx
KernelStackOverflows
10 http://www.contextis.com/resources/blog/kgdb-android-debugging-kernel-boss/
KGDBonAndroid:Debuggingthekernellikeaboss
ITSecurityCatalog
101VariousStuff
11 https://community.rapid7.com/community/metasploit/blog/2015/09/10/a-debugging-session-in-the-kernel
Adebuggingsessioninthekernel
12 https://objective-see.com/blog.html#blogEntry8
KernelDebuggingaVirtualizedOSXElCapitanImage
Listsoflistsofsecurityconferences
Nr URL Title
1 http://en.wikipedia.org/wiki/Computer_se... Computersecurityconference
2 http://www.secsocial.com/blog/?page_id=4... SecurityConferences
3 https://www.google.com/calendar/embed?sr... InformationSecurityConferences
4 http://www.ethicalhacker.net/component/o... EthicalHackerCalendar
5 http://packetstormsecurity.org/papers/ca... PacketStormCFPMonitor
6 http://satoss.uni.lu/lists/ Listofsecurityconferences
7 http://infosecevents.net/calendar/ Upcominginformationsecurityevents
8 http://research.phreedom.org/
TheSecurityResearchIndexisaprojectindendedtohelpthesecuritycommunitykeepupwithalltheresearchpresentedatconferencesaroundtheworld.
9 http://cc.thinkst.com/ ConCollector
10 http://securityconferences.net/ ComputerSecurityConferences
11 http://www.conpiler.com/ CONpiler—Securityconferencesaroundtheworld
12 https://secore.info/conferences SECurityOrganizer&ReporterExchange
13 http://www.clocate.com/conferences/it-se... Clocate-ConferencesandExhibitions
14 http://www.sp3ctr3.me/hardware-security-resources/ HardwareSecurityResources
ITSecurityCatalog
102VariousStuff
Bugbounty
Nr URL Description
1 http://weis2007.econinfosec.org/papers/29.pdf TheLegitimateVulnerabilityMarket
2 https://docs.google.com/present/view?id=0Ae_usSLlqH60ZGZnYjI0NTVfMjBobngybWRoaA&hl=en
Google'sVulnerabilityRewardPrograms
3 http://blog.nibblesec.org/2011/10/no-more-free-bugs-initiatives.html
http://www.bugsheet.com/bug-bounties
4 http://blog.bugcrowd.com/list-of-active-bug-bounty-programs/ TheBugBountyList
Timelineandhistory
ITSecurityCatalog
103VariousStuff
Nr URL Description
1 [http://ilm.thinkst.com/folklore/index.shtml
MemoryCorruptionandHackerFolklore
2 https://zynamics.files.wordpress.com/2010/02/code_reuse_timeline1.pngCodeReuseTimeline
3 [http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
Past,Present,FutureofWindowsExploitation
4 https://media.blackhat.com/bh-us-10/whitepapers/Meer/BlackHat-USA-2010-Meer-History-of-Memory-Corruption-Attacks-wp.pdf
MemoryCorruptionAttacks:The(almost)CompleteHistory
5 [https://paulmakowski.wordpress.com/2011/01/25/smashing-the-stack-in-2011/
SmashingtheStackin2011
6 http://www.isg.rhul.ac.uk/sullivan/pubs/tr/technicalreport-ir-cs-73.pdf
MemoryErrors:ThePast,thePresent,andtheFuture
7 http://blogbromium.files.wordpress.com/2013/01/heap-sprays-to-sandbox-escapes_issa0113.pdf
HeapSpraystoSandboxEscapes:ABriefHistoryofBrowserExploitation
Media
ITSecurityCatalog
104VariousStuff
Nr URL Description
1 https://ange4771.imgur.com/AngeAlbertiniposters
2 [https://community.rapid7.com/community/infosec/blog/2011/02/24/dual-cores-metasploit-track-free-download
DualCore'sMetasploitTrack:FreeDownload!
3 http://0xdabbad00.com/2013/04/28/exploit-mitigation-kill-chain/ExploitMitigationKillChain
Advisories
Nr URL Description
1 https://github.com/QubesOS/qubes-secpack/tree/master/QSBs
QubesOSAdvisories
ITSecurityCatalog
105VariousStuff