0

1

1.1

1.2

1.3

1.4

1.5

2

3

TableofContentsIntroduction

SoftwareExploitation

AnalysisandExploitation(unprivileged)

AnalysisandExploitation(privileged)

ShellcodeDevelopment

Mitigations

Research

Malware

VariousStuff

ITSecurityCatalog

2

ITSecurityCatalogv.2.0

Previouslyprojectwaslocatedhere:https://code.google.com/p/it-sec-catalog/,butasGoogleCodehostingisgoingtoshutdown,allstuffhasbeenmigratedhere.Manychangestocontenthavebeenmadetoo:

rearrangedandsplitintomoreappropriatesections;removedsectiononanalysisofthebugsandmergedwith"BugAnalysisandExploitation";fixedlinksandinformation,restoredmanydeadlinks;replaced"Type"columnwith"Author"column;addedmeta-informationalongwithCVE,i.e.bugname.

AboutprojectThisprojecthasappearedasanattempttoindexandsummarizelinkstocomputersecurityrelatedstuff.Slides(thereisotherprojectcollectingthem),copy-pastes,wronganderroneousarticlesarenotincluded.Mainfocusissoftwareexploitation—memorycorruptionbugsandnon-corruptionbugsleadingtoremotecodeexecution(excludingweb),privilegeescalation,dataexfiltration,DoS.Malwaresectionisindevelopment.

Highlighteditems:

vulnerabilitydevelopment,softwareexploitation-sortedbytypeofvulnerability;malwareanalysis;

DisclaimerIfyounoticelinkpointingtoanarticlewithpotentiallypromotionalcharacter,pleasebeawarethatIamnotaffiliatedinanywaywithanyrelatedcompanies.LinkspostedherearepostedonlybecauseImayfindcontentinteresting.Iamnotpaidtorunthisproject,orpublishlinks.

Errorsmayoccur,soplease,don'thesitatetocontactmeifyouencounterone.

Thankstoeveryonewhocontributedtotheproject.

ITSecurityCatalog

3Introduction

SoftwareexploitationHereyoucanfindlinkstoarticlesonsoftwareexploitation,vulnerabilitydevelopment,exploitanalysis,sourcecodeanalysis,differentresearches,andotherstuff.

Followingheadingscorrespondtotheclassificationofvulnerabilitiesandrelatedtopics.

ITSecurityCatalog

4SoftwareExploitation

Buganalysisandexploitation(unprivileged)Bugandexploitanalysisanddevelopmentinuser-land.

Bufferoverflows

Stack-basedbufferoverrun

StructuredExceptionHandler

ITSecurityCatalog

5AnalysisandExploitation(unprivileged)

Nr URL Description Date Author

1 https://web.archive.org/web/2012072413294...

UnderstandingSEH(StructuredExceptionHandler)Exploitation

06-07-2009

DonnyHubener

2 http://www.corelan.be/index.php/2009...

Exploitwritingtutorialpart3:SEHBasedExploits

25-07-2009

corelanc0d3r

3 http://www.corelan.be/index.php/2009...

Exploitwritingtutorialpart3b:SEHBasedExploits–justanotherexample

28-07-2009

corelanc0d3r

4 http://grey-corner.blogspot.com/2010/01/...

SEHStackBasedBufferOverflowTutorial

07-01-2010

StephenBradshaw

5 http://www.ethicalhacker.net/content/vie...

Tutorial:SEHBasedExploitsandtheDevelopmentProcess

04-05-2010

Mark(n1p)Nicholls

6 https://docs.google.com/viewer?a=v&pid=e... DebugginganSEH0day

29-05-2010

mr_me

7 http://resources.infosecinstitute.com/se...

SEHBasedOverflowExploitTutorial

28-04-2011

StephenBradshaw

Stackbufferoverrun

Nr URL Description Date Author

1 http://blogs.securiteam.com/index.php/ar...

HeapSpraying:ExploitingInternetExplorerVML0-day

23-09-2006

TriratKiraP

Exploit

ITSecurityCatalog

6AnalysisandExploitation(unprivileged)

2 http://www.corelan.be/index.php/200...writingtutorialpart1:StackBasedOverflows

19-07-2009

corelanc0d3r

3 http://www.corelan.be/index.php/200...

Exploitwritingtutorialpart2:StackBasedOverflows–jumpingtoshellcode

23-07-2009

corelanc0d3r

4 http://grey-corner.blogspot.com/2010/01/...

StackBasedBufferOverflowTutorial

07-01-2010

StephenBradshaw

5 http://www.phreedom.org/research/vulnera...WindowsANIheaderbufferoverflow

29-03-2010

AlexanderSotirov

6 http://www.offensive-security.com/vulnde...

EvocamRemoteBufferOverflowonOSX

04-06-2010

Paul(d1dn0t)Harrington

7 http://turkeyland.net/projects/overflow/...BufferOverflowsandYou

04-08-2010

JeffreyA.Turkstra

8 http://dvlabs.tippingpoint.com/blog/2010...

SecurityAdvisoryforNetWare6.5OpenSSH

01-09-2010

ZefCekaj

9 http://www.vupen.com/blog/20100909.Adobe...

CriminalsAreGettingSmarter:AnalysisoftheAdobeAcrobat/Reader0-DayExploit

09-09-2010

NicolasJoly

10 http://www.exploit-db.com/bypassing-uac-...

BypassingUACwithUserPrivilegeunderWindowsVista/7–

26-11-2010

muts

ITSecurityCatalog

7AnalysisandExploitation(unprivileged)

Mirror

11 http://www.exploit-db.com/docs/16030.pdf...

Non-ExecutableStackARMExploitation

23-01-2011

Itzhak(Zuk)Avraham

12 http://0x1byte.blogspot.co.il/2011/02/cv...

AnalysisofCVE2010-3333MicrosoftOfficeRTFFileStackBufferOverflowVulnerability

20-02-2011

AlexanderGavrun

13 http://resources.infosecinstitute.com/st...

StackBasedBufferOverflowTutorial,part1—Introduction

09-03-2011

StephenBradshaw

14 http://resources.infosecinstitute.com/st...

StackBasedBufferOverflowTutorial,part2—Exploitingthestackoverflow

09-03-2011

StephenBradshaw

15 http://resources.infosecinstitute.com/st...

StackBasedBufferOverflowTutorial,part3—Addingshellcode

09-03-2011

StephenBradshaw

16 https://web.archive.org/web/201310071419...SmashingthestackinWindows8

xx-09-2011

DavideQuarta

17 http://research.reversingcode.com/index....

AppleQuickTimePlayerH.264issues

01-09-2011

rmallof

18 http://blogs.securiteam.com/index.php/ar...VMwareUDFStackBufferOverflow

10-10-2011

SecventureGroup

19 http://www.greyhathacker.net/?p=380

RemoteExecComputersListBuffer

06-11- Parvez

ITSecurityCatalog

8AnalysisandExploitation(unprivileged)

OverflowROPExploit

2011

20 https://web.archive.org/web/20131207185...

ATextbookBufferOverflow:ALookattheFreeBSDtelnetdCode

25-12-2011

DustinSchultz

21 http://www.poppopret.org/?p=40

AnatomyofaSCADAExploit:Part1–FromOverflowtoEIP

07-01-2012

MichaelCoppola

22 http://www.greyhathacker.net/?p=549

HeapsprayinginInternetExplorerwithropnops

19-06-2012

Parvez

23 http://www.poppopret.org/?p=141

AnatomyofaSCADAExploit:Part2–FromEIPtoShell

21-08-2012

MichaelCoppola

24 https://community.rapid7.com/community/m...

NewMetapsloitExploit:SAPNetWeaverCVE-2012-2611

06-09-2012

JuanVasquez

25 http://www.devttys0.com/2012/10/exploiti...ExploitingaMIPSStackOverflow

08-10-2012

Craig

26 http://www.cyvera.com/how-to-exploit-cve...

HOWTOEXPLOITCVE-2010-3333

28-11-2012

GalBadishi

27 http://shar33f12.blogspot.com.es/2012/10... ROP01-11-2012

shareef12

28 http://www.exploit-db.com/papers/24085/

StackSmashingOnAModernLinuxSystem

21-12-2012

jip

29 http://blog.exodusintel.com/2013/01/07/w...DoS?ThenWhoWas

07-01- exodusintel.com

ITSecurityCatalog

9AnalysisandExploitation(unprivileged)

Phone? 2013

30 http://sitsec.net/blog/2013/04/22/stack-...

Stack-basedBufferOverflowintheVPNSoftwaretincforAuthenticatedPeers

22-04-2013

MartinSchobert

31 https://web.archive.org/web/201307080736...

Analysisofnginx1.3.9/1.4.0stackbufferoverflowandx64exploitation(CVE-2013-2028)

21-05-2013

w00d

32 http://www.exploit-db.com/docs/27657.pdf...

Smashingthestack,anexamplefrom2013

17-08-2013

BenjaminRandazzo

33 http://csmatt.com/notes/?p=96

MIPSBufferOverflowswithBowcaster

13-10-2013

MattDefenthaler

34 http://funoverip.net/2013/10/watchguard-...

WatchGuard–CVE-2013-6021–StackBasedBufferOverflowExploit

27-10-2013

foip

35 http://dl.packetstormsecurity.net/papers...

64BitsLinuxStackBasedBufferOverflow

09-06-2014

Mr.Un1k0d3r

36 https://hatriot.github.io/blog/2015/01/0...NtpdcLocalBufferOverflow

06-01-2015

BryanAlexander

37 http://blog.techorganic.com/2015/04/10/64...

64-bitLinuxStackSmashingTutorial:Part1

10-04-2015

superkojiman

38 http://blog.techorganic.com/2015/04/21/64...

64-bitLinuxStackSmashing

21-04- superkojiman

ITSecurityCatalog

10AnalysisandExploitation(unprivileged)

38 http://blog.techorganic.com/2015/04/21/64... StackSmashingTutorial:Part2

21-04-2015

superkojiman

39 http://5d4a.wordpress.com/2010/10/13/my-... Smashingthestackin2010

xx-09-2015

MarianoGraziano,AndreaCugliari

40 http://googleprojectzero.blogspot.de/201...

Kaspersky:MoUnpackers,MoProblems.

22-09-2015

TavisOrmandy

UnicodeStackBufferOverrun

Nr URL Description Date Author OS/Arch

1 http://newsoft-tech.blogspot.com/2012/01...

MS11-014:thisisnotthebugyourarelookingfor…

10-01-2012

newsoft Windows,x86-32

CVE-2011-0039

2 http://www.floyd.ch/?p=629

AutomatedgenerationofcodealignmentcodeforUnicodebufferoverflowexploitation

17-01-2012

floyd Windows,x86-32 N/A

Heap-basedbufferoverrun

Out-of-boundsread/write

Off-by-oneerrors

ITSecurityCatalog

11AnalysisandExploitation(unprivileged)

Nr URL Description Date Author

1 http://site.pi3.com.pl/adv/libopie-adv.t...

libopie__readrec()off-byone(FreeBSDftpdremotePoC)

27-05-2010

MaksymilianArciemowicz,Adam(pi3)Zabrocki

2 https://drive.google.com/file/d/0B6P-iHu...

Skypev5.9.0.123andBelowRemoteDefaultUnauthenticatedOff-By-One

06-10-2012

KostyaKortchinsky

3 http://doar-e.github.io/blog/2013/09/09/...

PinpointingHeap-relatedIssues:OllyDbg2Off-by-oneStory

09-09-2013

Axel(0vercl0k)Souchet

4 http://googleprojectzero.blogspot.de/201...ThepoisonedNULbyte,2014edition

25-08-2014

ChrisEvans

Heapbufferoverrun

Nr URL Description Date

1 http://www.cgsecurity.org/exploit/heaptu... w00w00onHeapOverflows xx-01-1999

2 http://immunitysec.com/downloads/msrpche...,http://immunitysec.com/downloads/msrpche

ExploitingtheMSRPCHeapOverflow

11-09-2003

3 https://web.archive.org/web/201205211422...WindowsHeapOverflowExploitation

02-02-2004

4 http://www.exploit-db.com/papers/13178/

WindowsHeapOverflowsusingtheProcessEnvironmentBlock(PEB)

31-05-2006

5 http://www.h-online.com/security/feature...

Aheapofrisk:Bufferoverflowsontheheapandhowtheyareexploited

28-06-2006

Engineering

ITSecurityCatalog

12AnalysisandExploitation(unprivileged)

6 https://web.archive.org/web/201309030849... HeapOverowExploitswithJavaScript

08-09-2008

7 http://www.blackhat.com/presentations/bh...

PracticalWindowsXP/2003HeapExploitation

xx-07-09

8 https://web.archive.org/web/201003271111...

0x41-weeklyexploitationmatters-Heapoverflowfundamentals

23-03-2010

9 http://blogs.cisco.com/security/comments...

ExploringHeap-BasedBufferOverflowswiththeApplicationVerifier

29-03-2010

10 http://grey-corner.blogspot.com/2010/03/...

TheDifferenceBetweenHeapOverflowandUseAfterFreeVulnerabilities

31-03-2010

11 http://index-of.es/Misc/HeapCacheExploi...

HeapCacheExploitation-WhitePaperbyIBMInternetSecuritySystems

xx-07-2010

12 https://web.archive.org/web/201110070918...HeapOverflowsForHumans–101

24-10-2010

13 https://web.archive.org/web/201112310609... WhenADoSIsn'tADoS 16-12-2010

14 http://www.vupen.com/blog/20101221.Exim_...

TechnicalAnalysisofExim"string_vformat()"BufferOverflowVulnerability

21-12-2010

15 https://web.archive.org/web/201111090317...

FromPatchtoProof-of-Concept:MS10-081

10-01-2011

16 http://vreugdenhilresearch.nl/ms11-002-p...MS11-002Pwn2Ownheapoverflow

12-01-2011

ITSecurityCatalog

13AnalysisandExploitation(unprivileged)

17 http://www.skullsecurity.org/blog/2011/a... Adeeperlookatms11-058 23-08-2011

18 https://web.archive.org/web/201110070919...HeapOverflowsForHumans–102

02-09-2011

19 http://www.vupen.com/blog/20120117.Advan...

Analysis&AdvancedExploitationofWindowsMultimediaLibraryHeapOverflow(MS12-004)

17-01-2012

20 https://web.archive.org/web/201502190758... HeapOverflowsForHumans104 11-03-2012

21 http://www.vupen.com/blog/20120710.Advan...

AdvancedExploitationofInternetExplorerHeapOverflow(Pwn2Own2012Exploit)

10-07-2012

22 https://community.rapid7.com/community/m...

New0dayExploits:NovellFileReporterVulnerabilities

16-11-2012

23 https://community.rapid7.com/community/m...

NewMetasploitExploit:CrystalReportsViewerCVE-2010-2590

19-12-2012

24 https://www.corelan.be/index.php/2013/02...

RootCauseAnalysis–MemoryCorruptionVulnerabilities

26-02-2013

25 http://blog.binamuse.com/2013/05/readerb...

AdobeReaderBMP/RLEheapcorruption-CVE-2013-2729

14-05-2013

26 http://blog.stalkr.net/2013/06/golang-he...

Golangheapcorruptionduringgarbagecollection

04-06-2013

TheDualUseExploit:CVE-2013-3906Used

ITSecurityCatalog

14AnalysisandExploitation(unprivileged)

27 https://www.fireeye.com/blog/threat-rese... inBothTargetedAttacksandCrimewareCampaigns

07-11-2013

28 http://www.crowdstrike.com/blog/analysis...AnalysisofaCVE-2013-3906Exploit

09-12-2013

29 https://hackerone.com/reports/1356

PHPHeapOverflowVulnerabilityinimagecrop()

06-02-2014

30 http://h30499.www3.hp.com/t5/HP-Security...

TechnicalAnalysisofCVE-2014-1761RTFVulnerability

07-04-2014

31 http://radare.today/technical-analysis-o...

TechnicalAnalysisOfTheGnuTLSHelloVulnerability

01-06-2014

32 http://h30499.www3.hp.com/t5/HP-Security...

ZDI-14-173/CVE-2014-0195-OpenSSLDTLSFragmentOut-of-BoundsWrite:Breakingupishardtodo

05-06-2014

33 http://googleprojectzero.blogspot.de/201...pwn4funSpring2014-Safari-PartI

24-07-2014

34 http://www.vupen.com/blog/20140725.Advan...

AdvancedExploitationofVirtualBox3DAccelerationVMEscapeVulnerability(CVE-2014-0983)

25-07-2014

35 https://fail0verflow.com/blog/2014/hubca...HubCap:pwningtheChromeCastpt.1

29-08-2014

36 https://fail0verflow.com/blog/2014/hubca...HubCap:pwningtheChromeCastpt.2

04-09-2014

37 http://googleprojectzero.blogspot.de/201...

ExploitingCVE-2014-0556inFlash 23-09-2014

ITSecurityCatalog

15AnalysisandExploitation(unprivileged)

Flash

38 http://acez.re/ps-vita-level-1-webkittie... PSVitaLevel1:Webkitties 31-10-2014

39 https://labs.integrity.pt/articles/from-...

FROM0-DAYTOEXPLOIT–BUFFEROVERFLOWINBELKINN750(CVE-2014-1635)

06-11-2014

40 http://blog.beyondtrust.com/cve-2014-182...

CVE-2014-1824–ANewWindowsFuzzingTarget

25-11-2014

41 http://www.openwall.com/lists/oss-securi...GHOST:glibcgethostbynamebufferoverflow

27-05-2015

42 http://www.isightpartners.com/2015/07/mi...

MicrosoftOfficeZero-DayCVE-2015-2424LeveragedByTsarTeam

15-07-2015

43 http://blogs.cisco.com/security/talos/ap...

VulnerabilitySpotlight:AppleQuicktimeCorruptstblAtomRemoteCodeExecution

30-07-2015

44 http://blog.trendmicro.com/trendlabs-sec...

MediaServerTakesAnotherHitwithLatestAndroidVulnerability

17-08-2015

45 https://blog.exodusintel.com/2015/08/13/... 13-08-2015 JordanGruskovnjak

46 http://googleprojectzero.blogspot.de/201... 16-09-2015 MarkBrand

47 http://blog.fortinet.com/post/windows-jo...

WindowsJournalVulnerabilityDisclosedPlusAWeekendBonus

18-09-2015

ExploitingHeapCorruptiondueto

ITSecurityCatalog

16AnalysisandExploitation(unprivileged)

inAndroidlibcutils

Global,staticdataoverrun,and.bssoverrun

Datasegmentcontainsinitializedstaticlocalandglobaldata.BSS(BlockStartedbySymbol)segmentcontainsuninitializedstaticlocalandglobaldata.

Nr URL Description Date Author OS/Arch

1 http://roeehay.blogspot.com/2008/10/grap...

GraphvizBufferOverflowCodeExecution

08-10-2008

RoeeHay -

Formatstringinjection

ITSecurityCatalog

17AnalysisandExploitation(unprivileged)

Nr URL Description Date Author

1 https://docs.google.com/viewer?a=v&pid=e...

Windows2000FormatStringVulnerabilities

01-05-2001

DavidLitchfield

2 http://crypto.stanford.edu/cs155old/cs15...ExploitingFormatStringVulnerabilities

01-09-2001

scut/teamteso

3 https://web.archive.org/web/201012121658...Formatstringexploitationonwindows

02-02-2009

AbyssecInc

4 http://infond.blogspot.com/2010/07/tutor...Tutorialexploitationformatstring

30-07-2010

infond

5 https://docs.google.com/viewer?a=v&pid=e...Formatstrings,from%xtocalc

24-10-2010

mr_me

6 http://www.exploit-monday.com/2011/06/le...

LeveragingformatstringvulnerabilitiestointerrogateWin32processmemory

20-06-2011

MattGraeber

7 http://www.viva64.com/en/b/0129/

Wadenotinunknownwaters.Parttwo

01-02-2012

AndreyKarpov

8 http://www.vnsecurity.net/research/2012/...

ExploitingSudoformatstringvunerability

16-02-2012

longlg

9 https://web.archive.org/web/201211031120...

EIP-2012-0001:Whenwrappingitupgoeswrong…

29-08-2012

exodusintel

IntegerVulnerabilitiesIncludesintegeroverflows,underflows,signednessissues,truncationerrors.

Nr URL Description Date

ITSecurityCatalog

18AnalysisandExploitation(unprivileged)

1 http://blogs.msdn.com/b/oldnewthing/arch... Integeroverflowinthenew[]operator

01-29-2004

2 http://www.fefe.de/intof.html CatchingIntegerOverflowsinC

01-26-2007

3 http://dividead.wordpress.com/2009/06/01... glibctimezoneintegeroverflow

01-06-2009

4 http://roeehay.blogspot.com/2009/06/appl...

AppleQuickTimeImageDescriptionAtomSignExtensionMemoryCorruption

02-06-2009

5 http://site.pi3.com.pl/adv/xpdf.txt

Xpdf-IntegeroverflowwhichcausesheapoverflowandNULLpointerderefernce

06-07-2009

6 http://roeehay.blogspot.com/2009/08/advi...

Advisory:AdobeFlashPlayerandAIRAVM2intf_countIntegerOverflow

02-08-2009

7 https://code.google.com/p/em386/download... CVE-2009-3608-explained

01-10-2009

8 http://site.pi3.com.pl/adv/mod_proxy.txt

Mod_proxyfromapache1.3-Integeroverflowwhichcausesheapoverflow

27-01-2010

9 http://projects.webappsec.org/Integer-Ov... IntegerOverflowsxx-01-2010

10 https://web.archive.org/web/201107221137...

Adelicious,yetslightlycoldbanquettepreparedonthe(jump)table

xx-03-2010(?)

11 https://www.securecoding.cert.org/conflu...

INT32-C.Ensurethatoperationsonsignedintegersdonotresultinoverflow

09-09-2010

12 http://cissrt.blogspot.com/2011/02/cve-2...

CVE-2011-0045:MSWindowsXPWmiTraceMessageVaIntegerTruncationVulnerability

26-02-2011

ITSecurityCatalog

19AnalysisandExploitation(unprivileged)

13 http://scarybeastsecurity.blogspot.de/20...libxmlvulnerabilityandinterestingintegerissues

27-05-2011

14 https://bugzilla.mozilla.org/show_bug.cg...MozillaFirefox4.0.1Array.reduceRight()Vulnerability

14-06-2011

15 https://web.archive.org/web/201201080914...

Exploitingglibc__tzfile_readintegeroverflowtobufferoverflowandvsftpd

13-12-2011

16 https://web.archive.org/web/201201080914...

Moreonexploitingglibc__tzfile_readintegeroverflowtobufferoverflowandvsftpd

15-12-2011

17 http://kqueue.org/blog/2012/01/10/cve-20...CVE-2012-0038:XFSACLcountintegeroverflow

10-01-2012

18 http://www.halfdog.net/Security/2011/Apa... ApacheModSetEnvIfIntegerOverflow

11-01-2012

19 http://gdtr.wordpress.com/2012/02/22/exp...

ExploitingCVE-2011-2371(FFreduceRight)withoutnon-ASLRmodules

22-02-2012

20 http://kqueue.org/blog/2012/04/12/cve-20... CVE-2012-2100:afixtofixafixinext4

12-04-2012

21 http://axtaxt.wordpress.com/2012/07/08/a...AnalysisofCVE-2011-3545(ZDI-11-307)

08-07-2012

22 http://labs.mwrinfosecurity.com/blog/201...

MWRLabsPwn2Own2013Write-up-WebkitExploit

19-04-2013

23 http://www.vupen.com/blog/20130522.Advan...

AdvancedExploitationofInternetExplorer10/Windows8Overflow(Pwn2Own2013)

22-05-2013

24 https://www.corelan.be/index.php/2013/07... RootCauseAnalysis–IntegerOverflows

02-07-2013

25 http://secunia.com/blog/in-memory-of-a-z...Inmemoryofazero-day–MS13-051

01-11-

ITSecurityCatalog

20AnalysisandExploitation(unprivileged)

day–MS13-051 2013

26 http://blog.securitymouse.com/2014/06/ra...RaisingLazarus-The20YearOldBugthatWenttoMars

26-06-2014

27 http://blog.lekkertech.net/blog/2014/07/...LZO,onintegeroverflowsandauditing

02-07-2014

28 http://googleprojectzero.blogspot.de/201...AnalysisandExploitationofanESETVulnerability

23-06-2015

29 http://googleprojectzero.blogspot.fr/201... When‘int’isthenew‘short’

07-07-2015

30 http://blogs.flexerasoftware.com/vulnera...

VulnerabilityinMicrosoft'sUnicodeScriptsProcessorallowsexecutionofarbitrarycode

11-12-2015

NULLpointerissues

ITSecurityCatalog

21AnalysisandExploitation(unprivileged)

Nr URL Description

1 http://www.theregister.co.uk/2007/06/13/...

Embeddedproblems:exploitingNULLpointerdereferences

2 http://searchsecurity.techtarget.com.au/...

Q&A:MarkDowdonNULLpointerdereferencebugs

3 https://web.archive.org/web/20090706021311/http://blogs.iss.net/archive/cve-2008-0017.html...

WhatYouMayHaveMissedAboutCVE-2008-0017:AFirefoxNULLDereferenceBug

4 http://j00ru.vexillium.org/?p=932

CVE-2011-1282:User-ModeNULLPointerDereference&co.

Datatypeconfusion

Nr URL Description

1 http://em386.blogspot.com/2010/12/webkit... WebKitCSSTypeConfusion

2 http://www.vupen.com/blog/20110326.Techn...

TechnicalAnalysisandAdvancedExploitationofAdobeFlash0-Day(CVE-2011-0609)

3 http://blogs.technet.com/b/mmpc/archive/...AnalysisoftheCVE-2011-0611AdobeFlashPlayervulnerabilityexploitation

4 http://secunia.com/blog/210

AdobeFlashPlayer0-dayExploitAnalysis(CVE-2011-

ITSecurityCatalog

22AnalysisandExploitation(unprivileged)

0611)

5 http://www.offensive-security.com/vulnde... CAARCserveCVE-2012-2971

6 http://blogs.technet.com/b/srd/archive/2...ThestoryofMS13-002:Howincorrectlycastingfatpointerscanmakeyourcodeexplode

7 https://www.sektioneins.de/en/blog/14-08...

SPLArrayObject/SPLObjectStorageUnserializationTypeConfusionVulnerabilities

7 http://blog.azimuthsecurity.com/2015/01/...Bl8ckPwn:BlackPhoneSilentTextTypeConfusionVulnerability

9 http://googleprojectzero.blogspot.de/201... ATaleofTwoExploits

10 http://blogs.technet.com/b/mmpc/archive/... Understandingtypeconfusionvulnerabilities:CVE-2015-0336

11 http://googleprojectzero.blogspot.com/20... OnePerfectBug:ExploitingTypeConfusioninFlash

12 http://googleprojectzero.blogspot.de/201... AttackingECMAScriptEngineswithRedefinition

ITSecurityCatalog

23AnalysisandExploitation(unprivileged)

Objectlifetimeissues

Use-after-free

Nr URL Description

1 https://www.blackhat.com/presentations/b... DanglingPointer-SmashingthePointerforFunandProfit

2 http://grey-corner.blogspot.com/2010/01/...HeapSprayExploitTutorial:InternetExplorerUseAfterFreeAuroraVulnerability

3 http://d0cs4vage.blogspot.com/2011/06/in...Insecticidesdon'tkillbugs,PatchTuesdaysdo(use-after-free)

4 http://www.exploit-monday.com/2011/07/po...Post-mortemAnalysisofaUse-After-FreeVulnerability(CVE-2011-1260)

5 http://blogs.norman.com/2011/malware-det... DragandDropVulnerabilityinMS11-050

6 http://picturoku.blogspot.com/2011/08/di... Diariesofavulnerability:UnderstandingCVE-2011-1260

7 http://picturoku.blogspot.com/2011/09/di...Diariesofavulnerability-take2:Stage1exploit-ControllingEIP

8 http://picturoku.blogspot.com/2011/11/di...Diariesofavulnerability-take3:Prayafterfreeanduseafterpray

9 https://community.qualys.com/blogs/secur... MS11-077:FromPatchtoProof-of-Concept

10 http://www.vupen.com/blog/20120110.Techn...

TechnicalAnalysisofProFTPDResponsePoolRemoteUse-after-free(CVE-2011-4130)-PartI

11 http://www.vupen.com/blog/20120116.Advan...

AdvancedExploitationofProFTPDResponsePoolUse-after-free(CVE-2011-4130)-PartII

12 http://ifsec.blogspot.com/2012/02/reliab...,PoC

ReliableWindows7Exploitation:ACaseStudy

ITSecurityCatalog

24AnalysisandExploitation(unprivileged)

13 http://dvlabs.tippingpoint.com/blog/2012... Pwn2OwnChallenges:Heapspraysareforthe99%

14 http://www.vupen.com/blog/20120625.Advan...AdvancedExploitationofMozillaFirefoxUse-after-freeVulnerability(MFSA2012-22)

15 http://blog.exodusintel.com/2013/01/02/h... HappyNewYearAnalysisofCVE-2012-4792

16 http://scarybeastsecurity.blogspot.de/20... Exploiting64-bitLinuxlikeaboss

17 http://securityintelligence.com/use-afte...Use-after-frees:Thatpointermaybepointingtosomethingbad

18 http://blog.trailofbits.com/2013/05/20/w... WritingExploitswiththeElderwoodKit(Part2)

19 https://securityintelligence.com/cve-201...

CVE-2013-1347:MicrosoftInternetExplorerCGenericElementobjectUse-After-FreeVulnerability

20 http://blogs.technet.com/b/srd/archive/2...ThestoryofMS13-002:Howincorrectlycastingfatpointerscanmakeyourcodeexplode

21 http://h30499.www3.hp.com/t5/blogs/bloga...CVE-2013-3112:FromNULLtoControl-Persistencepaysoffwithcrashes

22 http://cyvera.com/cve-2013-3893-analysis... CVE-2013-3893–ANALYSISOFTHENEWIE0-DAY

23 http://cyvera.com/cve-2013-3897-analysis... CVE-2013-3897–ANALYSISOFYETANOTHERIE0-DAY

24 http://blog.spiderlabs.com/2013/10/anoth... AnotherDay,SpiderLabsDiscoversAnotherIEZero-Day

25 http://blog.spiderlabs.com/2013/10/ie-ze...TheTechnicalAspectsofExploitingIEZero-DayCVE-2013-3897

26 http://nakedsecurity.sophos.com/2013/10/...Anatomyofanexploit-insidetheCVE-2013-3893Internet

ITSecurityCatalog

25AnalysisandExploitation(unprivileged)

Explorerzero-day-Part1

27 http://nakedsecurity.sophos.com/2013/10/...Anatomyofanexploit-insidetheCVE-2013-3893InternetExplorerzero-day-Part2

28 http://blog.exodusintel.com/2013/11/26/b... Abrowserisonlyasstrongasitsweakestbyte

29 http://www.fireeye.com/blog/technical/cy... CVE-2013-3346/5065TechnicalAnalysis

30 http://blog.exodusintel.com/2013/12/09/a... Abrowserisonlyasstrongasitsweakestbyte-Part2

31 http://carterjones.logdown.com/posts/201... CVE-2014-0301Analysis

32 http://vrt-blog.snort.org/2014/05/anatom... Anatomyofanexploit:CVE2014-1776

33 http://www.cyphort.com/blog/dig-deeper-i...DigdeeperintotheIEVulnerability(CVE-2014-1776)exploit

34 http://h30499.www3.hp.com/t5/HP-Security...Double-Dip:UsingthelatestIE0-daytogetRCEandanASLRBypass

35 http://h30499.www3.hp.com/t5/HP-Security...ThemechanismbehindInternetExplorerCVE-2014-1776exploits

36 http://www.vupen.com/blog/20140520.Advan...AdvancedExploitationofMozillaFirefoxUse-After-FreeVulnerability(Pwn2Own2014)

37 http://blog.trendmicro.com/trendlabs-sec...“Gifts”FromHackingTeamContinue,IEZero-DayAddedtoMix

RootCauseAnalysisofCVE-

ITSecurityCatalog

26AnalysisandExploitation(unprivileged)

38 http://blog.trendmicro.com/trendlabs-sec... 2014-1772–AnInternetExplorerUseAfterFreeVulnerability

39 http://googleprojectzero.blogspot.de/201...ExploitingNVMAPtoescapetheChromesandbox-CVE-2014-5332

40 https://www.trustwave.com/Resources/Spid...ANewZero-DayofAdobeFlashCVE-2015-0313ExploitedintheWild

41 http://blog.trendmicro.com/trendlabs-sec... AnalyzingCVE-2015-0313:TheNewFlashPlayerZeroDay

42 https://blog.coresecurity.com/2015/04/13...AnalysisofAdobeFlashPlayersharedByteArrayUse-After-FreeVulnerability

43 http://labs.bromium.com/2015/07/07/adobe... AdobeFlashZeroDayVulnerabilityExposedtoPublic

44 http://blog.vectranetworks.com/blog/micr... MicrosoftInternetExplorer11Zero-day

45 http://blog.ropchain.com/2015/07/27/anal... AnalyzingVUPEN’sCVE-2012-1856

46 http://www.securityfocus.com/archive/1/5...

BFS-SA-2015-001:InternetExplorerCTreeNode::GetCascadedLangUse-After-FreeVulnerability

47 https://cxsecurity.com/issue/WLB-2015080... OpenSSH6.9p1AuthenticationBypass/Use-After-Free

48 https://labs.portcullis.co.uk/blog/cve-2...CVE-2015-5119FlashByteArrayUaF:Abeginner’swalkthrough

49 https://www.nccgroup.trust/uk/our-resear...ExploitingCVE-2015-1642MicrosoftOfficeCTaskSymbolUse-After-FreeVulnerability

50 https://www.nccgroup.trust/uk/our-resear... ExploitingCVE-2014-0282

51https://www.fireeye.com/blog/threat-rese...,https://www.fireeye.com/content/dam/... TheEPSAwakens

ITSecurityCatalog

27AnalysisandExploitation(unprivileged)

https://www.fireeye.com/content/dam/...

Double-free

Nr URL Description Date Author

1 http://www.symantec.com/connect/blogs/do...,http://www.symantec.com/connect/blogs/do...

DoubleFreeVulnerabilities

19/22-01-2007

Article

2 http://blog.spiderlabs.com/2014/03/deep-...

DeepAnalysisofCVE-2014-0502–ADoubleFreeStory

12-03-2014

BenHayak

Raceconditions

Nr URL Description Date Author

1 http://cecs.wright.edu/~pmateti/Internet...RaceConditionExploits

xx-xx-2012

PrabhakerMateti

Non-memory-corruptionissues

Accesscontrolandpermissionproblems

ITSecurityCatalog

28AnalysisandExploitation(unprivileged)

Nr URL Description Date

1 http://blog.zx2c4.com/749LinuxLocalPrivilegeEscalationviaSUID/proc/pid/memWrite

21-01-2012

2 http://googleprojectzero.blogspot.de/201... Didthe“ManWithNoName”FeelInsecure?

20-08-2014

3 http://googleprojectzero.blogspot.de/201...InternetExplorerEPMSandboxEscapeCVE-2014-6350

01-12-2014

4 http://blog.trendmicro.com/trendlabs-sec...

EscapingtheInternetExplorerSandbox:AnalyzingCVE-2014-6349

03-12-2014

5 http://blog.trendmicro.com/trendlabs-sec...CVE-2015-0016:EscapingtheInternetExplorerSandbox

27-01-2015

6 https://truesecdev.wordpress.com/2015/07/... Exploitingrootpipeagain

01-07-2015

7 https://www.sektioneins.de/en/blog/15-07-...

OSX10.10DYLD_PRINT_TO_FILELocalPrivilegeEscalationVulnerability

07-07-2015

8 http://h30499.www3.hp.com/t5/HP-Security-...

Adobe'sCVE-2015-5090-UpdatingtheUpdatertobecomethebossman

16-07-2015

ImplementationErrors

ITSecurityCatalog

29AnalysisandExploitation(unprivileged)

Nr URL Description Date Author

1 http://www.saurik.com/id/17Exploit(&Fix)Android"MasterKey"

xx-07-2013

JayFreeman(saurik)

2 http://www.contextis.com/resources/blog/...

EXPRESSINGYOURSELF:ANALYSISOFADOTNETELEVATIONOFPRIVILEGEVULNERABILITY

17-12-2013

JamesForshaw

3 http://security.coverity.com/blog/2014/N...

EricLippertDissectsCVE-2014-6332,a19year-oldMicrosoftbug

14-11-2014

EricLippert

4 http://researchcenter.paloaltonetworks.c...AddressingCVE-2014-6332SWFExploit

26-11-2014

AlonLivne

5 https://community.rapid7.com/community/me...

R7-2015-04Disclosure:MozillaFirefoxProxyPrototypeRCE(CVE-2014-8636)

23-03-2015

TodBeardsley

6 https://securityintelligence.com/one-clas...

OneClasstoRuleThemAll:NewAndroidSerializationVulnerabilityGivesUnderprivilegedAppsSuperStatus

10-08-2015

OrPeles,RoeeHay

7 http://rotlogix.com/2015/08/22/remote-cod...

RemoteCodeExecutioninDolphinBrowserforAndroid

22-08-2015

rotlogix

8 http://googleprojectzero.blogspot.de/2015...

FireEyeExploitation:ProjectZero’sVulnerabilityoftheBeast

15-12-2015

TavisOrmandy

9 https://blog.coresecurity.com/2015/12/09/...ExploitingWindowsMediaCenter

09-12-2015

FranciscoFalcón

ITSecurityCatalog

30AnalysisandExploitation(unprivileged)

Informationleakage

Nr URL Description Date Author

1 http://blog.binamuse.com/2014/09/coregra...

CoreGraphicsInformationDisclosure-CVE-2014-4378

18-09-2014

binamuse.com

2 http://googleprojectzero.blogspot.de/201...

EnablingQRcodesinInternetExplorer,orastoryofacross-platformmemorydisclosure

14-09-2015

Mateusz(j00ru)Jurczyk

Uninitializedmemory

Nr URL Description Date Author

1 http://www.vupen.com/blog/20120717.Advan...

AdvancedExploitationofIEMSXMLRemoteUninitializedMemory(MS12-043/CVE-2012-1889)

17-07-2012

NicolasJoly

2 http://immunityproducts.blogspot.de/2013...

AdobeXFAexploitsforall!FirstPart:TheInfo-leak

24-06-2013

NicoWaisman

3 http://labs.portcullis.co.uk/blog/cve-20...

CVE-2013-0640:AdobeReaderXFAoneOfChildUn-initializedmemory

26-09-2013

MTB

ITSecurityCatalog

31AnalysisandExploitation(unprivileged)

vulnerability(part1)

4 http://labs.portcullis.co.uk/blog/cve-20...

CVE-2013-0640:AdobeReaderXFAoneOfChildUn-initializedmemoryvulnerability(part2)

15-10-2013

MTB

5 http://ifsec.blogspot.de/2013/11/exploit...

ExploitingInternetExplorer1164-bitonWindows8.1Preview

06-11-2013

IvanFratric

6 https://labs.mwrinfosecurity.com/system...

MicrosoftOfficeUninitialisedMemoryUseVulnerability

25-06-2015

YongChuan,Koh

7 http://sourceincite.com/2015/11/16/ms15-...

MS15-116–PARSETHE[POINT]EROFNORETURN

16-11-2015

Steven

8 https://www.blackhat.com/docs/eu-15/mate...

HeyMan,HaveYouForgottentoInitializeYourMemory?

xx-xx-2015

Qihoo360VulcanTeam

Logicerrors

ITSecurityCatalog

32AnalysisandExploitation(unprivileged)

Nr URL Description Date Author OS/Arch

1 https://code.google.com/p/google-securit...

Flashlogicerrorinbytecodeverifier

15-09-2014

IanBerr -

2 http://h30499.www3.hp.com/t5/HP-Security...

TechnicalanalysisoftheSandWormVulnerability(CVE-2014-4114)

20-10-2014

MattOh Windows

3 https://blogs.mcafee.com/mcafee-labs/byp...

BypassingMicrosoft’sPatchfortheSandwormZeroDay:aDetailedLookattheRootCause

11-11-2014

HaifeiLi Windows

4 https://blogs.mcafee.com/mcafee-labs/byp...

BypassingMicrosoft’sPatchfortheSandwormZeroDay:Even‘Editing’CanCauseHarm

12-11-2014

HaifeiLi Windows

5 https://www.fireeye.com/blog/threat-rese...

CVE-2015-0097ExploitedintheWild

30-07-2015

SudeepSingh,KennethHsu

Windows

6 https://github.com/QubesOS/qubes-secpack...

CriticalXenbuginPVmemoryvirtualizationcode(XSA148)

29-10-2015

TheQubesSecurityTeam

XEN

Chainedandmultiplebugs

Chainedbugs

ITSecurityCatalog

33AnalysisandExploitation(unprivileged)

Nr URL Description Date Author

1 http://blog.chromium.org/2012/05/tale-of...ATaleofTwoPwnies(Part1)

22-05-2012

JorgeLucangeliObes,JustinSchuh

2 http://blog.chromium.org/2012/06/tale-of...ATaleOfTwoPwnies(Part2)

11-06-2012

KenBuchanan,ChrisEvans,CharlieReis,TomSepez

3 https://web.archive.org/web/201408191742... PostpwniumWriteup

11-06-2013

Ralf-PhilippWeinmann

4 https://web.archive.org/web/201502091121...

HowImetFirefox:Ataleaboutchainedvulnerabilities

02-10-2013

Sebastian

5 http://blog.trendmicro.com/trendlabs-sec...

AKillerCombo:CriticalVulnerabilityand‘Godmode’ExploitationonCVE-2014-6332

13-11-2014

WeiminWu

6 http://researchcenter.paloaltonetworks.c...

GoogleChromeExploitation–ACaseStudy

14-12-2014

AlonLivne

7 http://newosxbook.com/articles/28DaysLat...28DaysLater-TaiG2(Partthe1st)

23-07-2015

JonathanLevin

ITSecurityCatalog

34AnalysisandExploitation(unprivileged)

Multiplebugs

Nr URL Description Date Author

1 http://www.cis.syr.edu/~wedu/Teaching/Co...

Buffer-OverflowVulnerabilitiesandAttacks

??? KevinDu

2 https://lock.cmpxchg8b.com/sophailv2.pdf

Sophail:AppliedattacksagainstSophosAntivirus

xx-10-2012

TavisOrmandy

3 http://kqueue.org/blog/2012/03/05/memory...

Memoryallocatorsecurityrevisited

05-03-2012

XiWang

4 http://antid0te.com/syscan_2013/SyScan20...

MountainLion/iOSVulnerabilitiesGarageSale

24-04-2013

StefanEsser

5 http://blog.azimuthsecurity.com/2013/06/...

AttackingCryptoPhones:WeaknessesinZRTPCPP

27-06-2013

MarkDowd

6 http://seclists.org/fulldisclosure/2014/...

Informationonrecently-fixedOracleVMVirtualBoxvulnerabilities

07-02-2014

MatthewDaley

7 http://googleprojectzero.blogspot.de/201...

Findingandexploitingntpdvulnerabilities

02-0-1-2015

StephenRöttger

SAPLZC

ITSecurityCatalog

35AnalysisandExploitation(unprivileged)

8 http://www.coresecurity.com/advisories/s... CompressionMultipleVulnerabilities

05-2015

coresecurity

9 http://googleprojectzero.blogspot.de/201...

OwningInternetPrinting-ACaseStudyinModernSoftwareExploitation

19-06-2015

NeelMehta

10 https://docs.google.com/document/d/1sIYg...

EscapingVMwareWorkstationthroughCOM1

07-09-2015

KostyaKortchinsky

ArbitrarydatamanipulationSomeprimitivesdon'tnecessarilycomefromstackorheapoverrunsorwhatever--theremaybemoreexoticsituationswhichproduceunexpectedprogramflow.

ITSecurityCatalog

36AnalysisandExploitation(unprivileged)

Nr URL Description Date Author

1 http://dvlabs.tippingpoint.com/blog/2009...

ExploitingMSAdvisory971778:QuickTimeDirectShow

28-05-2009

AaronPortnoy

2 http://www.offensive-security.com/vulnde... MS11-080–AVoyageintoRingZero

06-12-2011

offensive-security.com

3 http://blog.azimuthsecurity.com/2013/02/... Re-visitingtheExynosMemoryMappingBug

14-02-2013

DanRosenberg

4 https://www.sektioneins.de/advisories/ad...

Advisory01/2013:PHPopenssl_x509_parse()MemoryCorruptionVulnerability

13-12-2013

StefanEsser

5 http://h30499.www3.hp.com/t5/HP-Security...

TechnicalAnalysisofCVE-2014-0515AdobeFlashPlayerExploit

21-05-2014

MattOh

6 http://googleprojectzero.blogspot.de/201...

Onefontvulnerabilitytorulethemall#1:IntroducingtheBLENDvulnerability

31-07-2015

Mateusz(j00ru)Jurczyk

7 http://googleprojectzero.blogspot.de/201...

Onefontvulnerabilitytorulethemall#2:AdobeReaderRCEexploitation

06-08-2015

Mateusz(j00ru)Jurczyk

GeneralArticles,blogs,commentsonvulnerabilitiesandtheirexploitationwhicharehardtofindcategoryfor.

ITSecurityCatalog

37AnalysisandExploitation(unprivileged)

Nr URL Description Date

1 https://www.sans.org/reading-room/whitep... BufferOverflowsforDummies

01-05-2002

2 http://www.viva64.com/en/a/0046/ Safetyof64-bitcode06-08-2009

3 http://www.matasano.com/research/NaCl_Su... NaClContest-Summaryoffindings

xx-xx-2009

4 http://code.google.com/p/chromium/issues...Pwnium1.3-anexploitforanintegeroverflowinWebGLUnsignedIntArray.

01-03-2010

5 http://www.exploit-db.com/wp-content/themes/exploit/docs/16151.pdf

ExploitingARMLinuxSystems

31-01-2011

6 https://www.virusbtn.com/virusbulletin/a...

VB2014paper:UbiquitousFlash,ubiquitousexploits,ubiquitousmitigation

01-01-2015

7 http://www.ma.rhul.ac.uk/static/techrep/20...BufferOverflowsintheMicrosoftWindows®Environment

16-02-2015

8 http://matthias.vallentin.net/course-work/... OntheEvolutionofBufferOverows

20-05-2015

9 http://googleprojectzero.blogspot.de/201...Whatisa"good"memorycorruptionvulnerability?(Part1/4)

26-06-2015

10 http://blogs.technet.com/b/srd/archive/20... TriagingtheexploitabilityofIE/EDGEcrashes

12-01-2016

ITSecurityCatalog

38AnalysisandExploitation(unprivileged)

Buganalysisandexploitation(privileged)Bugandexploitanalysisanddevelopmentforsoftwarerunninginring0.

Bufferoverflows

Stack-basedbufferoverrun

Stackbufferoverrun

Nr URL Description Date Author OS/Arch

1 http://sysc.tl/2009/07/04/cve-2008-3531-...

CVE-2008-3531:FreeBSDkernelstackoverflowexploitdevelopment

04-07-2009

Patroklos(argp)Argyroudis

FreeBSD

2 http://blog.0x80.org/kernel-stack-overfl...

Kernelstackoverflows(basics)

18-01-2013

EssaAlkuwari Linux

Stackoverflow

Nr URL Description Date Author

1 http://jon.oberheide.org/blog/2010/11/29...

ExploitingStackOverflowsintheLinuxKernel

29-11-2010

JonOberheide

Heap/Pool-basedbufferoverrun

Out-of-boundsread/write

ITSecurityCatalog

39AnalysisandExploitation(privileged)

Nr URL Description Date Author

1 http://blog.coresecurity.com/2011/08/24/...

Lookingbehindthecurtain:Makingexploitsworkliketheydointhemovies...

24-08-2011

NicolasEconomou

2 http://labs.portcullis.co.uk/blog/cve-20...

CVE-2013-5065:NDProxyarrayindexingerrorunpatchedvulnerability

06-12-2013

MTB

3 http://blog.includesecurity.com/2014/03/...

Howtoexploitthex32recvmmsg()kernelvulnerabilityCVE2014-0038

06-03-2014

?

4 http://blog.talosintel.com/2015/10/dange...

DANGEROUSCLIPBOARD:ANALYSISOFTHEMS15-072PATCH

20-10-2015

MarcinNoga,JaesonSchultz

Off-by-oneerrors

Nr URL Description Date Author

1 http://blog.coresecurity.com/2012/05/10/...

THEBIGTRICKBEHINDEXPLOITMS12-034

10-05-2012

NicolasEconomou

2 http://poppopret.org/2013/11/20/csaw-ctf...

CSAWCTF2013KernelExploitationChallenge

20-11-2013

MichaelCoppola

Heap/Poolbufferoverrun

Nr URL Description Date Author

Linux04-

ITSecurityCatalog

40AnalysisandExploitation(privileged)

1 http://isec.pl/papers/linux_kernel_do_br... Kerneldo_brk()Vulnerability

12-2003

http://isec.pl/

2 https://web.archive.org/web/201205160320...

Thestoryofexploitingkmalloc()overflows

20-09-2005

Sebastian(qobaiashi)Haase

3 http://jon.oberheide.org/blog/2010/09/10...

LinuxKernelCANSLUBOverflow

27-11-2010

JonOberheide

4 http://vsecurity.com/download/papers/slo...

AHeapofTrouble:BreakingtheLinuxKernelSLOBAllocator

22-01-2012

DanRosenberg

5 http://blog.ptsecurity.com/2013/02/surpr...

SurpriseforNetworkResourcesfromkernel32(MS12-081,DetailedAnalysisofVulnerabilityinMicrosoftFileHandlingComponent)

11-02-2013

KirillNesterov

6 https://labs.mwrinfosecurity.com/blog/20...

MWRLabsPwn2Own2013Write-up-KernelExploit

06-09-2013

mwrinfosecurity.com

7 http://resources.infosecinstitute.com/ex...

ExploitingLinuxKernelHeapCorruptions(SLUBAllocator)

19-11-2013

MohammedGhannam

8 http://doar-e.github.io/blog/2014/03/11/...

FirstDipIntotheKernelPool:MS10-058

11-03-2014

Jeremy(__x86)Fetiveau

ITSecurityCatalog

41AnalysisandExploitation(privileged)

9 http://blogs.flexerasoftware.com/vulnera... YetAnotherWindowsGDIStory

22-04-2015

HosseinLotfi

Integerissues

Nr URL Description Date

1 https://media.blackhat.com/bh-us-11/Esse... ExploitingtheiOSKernel

13-07-2011

StefanEsser

2 http://esec-lab.sogeti.com/post/Analysis...Analysisofthejailbreakmev3fontexploit

18-07-2011

jean

3 https://web.archive.org/web/201402090016... CVE-2012-0148:ADeepDiveIntoAFD

17-02-2012

Tarjei(kernelpool)Mandt

4 https://web.archive.org/web/201308171134...

sd@fucksheep.org'ssemtex.c:LocalLinuxrootexploit,2.6.37-3.8.8inclusive(and2.6.32onCentOS)0-day

15-05-2013

spender

5 http://timetobleed.com/a-closer-look-at-...

AcloserlookatarecentprivilegeescalationbuginLinux(CVE-2013-2094)

20-05-2013

JoeDamato

6 https://www.blackhat.com/docs/us-14/mate...

QSEETrustZoneKernelIntegerOverflowVulnerability

01-07-2014

DanRosenberg

7 http://randomthoughts.greyhats.it/2014/1...MacOSXlocalprivilegeescalation(IOBluetoothFamily)

30-10-2014

RobertoPaleari,joystick

8 http://blog.beyondtrust.com/the-delicate...

TheDelicateArtofRemoteChecks–AGlanceIntoMS15-034

15-04-2015

BillFinlayson

9 https://blog.sucuri.net/2015/04/website-...CriticalMicrosoftIISVulnerabilityLeadstoRCE(MS15-034)

16-04-2015

RafaelCapovilla

ITSecurityCatalog

42AnalysisandExploitation(privileged)

10 http://www.securitysift.com/an-analysis-... AnAnalysisOfMS15-0341

18-04-2015

MikeCzumak

11 https://community.qualys.com/blogs/secur...MS15-034AnalysisAndRemoteDetection

20-04-2015

SesWang

12 https://blog.coresecurity.com/2015/09/17...

MS15-083–MicrosoftWindowsSMBMemoryCorruptionVulnerability

17-09-2015

NicolasEconomou

13 http://theroot.ninja/disclosures/TRUSTNO... TRUSTNONE28-11-2015

SeanBeaupre

14 http://hmarco.org/bugs/CVE-2015-8370-Gru...

Backto28:Grub2Authentication0-Day

14-12-2015

HectorMarco,IsmaelRipoll

NULLpointerissues

Nr URL Description Date Author

1 http://blog.ksplice.com/2010/04/exploiti...

MuchadoaboutNULL:ExploitingakernelNULLdereference

13-04-2010

nelhage

2 http://j00ru.vexillium.org/?p=1272

IntroducingtheUSBStickofDeath

21-10-2012

Mateusz(j00ru)Jurczyk

3 http://endgame.com/news/microsoft-win32k...

MicrosoftWin32kNULLPageVulnerabilityTechnicalAnalysis

xx-10-2013

DanZentner

4 http://immunityproducts.blogspot.de/2013...

ExploitingCVE-2013-3881:AWin32kNULLPageVulnerability

04-11-2013

NicolasWaisman

ITSecurityCatalog

43AnalysisandExploitation(privileged)

5 http://blog.spiderlabs.com/2013/12/the-k...

TheKerneliscallingazero(day)pointer–CVE-2013-5065–RingRing

11-12-2013

BenHayak

6 http://blog.trendmicro.com/trendlabs-sec...

AnAnalysisofAWindowsKernel-ModeVulnerability(CVE-2014-4113)

19-10-2014

WeiminWu

7 https://www.codeandsec.com/CVE-2014-4113...

CVE-2014-4113DetailedVulnerabilityandPatchAnalysis

24-10-2014

?

8 http://www.exploit-db.com/docs/35937.pdf...

AnalysisofCVE-2014-4113

xx-10-2014

RonnieJohndas

9 http://www.jodeit.org/research/Exploitin...

ExploitingCVE-2014-4113onWindows8.1

31-10-2014

MoritzJodeit

10 http://blog.qwertyoruiop.com/?p=69

Aboutthe“tpwn”LocalPrivilegeEscalation

01-09-2015

Adam(@jk9357)

11 http://istuarysec.blogspot.ca/2015/09/cve...

CVE-2015-5275(WhiteheatUSB-SerialDrivervulnerability)

17-09-2015

MoeinGhasemzadeh

Datatypeconfusion

ITSecurityCatalog

44AnalysisandExploitation(privileged)

Nr URL Description Date Author

1 https://code.google.com/p/google-securit...

Windows:NtCreateTransactionManagerTypeConfusionElevationofPrivilege

30-01-2015

JamesForshaw

Objectlifetimeissues

Use-after-free

Nr URL Description

1 http://www.vupen.com/blog/20101018.Stuxn...TechnicalAnalysisoftheWindowsWin32K.sysKeyboardLayoutStuxnetExploit

2 http://j00ru.vexillium.org/?p=893CVE-2011-1281:AstoryofaWindowsCSRSSPrivilegeEscalationvulnerability

3 http://j00ru.vexillium.org/?p=1479CVE-2012-2553:WindowsKernelVDMuse-after-freeinwin32k.sys

4 https://www.nccgroup.trust/uk/about-us/n...

Exploitingthewin32k!xxxEnableWndSBArrowsuse-after-free(CVE-2015-0057)bugonboth32-bitand64-bit

5 http://breakingmalware.com/vulnerabilitie... ClassDismissed:4Use-After-FreeVulnerabilitiesinWindows

6 https://www.nccgroup.trust/us/about-us/ne...ExploitingMS15-061Use-After-FreeWindowsKernelVulnerability

7 http://hdwsec.fr/blog/CVE-2015-0057.html [MS15-010/CVE-2015-0057]Exploitation

8 https://www.fireeye.com/content/dam/firee...

CVE-2015-2546–tagPOPUPMENUUse-After-Free(UAF)PrivilegeEscalationExploit

9 https://cyseclabs.com/page?n=02012016 CVE-2014-2851group_infoUAFExploitation

ITSecurityCatalog

45AnalysisandExploitation(privileged)

Double-free

Nr URL Description Date Author

1 http://www.siberas.de/papers/Pwn2Own_201...

Pwn2Own2014-AFD.SYSDANGLINGPOINTERVULNERABILITY

11-07-2014

SebastianApelt

2 https://web.archive.org/web/201411212105...

CVE-2014-1767Afd.sysdouble-freevulnerabilityAnalysisandExploit

19-11-2014

0x710DDDD

Raceconditions

Nr URL Description Date Author

1 http://blog.includesecurity.com/2014/06/...

ExploitingCVE-2014-0196awalk-throughoftheLinuxptyraceconditionPoC

03-06-2014

SamuelGroß

2 https://web.archive.org/web/201503280116...

CVE-2014-4699:LinuxKernelptrace/sysretvulnerabilityanalysis

21-07-2014

VitalyNikolenko

3 https://www.insinuator.net/2015/12/xen-x...

XenXSA155:Doublefetchesinparavirtualizeddevices

17-12-2015

FelixWilhelm

Non-memory-corruptionissues

AccessControl/PermissonIssues

ITSecurityCatalog

46AnalysisandExploitation(privileged)

Nr URL Description Date Author

1 http://labs.portcullis.co.uk/blog/in-the...

Inthelab,poppingCVE-2013-2171forFreeBSD9.0…

11-12-2013

TMB

2 https://github.com/stealth/troubleshooter troubleshooter02-04-2015

stealth

3 http://googleprojectzero.blogspot.de/201... In-Console-Able

04-05-2015

JamesForshaw

4 http://googleprojectzero.blogspot.de/201...BetweenaRockandaHardLink

04-12-2015

JamesForshaw

ImplementationErrors

I.e.failingtoperformsufficientvalidation,improperdatahandling,etc.

ITSecurityCatalog

47AnalysisandExploitation(privileged)

Nr URL Description Date Author OS/Arch

1 http://blog.azimuthsecurity.com/2013/02/...

FromUSRtoSVC:Dissectingthe'evasi0n'KernelExploit

13-02-2013

TarjeiMandt iOS

2 http://researchcenter.paloaltonetworks.c...

CVE-2014-7911–ADeepDiveAnalysisofAndroidSystemServiceVulnerabilityandExploitation

06-01-2015

YaronLavi,NadavMarkus

Android

3 http://blog.trendmicro.com/trendlabs-sec...

ExploringCVE-2015-1701—AWin32kElevationofPrivilegeVulnerabilityUsedinTargetedAttacks

22-05-2015

JackTang Windows

4 http://googleprojectzero.blogspot.co.uk/...

WindowsDriversareTrue’lyTricky

15-10-2015

JamesForshaw Windows

Informationleakage

Nr URL Description Date Author

1 http://sysexit.wordpress.com/2014/11/12/...

ANALYSISOFCVE-2014-8476:AFREEBSDKERNELMEMORYDISCLOSUREVULNERABILITY

12-11-2014

fdfalcon

Uninitializedmemory

ITSecurityCatalog

48AnalysisandExploitation(privileged)

Nr URL Description Date Author OS/Arch

1 http://esec-lab.sogeti.com/posts/2010/12...

CVE-2010-3830-iOS<4.2.1packetfilterlocalkernelvulnerability

18-12-2010

Jean iOS<4.2.1

2 http://j00ru.vexillium.org/blog/20_05_12...

ThestoryofCVE-2011-2018exploitation

xx-04-2012

Mateusz(j00ru)Jurczyk

Windows,x86-32

3 http://seclists.org/fulldisclosure/2013/...

exploitationideasundermemorypressure

17-05-2013

TavisOrmandy Windows

SpecificbugsHardwarebugsoronesthatdonotfallintoothercategories.

Nr URL Description Date Author

1 http://fail0verflow.com/blog/2012/cve-20...

CVE-2012-0217:Intel'ssysretKernelPrivilegeEscalation(onFreeBSD)

05-07-2012

iZsh

2 https://media.blackhat.com/bh-us-12/Brie...

StitchInTimeSavesNine:AStitchInTimeSavesNine:ACaseOfMultipleOSVulnerability

25-07-2012

RafalWojtczuk

3 http://www.vupen.com/blog/20120806.Advan...

AdvancedExploitationofWindowsKernelIntel64-BitModeSysretVulnerability(MS12-042)

06-08-2012

JordanGruskovnjak

4 http://www.vupen.com/blog/20120904.Advan...

AdvancedExploitationofXenHypervisorSysretVMEscape

04-09-2012

MatthieuBonetti

ITSecurityCatalog

49AnalysisandExploitation(privileged)

Vulnerability

5 http://blog.coresecurity.com/2013/04/01/...

MS13-017–THEHARMLESSSILENTPATCH…

01-04-2013

NicolasEconomou

6 http://blog.azimuthsecurity.com/2013/04/...UnlockingtheMotorolaBootloader

08-04-2013

DanRosenberg

7 https://web.archive.org/web/201411081027... DisARMingtheiOSkernel

30-05-2014

winocm

8 https://hackerone.com/reports/13388 LinuxPIfutexself-requeuebug

19-06-2014

comex

9 http://tinyhack.com/2014/07/07/exploitin...

ExploitingtheFutexBuganduncoveringTowelroot

07-07-2014

YohanesNugroho

10 http://blog.nativeflow.com/the-futex-vul... TheFutexVulnerability

11-09-2014

DanyZatuchna

11 http://www.icewall.pl/?p=680&lang=en StoryaboutMS14-063

25-10-2014

icewall

12 http://googleprojectzero.blogspot.de/201...pwn4funSpring2014-Safari-PartII

24-11-2014

IanBerr

13 http://labs.bromium.com/2015/02/02/explo...

Exploiting“BadIRET”vulnerability(CVE-2014-9322,Linuxkernelprivilegeescalation)

02-02-2015

RafalWojtczuk

14 http://blog.cr4.sh/2015/02/exploiting-ue...ExploitingUEFIbootscripttablevulnerability

06-02-2015

Dmytro(Cr4sh)Oleksiuk

14 http://bits-please.blogspot.gr/2015/08/a...

Androidlinuxkernelprivilegeescalationvulnerabilityandexploit(CVE-

16-08-2015

laginimaineb

ITSecurityCatalog

50AnalysisandExploitation(privileged)

2014-4322)

15 http://perception-point.io/2016/01/14/an...

ANALYSISANDEXPLOITATIONOFALINUXKERNELVULNERABILITY(CVE-2016-0728)

14-01-2016

PerceptionPointResearchTeam

ChainedandMultipleBugs

Nr URL Description Date Author

1 http://sill0t3.blogspot.in/2015/06/window...

WindowsKernelExploitationUsingHackSys

03-06-2015

sill0t3

2 http://blog.quarkslab.com/kernel-vulnerab...

KernelVulnerabilitiesintheSamsungS4

21-09-2015

JonathanSalwan

ArbitrarydatamanipulationSomeprimitivesdon'tnecessarilycomefromstackorheapoverrunsorwhatever--theremaybemoreexoticsituationswhichproduceunexpectedprogramflow.

ITSecurityCatalog

51AnalysisandExploitation(privileged)

Nr URL Description Date Author

1 http://googleprojectzero.blogspot.de/201...

Onefontvulnerabilitytorulethemall#3:Windows8.132-bitsandboxescapeexploitation

13-08-2015

Mateusz(j00ru)Jurczyk

2 http://bits-please.blogspot.gr/2015/08/f...

FullTrustZoneexploitforMSM8974

10-08-2015

laginimaineb

3 http://googleprojectzero.blogspot.de/201...

Onefontvulnerabilitytorulethemall#4:Windows8.164-bitsandboxescapeexploitation

21-08-2015

Mateusz(j00ru)Jurczyk

4 http://bits-please.blogspot.de/2015/08/a...

Androidlinuxkernelprivilegeescalation(CVE-2014-4323)

26-08-2015

laginimaineb

General

ITSecurityCatalog

52AnalysisandExploitation(privileged)

Nr URL Description Date Author

1 http://phrack.org/issues/64/6.html

AttackingtheCore:KernelExploitingNotes

27-05-2005

sgrakkyu,twiz

2 http://www.blackhat.com/presentations/bh... KernelWarsxx-08-2007

KarlJanmar

3 http://rikiji.it/2013/05/10/CVE-2013-209...CVE-2013-2094porttox86

10-05-2013

Riccardo

4 http://blog.cmpxchg8b.com/2013/05/introd...

IntroductiontoWindowsKernelSecurityResearch

15-05-2013

TavisOrmandy

5 http://labs.lastline.com/unmasking-kerne...UnmaskingKernelExploits

07-07-2015

RomanVasilenko

ITSecurityCatalog

53AnalysisandExploitation(privileged)

Shell-codedevelopment

Egg-hunters

ITSecurityCatalog

54ShellcodeDevelopment

Nr URL Description Date Author

1 http://www.corelan.be/index.php/201...

Exploitwritingtutorialpart8:Windows,x86-32EggHunting

09-01-2010

corelanc0d3r

2 http://grey-corner.blogspot.com/2010/02/...

WindowsBufferOverflowTutorial:AnEgghunterandaConditionalJump

13-02-2010

StephenBradshaw

3 http://www.corelan.be/index.php/201...

Exploitnotes–win32eggs-to-omelet

22-08-2010

corelanc0d3r

4 http://www.exploit-db.com/foxit-reader-s...

FoxitReaderStackOverflowExploit–EgghunterEdition

14-11-2010

dookie2000ca

5 http://www.corelan.be/index.php/2011/05/...

HackNotes:Roppingeggsforbreakfast

12-05-2011

corelanc0d3r

6 https://community.rapid7.com/community/m...

AnexampleofEggHuntingtoexploitCVE-2012-0124

06-07-2012

JuanVazquez

7 http://www.bigendiansmalls.com/creating-...

Buildingshellcode,egghuntersanddecoders.

23-07-2015

bigendiansmalls

Ingeneral

ITSecurityCatalog

55ShellcodeDevelopment

Nr URL Description Date Author

1 http://hick.org/code/skape/papers/win32-...UnderstandingWindowsShellcode

12-06-2003

Matt(skape)Miller

2 http://www.vividmachines.com/shellcode/s...

ShellcodingforLinuxandWindowsTutorial

xx-06-2007

SteveHanna

3 http://blog.harmonysecurity.com/2009/08/... CallingAPIFunctions

05-08-2009

StephenFewer

4 http://blog.harmonysecurity.com/search/l...

ImplementingaWindows,x86-32KernelShellcode

05-11-2009

StephenFewer

5 http://www.corelan.be/index.php/201...

Exploitwritingtutorialpart9:IntroductiontoWindows,x86-32shellcoding

25-02-2010

corelanc0d3r

6 http://www.exploit-db.com/papers/15652/

HowtoCreateaShellcodeonARMArchitecture

25-11-2010

JonathanSalwan

7 http://mcdermottcybersecurity.com/articl... Windowsx64shellcode

11-01-2011

McDermott

8 http://resources.infosecinstitute.com/st...

StackBasedBufferOverflowTutorial,part3—Addingshellcode

09-03-2011

StephenBradshaw

9 http://gdtr.wordpress.com/2011/07/23/uni...

UniversalROPshellcodeforOSXx64

23-07-2011

pa_kt

10 http://www.vnsecurity.net/2011/07/yet-an...

YetanotheruniversalOSXx86_64dyldROPshellcode

30-07-2011

longld

11 http://www.codeproject.com/Articles/3257...TheArtofWin32

06-02- AmrThabet

ITSecurityCatalog

56ShellcodeDevelopment

Shellcoding 2012

12 https://web.archive.org/web/201402262333... 64-bitLinuxShellcode

10-06-2012

MarkLoiseau

13 https://www.offensive-security.com/vulnd...FunwithAIXShellcodeandMetasploit

20-11-2012

?

14 http://www.exploit-monday.com/2013/08/wr...

WritingOptimizedWindowsShellcodeinC

16-08-2013

MattGraeber

ITSecurityCatalog

57ShellcodeDevelopment

BugsandtheirmitigationsThissectionisallaboutbugclassesandimplementedmitigationsagainstthem.

StackoverrunsCWE-121:Stack-basedBufferOverflow

Userand

Nr URL Description Date Author

1 http://seclists.org/fulldisclosure/2012/...

SafeSEH+SEHOPall-at-oncebypassexplotationmethodprinciples

10-01-2012

x90c

2 http://blogs.msdn.com/b/sdl/archive/2012...Enhancementsto/GSinVisualStudio11

26-01-2012

DaveLadd

3 https://community.rapid7.com/community/m...

StackSmashing:WhenCodeExecutionBecomesaNightmare

06-07-2012

WeiChen

4 https://community.rapid7.com/community/m...

TheStackCookiesBypassonCVE-2012-0549

15-08-2012

JuanVazquez

Kernelmode

Nr URL Description Date Author OS/Arch Info

1 http://j00ru.vexillium.org/?p=690

Exploitingtheotherwisenon-exploitable:WindowsKernel-modeGScookiessubverted

11-01-2011

Mateusz‘j00ru’Jurczyk

Windows,x86-32

CVE-2010-4398

ITSecurityCatalog

58Mitigations

General

Nr URL Description Date Author

1 http://site.pi3.com.pl/papers/ASSP.pdf

AdventurewithStackSmashingProtector(SSP)

11-11-2013

Adam'pi3'Zabrocki

2 http://wiki.osdev.org/Stack_Smashing_Protec...StackSmashingProtector

22-10-2014

(osdev.org)

Heapoverrunshttps://cwe.mitre.org/data/definitions/122.html

Userland

Nr URL Description Date Author

1 http://www.symantec.com/connect/articles...

AnewwaytobypassWindowsheapprotections

31-08-2005

NicolasFalliere

2 http://blogs.technet.com/b/srd/archive/2...

Preventingtheexploitationofusermodeheapcorruptionvulnerabilities

04-08-2009

swiat

3 http://blogs.technet.com/b/srd/archive/2...

SoftwareDefense:mitigatingheapcorruptionvulnerabilities

29-10-2013

swiat

4 http://blog.lse.epita.fr/articles/74-get...

GettingbackdeterminismintheLowFragmentationHeap

02-11-2014

BrunoPujos

Kernelmode

ITSecurityCatalog

59Mitigations

Nr URL Description Date Author OS/Arch

1 http://blogs.technet.com/b/srd/archive/2...

SafeUnlinkingintheKernelPool

26-05-2012

swiat Windows

2 http://www.inertiawar.com/unlink/

Windows8andSafeUnlinkinginNTDLL

14-07-2012

Note Windows

Staticbufferoverflows

Nr URL Description Date Author OS/Arch

1 http://em386.blogspot.com/2008/05/self-p...

SelfProtectingGlobalOffsetTable(GOT)

24-04-2008

ChrisRohlf -

2 http://isisblogs.poly.edu/2011/06/01/rel...RELRO:RELocationRead-Only

01-06-2011

JulianCohen Linux

Uninitializeddatahttps://cwe.mitre.org/data/definitions/824.html

Nr URL Description Date Author OS/Arch

1 http://blogs.msdn.com/b/sdl/archive/2012...

Guardingagainstuninitializedclassmemberpointers

08-03-2012

ThomasGarnier Windows

Lifetimeissueshttps://cwe.mitre.org/data/definitions/416.htmlhttps://cwe.mitre.org/data/definitions/415.html

Use-after-free,double-freebugs.

Nr URL Description Date

ITSecurityCatalog

60Mitigations

1 http://blog.fortinet.com/post/is-use-aft...

Isuse-after-freeexploitationdead?ThenewIEmemoryprotectorwilltellyou

16-06-2014

Zhenhua'Eric'Liu

2 http://researchcenter.paloaltonetworks.c...

IsIttheBeginningoftheEndForUse-After-FreeExploitation?

16-06-2014

TaoYan,BoQu,RoyceLu

3 http://blog.trendmicro.com/trendlabs-sec...

MitigatingUAFExploitswithDelayFreeforInternetExplorer

17-06-2014

JackTang

4 https://labs.mwrinfosecurity.com/blog/20...

IsolatedHeap&Friends-ObjectAllocationHardeninginWebBrowsers

20-06-2014

mwrinfosecurity.com

5 http://blog.trendmicro.com/trendlabs-sec...

IsolatedHeapforInternetExplorerHelpsMitigateUAFExploits

01-07-2014

JackTang

6 http://h30499.www3.hp.com/t5/HP-Security...

EfficacyofMemoryProtectionagainstuse-after-freevulnerabilities

28-07-2014

SimonZuckerbraun

7 http://securityintelligence.com/understa...

UnderstandingIE’sNewExploitMitigations:TheMemoryProtectorandtheIsolatedHeap

29-08-2014

MarkYason

8 https://web.archive.org/web/201411020020...

USE-AFTER-FREENOTDEADININTERNETEXPLORER:PART1

13-10-2014

k33nteam

9 http://h30499.www3.hp.com/hpeb/attachmen...Newdirectionsinuse-after-freemitigations

18-10-2014

HPSecurity

10 http://blog.trendmicro.com/trendlabs-sec...

Windows10SharpensBrowserSecurityWithMicrosoftEdge

21-07-2015

Henryli

ITSecurityCatalog

61Mitigations

NULL-pointerhttps://cwe.mitre.org/data/definitions/476.html

Nr URL Description Date Author

1 https://web.archive.org/web/201209131910...

LockingDowntheWindowsKernel:MitigatingNullPointerExploitation

07-07-2011

Tarjei(kernelpool)Mandt

Integerbugshttps://cwe.mitre.org/data/definitions/189.html

Nr URL Description Date Author OS/Arch

1 http://forums.grsecurity.net/viewtopic.p...

InsidetheSizeOverflowPlugin

28-08-2012

ephox -

Hardeningsandtheirbypasses

AddressSpaceLayoutRandomiztion(ASLR)

Userland

Nr URL Description Date Author

1 https://web.archive.org/web/201001020008...AttackingASLRonLinux2.6

27-05-2009

drraid

2 http://recxltd.blogspot.com/2011/12/curi...

TheCuriousCaseofVirtualAlloc,ASLRandanSDL

13-12-2011

Ollie

3 http://blog.duosecurity.com/2012/02/a-lo...

AlookatASLRinAndroidIceCream

17-02-2012

JonOberheide

ITSecurityCatalog

62Mitigations

Sandwich4.0

4 http://recxltd.blogspot.com/2012/03/part...

APartialTechniqueAgainstASLR-MultipleO/Ss

02-03-2012

Ollie

5 http://blog.ptsecurity.com/2012/12/windo...Windows8ASLRInternals

04-12-2012

ArtemShishkin,IlyaSmith

6 http://kingcope.wordpress.com/2013/01/24...

AttackingtheWindows7/8AddressSpaceRandomization

24-01-2013

kingcope

7 http://www.fireeye.com/blog/technical/cy...

ASLRBypassApocalypseinRecentZero-DayExploits

15-10-2013

XiaboChen

8 https://www.cert.org/blogs/certcc/post.c...

DifferencesBetweenASLRonWindowsandLinux

10-02-2014

WillDormann

9 http://www.greyhathacker.net/?p=894

BypassingWindowsASLRinMicrosoftOfficeusingActiveXcontrols

04-12-2015

Parvez

Kernelmode(KASLR)

ITSecurityCatalog

63Mitigations

Nr URL Description Date Author

1 https://dl.packetstormsecurity.net/pap...BypassingWindows7KernelASLR

11-10-2011

StefanLeBerre

2 http://shell-storm.org/blog/ASLR-impleme...

ASLRimplementationinLinuxKernel3.7

19-01-2013

JonathanSalwan

3 http://forums.grsecurity.net/viewtopic.p...

KASLR:AnExerciseinCargoCultSecurity

20-03-2013

spender

4 http://www.alex-ionescu.com/?p=82

KASLRBypassMitigationsinWindows8.1

17-11-2013

AlexIonescu

5 http://labs.bromium.com/2014/10/27/tsx-i...

TSXimprovestimingattacksagainstKASLR

27-10-2014

RafalWojtzcuk

6 https://copperhead.co/2015/05/11/aslr-an...

TheStateofASLRonAndroidLollipop

11-05-2015

DanielMicay

DataExecutionPrevention(DEP)

Nr URL Description Date

1 https://docs.google.com/viewer?a=v&pid=e...x86-64bufferoverflowexploitsandtheborrowedcodechunks

28-09-2005

2 http://www.uninformed.org/?v=2&a=4BypassingWindowsHardware-enforcedDataExecutionPrevention

02-10-2005

3 http://cseweb.ucsd.edu/~hovav/papers/s07...

TheGeometryofInnocentFleshontheBone:Return-into-libcwithoutFunctionCalls(onthex86)

xx-10-2007

4 http://www.packetstormsecurity.org/paper...BypassinghardwarebasedDEPonWindowsServer2003SP2

10-06-2009

DEPbypasswith09-

ITSecurityCatalog

64Mitigations

5 http://bernardodamele.blogspot.com/2009/... DEPbypasswithSetProcessDEPPolicy()

12-2009

6 http://vrt-blog.snort.org/2009/12/dep-an... DEPandHeapSprays17-12-2009

7 http://blog.zynamics.com/2010/03/12/a-ge...Agentleintroductiontoreturn-orientedprogramming

12-03-2010

8 http://archives.neohapsis.com/archives/f...ExploitationWithWriteProcessMemory()/YetAnotherDEPTrick

xx-03-2010

9 http://blog.harmonysecurity.com/2010/04/...AlittlereturnorientedexploitationonWindowsx86(Part1)

12-04-2010

10 http://blog.harmonysecurity.com/2010/04/...AlittlereturnorientedexploitationonWindowsx86(Part2)

16-04-2010

11 https://web.archive.org/web/201207070114... AdvancedReturn-OrientedExploit

05-05-2010

12 http://www.corelan.be:8800/index.php/201...

Exploitwritingtutorialpart10:ChainingDEPwithROP–theRubik’s[TM]Cube

16-06-2010

13 http://eticanicomana.blogspot.com/2010/0... ThesocalledReturnOrientedProgramming...

21-06-2010

14 http://www.exploit-db.com/osx-rop-exploi... OSXROPExploit–EvoCamCaseStudy

06-07-2010

15 http://repository.root-me.org/Exploit... Payloadalreadyinside:datareuseforropexploits

28-07-2010

16 http://www.vnsecurity.net/research/2010/... SimpleMacOSXret2libcexploit(x86)

05-10-2010

17 http://vulnfactory.org/blog/2011/09/21/d... DefeatingWindows8ROPMitigation

21-09-2011

18 http://www.exploit-monday.com/2011/11/ma...Manvs.ROP-OvercomingAdversityOneGadgetataTime

14-11-2011

ITSecurityCatalog

65Mitigations

19 https://web.archive.org/web/201201200400... AdvancedGenericROPchainforWindows8

11-2011

20 http://www.accuvant.com/blog/2011/12/01/... MeasureTwice,CutOnce01-12-2011

21 http://codearcana.com/posts/2013/05/28/i...Introductiontoreturnorientedprogramming(ROP)

28-05-2013

22 https://codeinsecurity.wordpress.com/201...

W^XpolicyviolationaffectingallWindowsdriverscompiledinVisualStudio2013andprevious

03-09-2015

Return-Oriented-Programming(ROP)mitigations

Nr URL Description Date Author

7 http://www.kryptoslogic.com/download/ROP...

SecurityMitigationsforReturn-OrientedProgrammingAttacks

20-08-2010

PiotrBania

39 http://c0decstuff.blogspot.com.es/2012/1...

DefeatingWindows8ROPMitigation

19-12-2012

c0decstuff

ExportAddressTableAccessFiltering(EAF)

ITSecurityCatalog

66Mitigations

Nr URL Description Date Author

30 http://www.greyhathacker.net/?p=483

BypassingEMET’sEAFwithcustomshellcodeusingkernelpointer

19-12-2011

Parvez

33 http://piotrbania.com/all/articles/anti_...

BYPASSINGEMETExportAddressTableAccessFilteringfeature

19-01-2012

PiotrBania

44 http://scrammed.blogspot.de/2014/03/reve...

ReversingEMET'sEAF(andacoupleofcuriousfindings...)

20-03-2014

giulia

53 http://tekwizz123.blogspot.de/2015/01/by...

AnTheoreticalApproachtoGettingAroundEMET'sEAFProtection

18-01-2015

tekwizz

ControlFlowIntegrity/ControlFlowGuard

ITSecurityCatalog

67Mitigations

Nr URL Description Date

1 http://blogs.msdn.com/b/vcblog/archive/2...

VisualStudio2015Preview:Work-in-ProgressSecurityFeature

08-12-2014

2 http://blog.trendmicro.com/trendlabs-sec...

ExploringControlFlowGuardinWindows10

30-01-2015

3 https://blog.coresecurity.com/2015/03/25/...

ExploitingCVE-2015-0311,PartII:BypassingControlFlowGuardonWindows8.1Update3

25-03-2015

4 http://sjc1-te-ftp.trendmicro.com/assets/wp...

ExploringControlFlowGuardinWindows10

xx-05-2015

5 http://research.microsoft.com/pubs/64250/ccs05.pdf

Control-FlowIntegrity:Principles,Implementations,andApplications

11-07-2015

6 http://labs.bromium.com/2015/09/28/an-int...

AninterestingdetailaboutControlFlowGuard

28-09-2015

MitigationsAgainstUse-After-Free

ITSecurityCatalog

68Mitigations

Nr URL Description Date

1 http://h30499.www3.hp.com/hpeb/attachments/...

AbusingSilentMitigations:UnderstandingweaknesseswithinInternetExplorer’sIsolatedHeapandMemoryProtection

19-06-2015

Abdul-AzizHariri,SimonZuckerbraun,BrianGorenc

2 http://googleprojectzero.blogspot.de/2015/0... Dude,where’smyheap?

15-06-2015

IvanFratric

Multiplemitigationsdiscussed

Userland

Nr URL Description Date Author

1 http://www.azimuthsecurity.com/resources/...

BypassingBrowserMemoryProtections

07-08-2008

AlexSotirov,MarkDowd

2 https://www.blackhat.com/presentations/b...Bufferoverflowsonlinux-x86-64

22-01-2009

HagenFritsch

3 http://www.corelan.be/index.php/200...

Exploitwritingtutorialpart6:BypassingStackCookies,SafeSeh,SEHOP,HWDEPandASLR

12-09-2009

corelanc0d3r

4 https://docs.google.com/viewer?a=v&pid=e...

BypassingASLRandDEPunderWindows

17-06-2010

mr_me

5 https://labs.mwrinfosecurity.com/blog/2010...

AssessingtheTuxStrength:Part1-UserspaceMemoryProtection

29-07-2010

?

ITSecurityCatalog

69Mitigations

6 http://blogs.technet.com/b/srd/archive/2...

OntheeffectivenessofDEPandASLR

08-12-2010

swiat

7 http://msdn.microsoft.com/en-us/library/...

WindowsISVSoftwareSecurityDefenses

xx-12-2010

MichaelHoward,MattMiller,JohnLambert,MattThomlinson

8 http://www.secfence.com/whitepapers/Whit... BypassingASLR/DEP

25-09-2011

VinayKatoch

9 http://www.microsoft.com/download/en/det...MitigatingSoftwareVulnerabilities

12-07-2011

MattMiller,TimeBurrell,MichaelHoward

10 http://forums.grsecurity.net/viewtopic.p...

RecentAdvances:HowWeLearnFromExploits

15-02-2012

spender

11 http://blogs.msdn.com/b/ie/archive/2012/...

EnhancedMemoryProtectionsinIE10

13-03-2012

ForbesHigman

12 http://esec-lab.sogeti.com/post/Bypassin...

BypassingASLRandDEPonAdobeReaderX

22-06-2012

guillaume

13 http://security.stackexchange.com/questi...HowdoASLRandDEPwork?

12-08-2012

polynomial

14 http://blogs.technet.com/b/srd/archive/2...

Softwaredefense:safeunlinkingandreferencecounthardening

06-11-2013

swiat

15 http://bromiumlabs.files.wordpress.com/2... BYPASSINGEMET4.1

xx-02-2014

JaresDeMott

Bypassing

ITSecurityCatalog

70Mitigations

16 http://www.contextis.com/resources/blog/... Windows8.1MitigationsusingUnsafeCOMObjects

15-06-2014

JamesForshaw

17 http://www.offensive-security.com/vulnde...

DisarmingEnhancedMitigationExperienceToolkit

01-07-2014

offensive-security.com

18 https://www.offensive-security.com/vulnd... DisarmingEMETv5.0

29-09-2014

offensive-security.com

19 https://www.offensive-security.com/vulnd...

DisarmingandBypassingEMET5.1

18-11-2014

Blogpost

20 http://casual-scrutiny.blogspot.in/2015/...DefeatingEMET5.2Protections

15-03-2015

r41p41

21 http://casual-scrutiny.blogspot.in/2015/...

DefeatingEMET5.2Protections(2)

21-03-2015

r41p41

22 http://int3pids.blogspot.de/2015/04/conf...

Confidence2015Teaser:QuarantineWrite-Up(pwn500)

30-04-2015

EloiSanfelix

23 http://googleprojectzero.blogspot.com/20...

SignificantFlashexploitmitigationsareliveinv18.0.0.209

16-07-2015

MarkBrand,ChrisEvans

24 https://www.endgame.com/blog/adobe-flash...

AdobeFlashVulnerabilityCVE-2015-7663andMitigatingExploits

xx-xx-2015

CodyPierce

25 https://duo.com/assets/pdf/WoW64-Bypassi...

WoW64andSoCanYou-BypassingEMETWithaSingleInstruction

xx-xx-2015

DarrenKemp,MikhailDavidov

BypassDEP

ITSecurityCatalog

71Mitigations

26 http://xlab.tencent.com/en/2015/12/09/by...andCFGusingJITcompilerinChakraengine

09-12-2015

tombkeeper

Kernelmode

Nr URL Description Date Author

1 http://sysc.tl/2010/04/26/kernel-exploit...FreeBSDkernelexploitationmitigations

26-04-2010

Patroklos(argp)Argyroudis

2 https://web.archive.org/web/201112171438...

AssessingtheTuxStrength:Part2-IntotheKernel

02-09-2010

RadoslawMadej

3 https://wiki.ubuntu.com/Security/Feature... Security/Features-UbuntuWiki

17-02-2011

ubuntu.com

4 http://census.gr/media/bheu-2011-wp.pdf

ProtectingtheCore:KernelExploitationMitigations

18-03-2011

Patroklos(argp)Argyroudis,DimitrisGlynos

5 http://blogs.msdn.com/b/sdl/archive/2012...Guardingagainstre-useofstaleobjectreferences

24-04-2012

DougCavit

6 https://blog.duosecurity.com/2012/07/exp...

ExploitMitigationsinAndroidJellyBean4.1

16-07-2012

JonOberheide

7 http://0xfeedface.org/blog/lattera/2012-...NewExploitProtectionsinAndroid4.1

19-07-2012

ShawnWebb

8 http://blogs.technet.com/b/srd/archive/2...

EMET3.5TechPreviewleveragessecuritymitigationsfromtheBlueHatPrize

24-07-2012

swiat

9 http://blogs.technet.com/b/srd/archive/2...

TechnicalAnalysisoftheTopBlueHatPrizeSubmissions

26-07-2012

swiat

ITSecurityCatalog

72Mitigations

10 http://forums.grsecurity.net/viewtopic.p...RecentARMsecurityimprovements

18-02-2013

spender

11 http://0xdabbad00.com/wp-content/uploads...

EMET4.1Uncovered

18-11-2013

0xdabbad00

12 http://blogs.technet.com/b/srd/archive/2...

Softwaredefense:mitigatingcommonexploitationtechniques

11-12-2013

swiat

13 https://labs.mwrinfosecurity.com/blog/20...

Windows8KernelMemoryProtectionsBypass

15-08-2014

Jérémy(__x86)Fetiveau

14 http://breakingmalware.com/vulnerabiliti...

One-BitToRuleThemAll:BypassingWindows’10ProtectionsusingaSingleBit

10-02-2015

UdiYavo

General

ITSecurityCatalog

73Mitigations

Nr URL Description Date Author

1 http://www.freeinfosociety.com/media/pdf/2708.pdf

ABufferOverflowStudy-Attacks&Defenses

2002

Pierre-AlainFAYOLLE,VincentGLAUME

2 https://static.googleusercontent.com/medi...

NativeClient:ASandboxforPortable,Untrustedx86NativeCode

2009

BennetYee,DavidSehr,GregoryDardyk,J.BradleyChen,RobertMuth,TavisOrmandy,ShikiOkasaka,NehaNarula,andNicholasFullagar

3 https://drive.google.com/file/d/0B5pT4hU_...

AnEvaluationoftheEffectivenessofEMET5.1AtProtectingEverydayApplicationsAgainstTargetedAttacks

2015 GrantWillcox

Hardware-basedmitigations

ITSecurityCatalog

74Mitigations

Nr URL Description

1 https://web.archive.org/web/20120120072718/http://falken.tuxfamily.org/?p=115

BeatSMEPonLinuxwithReturn-OrientedProgramming

2 http://forums.grsecurity.net/viewtopic.p...SupervisorModeAccessPrevention

3 http://blog.ptsecurity.com/2012/09/intel...

IntelSMEPoverviewandpartialbypassonWindows8

4 http://www.cyvera.com/the-case-for-smep-...

THECASEFORSMEP–EXPLOITINGAKERNELVULNERABILITY

5 http://atredispartners.blogspot.de/2014/...

HereBeDragons:VulnerabilitiesinTrustZone

6 https://www.nccgroup.com/en/blog/2015/01...

Intel®SoftwareGuardExtensions(SGX):AResearcher’sPrimer

7 https://www.nccgroup.trust/uk/about-us/n... XenSMEP(andSMAP)bypass

8 http://www.alex-ionescu.com/Enclave%20Su...

IntelSGXEnclaveSupportinWindows10FallUpdate(Threshold2)

Specificmitigations

ITSecurityCatalog

75Mitigations

Nr URL Description Date Author

1 http://blog.ptsecurity.com/2014/09/micro...

MicrosoftWindows8.1KernelPatchProtectionAnalysis&AttackVectors

17-08-2014

MarkErmolov,ArtemShishkin

2 http://vrt-blog.snort.org/2014/08/the-wi...

TheWindows8.1KernelPatchProtection

24-08-2014

AndreaAllievi

3 http://scarybeastsecurity.blogspot.de/20...UsingASANasaprotection

25-09-2014

ChrisEvans

4 http://blogs.cisco.com/security/mitigati...

MitigationsAvailablefortheDRAMRowHammerVulnerability

09-03-2015

OmarSantos

5 http://googleprojectzero.blogspot.de/2015/08/three-bypasses-and-fix-for-one-of.html

ThreebypassesandafixforoneofFlash'sVector.<*>mitigations

19-08-2015

ChrisEvans

OtherexploitationobstaclesNon-compiler,OS,orhardwareenforcedexploitationdifficulties.

Nr URL Description Date Author

1 http://www.corelan.be/index.php/200...

Exploitwritingtutorialpart7:Unicode–from0×00410041tocalc

06-11-2009

corelanc0d3r

WindowsBuffer

ITSecurityCatalog

76Mitigations

2 http://grey-corner.blogspot.com/2010/01/...OverflowTutorial:DealingwithCharacterTranslation

17-01-2010

StephenBradshaw

3 https://web.archive.org/web/201104170711...

KenWardZipperStackBOF0day–anotsotypicalSEHexploit

18-03-2010

corelanc0d3r

4 http://www.corelan.be/index.php/201...

ExploitingKenWardZipper:Takingadvantageofpayloadconversion

27-03-2010

Tutorial

5 http://www.corelan.be/index.php/201...

QuickZipStackBOF0day:aboxofchocolates(2parts)

27-03-2010

corelanc0d3r

6 https://docs.google.com/viewer?a=v&pid=e...

Unicode,themagicofexploiting0×00410041

29-05-2010

mr_me

7 http://www.exploit-db.com/winamp-5-58-fr...

Winamp5.58fromDenialofServicetoCodeExecution

20-10-2010

muts

8 http://www.exploit-db.com/winamp-exploit...

Winamp5.58fromDenialofServicetoCodeExecutionPart2

02-11-2010

muts

9 https://www.corelan.be/index.php/2011/07...

MetasploitBounty–theGood,theBadandtheUgly

27-07-2011

Lincoln

ITSecurityCatalog

77Mitigations

ResearchFromhardwaretoapplications,frommitigationstoattacks.

Hardware-based

Nr URL Description Date Author

1 https://www.blackhat.com/docs/us-14/mate...

QSEETrustZoneKernelIntegerOverflowVulnerability

01-07-2014

DanRosenberg

1 http://atredispartners.blogspot.de/2014/...

HereBeDragons:VulnerabilitiesinTrustZone

14-08-2014

NathanKeltner

2 https://www.blackhat.com/docs/us-15/mate...

ExploitingTrustzoneonAndroid

xx-08-2015

DiShen

3 http://blog.invisiblethings.org/papers/2...Intelx86consideredharmful

xx-10-2015

JoannaRutkowska

4 http://blog.invisiblethings.org/papers/2...

Stateconsideredharmful-Aproposalforastatelesslaptop

xx-12-2015

JoannaRutkowska

CompilerOrLanguage-Specific

Nr URL Description Date Author

1 https://code.google.com/p/em386/download...

ExploringtheSTL:Owningerase()

20-07-2009

ChrisRohlf

ITSecurityCatalog

78Research

OperatingSystemInternals

Heap

Nr URL Description Date Author

1 https://www.blackhat.com/presentations/b...Understandingtheheapbybreakingit

xx-08-2007

JusintN.Ferguson

2 https://media.blackhat.com/eu-13/briefin...

AdvancedHeapManipulationinWindows8

15-03-2013

Zhenhua(Eric)Liu

Kernel

Nr URL Description Date Author

1 http://census-labs.com/media/bheu-2010-w...

BindingtheDaemon:FreeBSDKernelStackandHeapExploitation

22-04-2010

Patroklos(argp)Argyroudis

2 http://www.mista.nu/research/MANDT-kerne...

KernelPoolExploitationonWindows7

12-01-2011

Tarjei(kernelpool)Mandt

3 http://sysc.tl/2012/01/03/linux-kernel-h...

TheLinuxkernelmemoryallocatorsfromanexploitationperspective

03-01-2012

Patroklos(argp)Argyroudis

4 https://media.blackhat.com/bh-us-12/Brie...

iOSKernelHeapArmageddon

26-07-2012

StefanEsser

5 http://blog.azimuthsecurity.com/2013/12/...

AttackingZonePageMetadatainiOS7andOSXMavericks

19-12-2013

Tarjei(kernelpool)Mandt

ITSecurityCatalog

79Research

VariousMechanisms

Nr URL Description Date Author

1 https://labs.mwrinfosecurity.com/system/...

WindowsServices–AllroadsleadtoSYSTEM

31-10-2014

Article

2 http://census-labs.com/media/Fuzzing_Object...

FuzzingObjectsd’ART:DiggingIntotheNewAndroidLRuntimeInternals

18-06-2015

AnestisBechtsoudis

3 http://googleprojectzero.blogspot.de/2015...

RevisitingAppleIPC:(1)DistributedObjects

28-09-2015

IanBeer

Application-Specific

Just-In-Time(JIT)andVirtualMachines(VM)

ITSecurityCatalog

80Research

Nr URL Description Date Author

1 http://www.inf.fu-berlin.de/groups/ag-si...

Application-SpecificAttacks:LeveragingtheActionScriptVirtualMachine

xx-04-2008

MarkDowd

2 http://dsecrg.com/files/pub/pdf/Writing%20J...

WritingJIT-SprayShellcodeforfunandprofit

05-03-2010

AlexeySintsov

3 http://www.matasano.com/research/Attacki...AttackingClientsideJITCompilers

07-08-2011

ChrisRohlf,YanIvnitsky

4 http://blog.cdleary.com/2011/08/understa... UnderstandingJITspray

29-08-2011

ChrisLeary

5 https://web.archive.org/web/201502060818...

JITSprayingPrimerandCVE-2010-3654

26-05-2012

GalBadishi

6 http://mainisusuallyafunction.blogspot.d...

AttackinghardenedLinuxsystemswithkernelJITspraying

17-11-2012

keegan

7 http://zhodiac.hispahack.com/my-stuff/se...FlashJIT–Sprayinginfoleakgadgets

19-07-2013

FerminJ.Serna

8 https://xuanwulab.github.io/2015/06/09/R...

ResearchreportonusingJITtotriggerRowHammer

09-06-2015

R3dF09

CustomorApplicationSpecificHeaps

ITSecurityCatalog

81Research

Nr URL Description Date Author

1 https://sites.google.com/site/zerodayres...

AdobeReader'sCustomMemoryManagement:AHeapOfTrouble

22-04-2010

HaifeiLi,GuillaumeLovet

2 https://media.blackhat.com/bh-us-12/Brie...

ExploitingthejemallocMemoryAllocator:OwningFirefox'sHeap

25-07-2012

Patroklos(argp)Argyroudis,Chariton(huku)Karamitas

3 https://communities.coverity.com/blogs/s...Windows8HeapInternals

31-07-2012

ChrisValasek

ApplicationInternalsAndAttacks

Nr URL Description Date Author

1 http://media.blackhat.com/bh-ad-11/Drake...

ExploitingMemoryCorruptionVulnerabilitiesintheJavaRuntime

15-12-2011

Joshua(jduck)J.Drake

2 https://web.archive.org/web/201301190934...

GoogleNativeClient-AnalysisOfASecureBrowserPluginSandbox

25-07-2012

Whitepaper

3 https://sites.google.com/site/zerodayres...

SmashingtheHeapwithVector:AdvancedExploitationTechniqueinRecentFlashZero-dayAttack

xx-02-2013

HaifeiLi

4 http://www.slideshare.net/xiong120/explo...

ExploitIEUsingScriptableActiveXControls(versionEnglish)

22-03-2014

Yuki(guhe120)Chen

5 http://blog.fortinet.com/post/advanced-e...

AdvancedExploitTechniquesAttackingtheIE

16-06- Zhenhua

'Eric'Liu

ITSecurityCatalog

82Research

ScriptEngine 2014

6 https://www.blackhat.com/docs/us-14/mate...

Thinkingoutsidethesandbox-Violatingtrustboundariesinuncommonways

05-08-2014

BrianGorenc,JasielSpelman

7 http://seclists.org/bugtraq/2012/Sep/29

InternetExplorerScriptInterjectionCodeExecution(updated)

06-09-2012

DerekSoeder

8 https://www.blackhat.com/docs/us-15/mate...

UNDERSTANDINGTHEATTACKSURFACEANDATTACKRESILIENCEOFPROJECTSPARTAN'S(EDGE)NEWEDGEHTMLRENDERINGENGINE

xx-08-2015

MarkVincentYason

ExploitationTechniques

Nr URL Description Date Author

1 http://cansecwest.com/slides07/Vector-Re...

VectorRewriteAttack-ExploitableNULLPointerVulnerabilitiesonARMandXScaleArchitectures

xx-03-2007

BarnabyJack

2 http://ifsec.blogspot.com/2011/06/memory...

MemorydisclosuretechniqueforInternetExplorer

09-06-2011

IvanFratric

White

ITSecurityCatalog

83Research

3 https://web.archive.org/web/20130524082...

PhosphorusExploitPackSayonaraASLRDEPBypassTechnique

21-06-2011

Note

4 https://media.blackhat.com/bh-us-11/Bros...

PostMemoryCorruptionMemoryAnalysis

03-08-2011

JonathanBrossard

5 http://zhodiac.hispahack.com/my-stuff/se...

CVE-2012-0769,thecaseoftheperfectinfoleak

09-04-2012

FerminJ.Serna

6 http://diyhpl.us/~bryan/papers2/security...

Androidexploitationprimers:liftingtheveilonmobileoffensivesecurity(Vol.I)

xx-08-2012

LarryH,BastianF

7 http://h30499.www3.hp.com/t5/HP-Security...

VerifyingWindowsKernelVulnerabilities

30-10-2013

Article

8 https://community.rapid7.com/community/m...

"HackAwayattheUnessential"withExpLib2inMetasploit

07-04-2014

WeiChen

9 https://doar-e.github.io/blog/2014/04/30...

CorruptingtheARMExceptionVectorTable

30-04-2014

Amat"acez"Cama

10 http://tfpwn.com/blog/turn-it-into-a-uaf... TurnitintoaUAF

11-01-2015

AlexanderEubanks

11 https://blog.coresecurity.com/2015/09/28...

AbusingGDIforring0exploitprimitives

28-09-2015

DiegoJuarez

12 https://www.nccgroup.trust/uk/our-resear... ExploitationAdvancements

07-10-2015

AaronAdams

#BadWinMail:The

ITSecurityCatalog

84Research

13 https://0b3dcaf9-a-62cb3a1a-s-sites.goog..."EnterpriseKiller"AttackVectorinMicrosoftOutlook

xx-12-2015

HaifeiLi

Heap/Pool-spray

Nr URL Description Date Author

1 http://www.phreedom.org/presentations/he...HeapFengShuiinJavaScript

2007 AlexanderSotirov

2 http://www.exploit-monday.com/2011/08/ta...

TargetedHeapSpraying–0x0c0c0c0cisaThingofthePast

29-08-2011

MattGraeber

3 https://www.corelan.be/index.php/2011/12...

Exploitwritingtutorialpart11:HeapSprayingDemystified

31-12-2011

corelanc0d3r

4 https://www.corelan.be/index.php/2013/02...

DEPS–PreciseHeapSprayonFirefoxandIE10

19-02-2013

corelanc0d3r

5 http://blog.ptsecurity.com/2013/03/stars...

Starsaligner’show-to:kernelpoolsprayingandVMwareCVE-2013-1406

06-03-2013

Article

6 http://www.alex-ionescu.com/?p=231

SheepYearKernelHeapFengshui:SprayingintheBigKids’Pool

29-12-2014

AlexIonescu

ITSecurityCatalog

85Research

MitigationTechniques

Nr URL Description Date Author

1 http://j00ru.vexillium.org/?p=1038

WindowsKernelAddressProtection

xx-08-2011

Mateusz(j00ru)Jurczyk

2 http://www.vdalabs.com/tools/DeMott_Blue...

BlueHatPrizeSubmission(/ROP)

xx-03-2012

JaredDeMott

Bugfinding

Nr URL Description Date Author OS/Arch Info

1 http://j00ru.vexillium.org/?p=1695

SyScan2013,Bochspwnpaperandslides

24-04-2013

Mateusz(j00ru)Jurczyk,GynvaelColdwind

Windows N/A

General

Nr URL Description Date Author OS/Arch Info

1 http://reversing.it/thesis.pdf

SecuringApplicationSoftwareinModernAdversarialSettings

xx-07-2015

FelixSchuster - N/A

ITSecurityCatalog

86Research

Malware

BlogsThesearelinkstodifferentblogscontainingmalwareanalysis.

Nr URL Title/Description

1 http://www.inreverse.net/inREVERSE-malwareanalysisblog

2 http://blog.threatexpert.com/

Ablogaboutautomatedthreatanalysis...andthebadguysittargets

3 http://www.secureworks.com/research/threats/ Threatanalyses

4 http://xylibox.blogspot.com/

"AnotherBlog,AnotherBox"-malwareanalysisblog

5 http://contagiodump.blogspot.com/

Contagioisacollectionofthelatestmalwaresamples,threats,observations,andanalyses.

6 http://www.avertlabs.com/research/blog/index.php/category/malware-research/

McAfee-Archiveforthe'MalwareResearch'Category

7 http://evilcodecave.blogspot.com/

ITSecurityResearchBlog:ReverseEngineering-MalwareAnalysis-Cryptography-SoftwareEngineering-SoftwareSecurity/Audit

8 http://extraexploit.blogspot.com/"EVERYTHINGORNOTHING"-malwareanalysisblog

9 http://ddanchev.blogspot.com/

DanchoDanchev'sBlog-MindStreamsofInformationSecurityKnowledge

ITSecurityCatalog

87Malware

10 http://blog.armorize.com/"ArmorizeBlog"-malwareanalysisblog

11 http://securityblog.s21sec.com/ S21secSecurityBlog

12 http://blog.malwaretracker.com/ malwaretracker

13 http://www.abuse.ch/ TheSwissSecurityBlog

14 http://blogs.paretologic.com/malwarediaries/ MalwareDiaries

15 http://perpetualhorizon.blogspot.com/ PerpetualHorizon

16 http://mnin.blogspot.com/ Coding,Reversing,Exploiting

17 http://blog.eset.com/ ESETThreatBlog

18 http://code.google.com/p/malware-lu/Malwarestechnicalanalysisfromhttp://www.malware.lu

19 http://stratsec.blogspot.de/BAESystemssecurityresearchblog

20 http://fumalwareanalysis.blogspot.com.au/p/malware-analysis-tutorials-reverse.html

MalwareAnalysisTutorials:aReverseEngineeringApproach

Articles

Malwareanalysis

Nr URL

1 http://mtc.sri.com/Conficker/

2 http://www.eset.com/resources/white-papers/Stuxnet_Under_the_Microscope.pdf

3 http://www.aall86.altervista.org/TDLRootkit/TDL4_Analysis_Paper.pdf

4 http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4

ITSecurityCatalog

88Malware

5 http://blog.fireeye.com/research/2011/03/an-overview-of-rustock.html

6 http://www.eset.com/us/resources/white-papers/The_Evolution_of_TDL.pdf

7 http://www.prevxresearch.com/zeroaccess_analysis.pdf

8 http://sophosnews.files.wordpress.com/2012/03/blackhole_paper_mar2012.pdf

9 http://www.crysys.hu/skywiper/skywiper.pdf

10 http://reverse.put.as/2012/08/06/tales-from-crisis-chapter-1-the-droppers-box-of-tricks/

11 https://community.rapid7.com/community/infosec/blog/2012/08/08/finfisher

12 http://reverse.put.as/2012/08/20/tales-from-crisis-chapter-2-backdoors-first-steps/

13 http://reverse.put.as/2012/08/21/tales-from-crisis-chapter-3-the-italian-rootkit-job/

14 https://www.securelist.com/en/blog/750/Full_Analysis_of_Flame_s_Command_Control_servers

15 http://www.ikarus.at/fileadmin/user_upload/Download/Report_MarionMarschalek.pdf

16 http://oweng.myweb.port.ac.uk/fbi-tor-malware-analysis/

17 http://www.welivesecurity.com/2013/08/27/the-powerloader-64-bit-update-based-on-leaked-exploits/

18 https://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf

19 https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf

20 https://www.virusbtn.com/pdf/conference/vb2014/VB2014-Wardle.pdf

ITSecurityCatalog

89Malware

General

Nr URL Title/Description Date Author

1 http://www.dfrws.org/2015/procee...AdvancingMacOSXrootkitdetection

2015

AndrewCase,GoldenG.RichardIII

Malwaretrackers

Nr URL Title/Description

1 http://www.malwaredomainlist.com/mdl.php MalwareDomainList

2 https://zeustracker.abuse.ch/ ZeuSTracker

3 https://spyeyetracker.abuse.ch/ SpyEyeTracker

4 http://www.malwareurl.com/listing-urls.php?urls=on

MalwareURL-Websitestatusverification

5 http://hosts-file.net/?s=Browse hpHostsOnline-Simple,Searchable&FREE!

6 http://virustracker.info/ VirusTracker

Onlinemalwareanalysis

ITSecurityCatalog

90Malware

Nr URL Title/Description

1 http://wepawet.iseclab.org/ Wepawet(JavaScriptandFlash)

2 http://www.urlvoid.com/CheckReputationofDomainsandSubdomains

3 http://anubis.iseclab.org/ Anubisisaserviceforanalyzingmalware

4 http://eureka.cyber-ta.org/ AnAutomatedMalwareBinaryAnalysisService

5 http://camas.comodo.com/ ComodoInstantMalwareAnalysis

6 http://ether.gtisc.gatech.edu/web_unpack/

Ether:MalwareAnalysisviaHardwareVirtualizationExtensions

7 http://www.ipvoid.com/ ScanURLformaliciousactivities

8 http://www.norman.com/security_center/security_tools/SubmitaSuspiciousFileforaFREEMalwareAnalysis

9 http://www.threatexpert.com/submit.aspx SubmitYourSampleToThreatExpert

10 http://www.malwaretracker.com/pdf.php ExaminePDFonline

11 http://mwanalysis.org/?site=1&page=submit MalwareAnalysisSystem

12 https://new.virustotal.com/

VirusTotalisafreeservicethatanalyzessuspiciousfilesandURLs

Tools&Projects

ITSecurityCatalog

91Malware

Nr URL Title/Description

1 http://malzilla.sourceforge.net/index.html Malwarehuntingtool

2 http://code.mwcollect.org/ Malwareandattacktracecollectiondaemon

3 http://code.google.com/p/phoneyc/ Purepythonhoneyclientimplementation

4 http://www.mlsec.org/malheur/ AutomaticAnalysisofMalwareBehavior

5 http://www.team-cymru.org/Services/MHR/WinMHR/

WinMHR-FreeMalwareDetector-TeamCymru

6 https://addons.mozilla.org/en-US/firefox/addon/team-cymrus-mhr/

QuicklycheckdownloadedfilesagainstTeamCymru'smalwaredatabasewithjustoneclick!

7 http://www.stoned-vienna.com/ StonedBootkit-TheofficialsiteofStonedBootkit

8 http://sarvam.ece.ucsb.edu/submit.html SARVAM:SearchAndRetrieVAlofMalware

9 http://code.google.com/p/malwasm/ Malwasmwasdesignedtohelppeoplethatdoreverseengineering

10 http://www.cuckoosandbox.org/ CuckooSandboxisamalwareanalysissystem

11 http://rehints.com/ Sharingreverseengineeringknowledge

12 https://objective-see.com/products.html FreeOSXSecurityTools

Onlineself-check

Nr URL Title/Description

1 http://www.dcwg.org/ TheDNSChangerWorkingGroup(DCWG)

Uncategorized

ITSecurityCatalog

92Malware

Nr URL Title/Description

1 http://zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html

Reverse-EngineeringMalwareCheatSheet

2 http://www.malwaredomainlist.com/forums/index.php?board=2.0 Hugelistofblogs

3 http://www.prevx.com/malwarecenter.aspVerylatesthotfilenamesusedbymalware

4 http://blogs.technet.com/b/markrussinovich/archive/2011/02/27/3390475.aspxTheCaseoftheMaliciousAutostart

ITSecurityCatalog

93Malware

VariousStuffHereyoucanfindotherstuffrelatedtosecurity--tools,notesondebugging,blogs,wikis,etc.

Onlinetoolsandservices

Nr URL Description

1 http://skypher.com/SkyLined/heap_spray/small_heap_spray_generator.html Heapspraygenerator

2 http://gorope.me/

FREEOnlineROPGadgetsSearch

3 https://www.corelan.be/index.php/security/corelan-ropdb/ CorelanROPdb

Toolsanddevelopment

Nr URL

1 http://reverse.put.as/wp-content/uploads/2011/06/hackingleopard.pdf

HackingLeopard:ToolsandTechniquesforAttackingtheNewestMacOSX

2 http://www.corelan.be/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/

StartingtowriteImmunityDebuggerPyCommands:mycheatsheet

3 http://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/

Exploitwritingtutorialpart4:FromExploittoMetasploit–Thebasics

ITSecurityCatalog

94VariousStuff

4 http://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development

Exploitwritingtutorialpart5:Howdebuggermodules&pluginscanspeedupbasicexploitdevelopment

5 https://blog.mandiant.com/archives/1899

ExploringArtifactsinHeapMemorywithHeapInspector

6 http://redmine.corelan.be/projects/mona

CorelanTeamprojectpagefor'mona',aPyCommandforImmunityDebugger

7 http://blog.metasploit.com/2008/08/byakugan-windbg-plugin-released.html

SetofextensionsforexploitdevelopmentunderWinDbg

8 https://github.com/djrbliss/libplayground

AsimpleframeworkfordevelopingLinuxkernelheapexploittechniques

9 http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Heappie

Heappie!isanexploit-writing-orientedmemoryanalysistool

10 http://www.hsc.fr/ressources/outils/skyrack/index.html.en ROPgadgetsearchtool

11 https://github.com/neuromancer/seaSymbolicExploitAssistant

12 https://www.corelan.be/index.php/2012/12/31/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2/

JingleBOFs,JingleROPs,Sploitingallthethings…

ITSecurityCatalog

95VariousStuff

withMonav2!!

13 https://community.rapid7.com/community/metasploit/blog/2011/10/11/monasploit MonaSploit

14 https://wapiflapi.github.io/2015/04/22/single-null-byte-heap-overflow/

Visualizingasinglenull-byteheapoverflowexploitation

15 https://blog.skullsecurity.org/2015/how-i-nearly-almost-saved-the-internet-starring-afl-fuzz-and-dnsmasq

HowInearlyalmostsavedtheInternet,starringafl-fuzzanddnsmasq

16 http://googleprojectzero.blogspot.de/2015/11/windows-sandbox-attack-surface-analysis.html

WindowsSandboxAttackSurfaceAnalysis

Blogsbysecuritypeopleorteams

ITSecurityCatalog

96VariousStuff

Nr URL Description

1 http://sysc.tl/ Patroklos(argp)Argyroudisblog

2 http://jon.oberheide.org/ JonOberheideBlog

3 http://blog.cr0.org/ JulienTinnesblog(Kernel-levelbugs)

4 http://xorl.wordpress.com/category/bugs/ VulnerabilitiesdescriptionsmappedtoCVE

5 http://www.abysssec.com/blog/tag/binary-... VulnerabilitiesbinaryanalysisbyAbysssec

6 http://exploitshop.wordpress.com/ VulnerabilityanalysisblogusingDarunGrim

7 http://0x1byte.blogspot.com/search/label... AlexanderGavrunpublishedvulnerabilities

8 http://sysc.tl/category/advisories/ Patroklos(argp)Argyroudisadvisories

9 http://trapkit.de/advisories/published.h... PublishedSecurityAdvisoriesbyTobiasKlein

10 http://www.scary.beasts.org/security/ChrisEvans:Softwaresecurityholesfoundviaauditing,fuzzing,etc.

11 http://poppopret.blogspot.com/ Hacking&ITSecurityStuff

12 https://www.corelan.be/index.php/articles/ CorelanTeamArticles

13 http://sf-freedom.blogspot.com/ SoftwareVulnerabilityExploitationBlog

14 http://invisiblethingslab.com/itl/Resources.html invisiblethingslab.comResources

15 http://googleprojectzero.blogspot.com ProjectZero

Wikiandweb-sitesonsecurity

ITSecurityCatalog

97VariousStuff

Nr URL Description

1 http://www.phrack.org PhrackMagazine

2 http://theiphonewiki.com/wiki/index.php?title=Category:Exploits TheiPhoneWiki

3 http://en.wikibooks.org/wiki/Metasploit TheMetasploitBook

4 http://www.blackhatlibrary.net/ShellcodecsShellcodecsisacollectionofshellcodes,loaders,sources,andgenerators

5 http://skypher.com/wiki/index.php/Main_Page Skypher-thewikiforabsolutelynothing

6 http://grsecurity.net/research.php AcademicResearchPublicationsMentioninggrsecurity/PaX

7 http://uninformed.org/index.cgi? INFORMATIVEINFORMATIONFORTHEUNINFORMED

Collections,lists

Nr URL

1 http://www.shell-storm.org/papers/index.php?lg=english

2 http://secdocs.lonerunners.net/

3 http://www.theamazingking.com/exploit.html

4 http://packetstormsecurity.org/files/tags/paper/

5 http://6dev.net/mirror/doc.bughunter.net/

6 http://www.fuzzysecurity.com/tutorials.html

7 http://projectshellcode.com/

8 http://tools.securitytube.net/index.php?title=Open_Security_Training

ITSecurityCatalog

98VariousStuff

19 http://jon.oberheide.org/mokb/

20 http://jon.oberheide.org/moab/

21 http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html

22 http://www.securityaegis.com/the-big-fat-metasploit-post/

23 http://www.gimpel.com/html/bugs.htm

24 http://reverse.put.as/papers/

25 [http://www.xchg.info/ARTeam/conferences/

26 https://code.google.com/p/pentest-bookmarks/

27 https://www.evernote.com/pub/wishi/crazylazy/

28 https://fuzzing-project.org/

29 code.google.com/p/chromium/issues/list...

30 bugzilla.mozilla.org/buglist.cgi...

31 http://www.ioactive.com/ioactive_labs_ad...

ITSecurityCatalog

99VariousStuff

32 https://docs.google.com/spreadsheets/d/1vY_GipkYMlaitw17UEvIl7J3oyw8iY59v97rSzjX4GM/edit#gid=0

Damnvulnerablethings

Nr URL Description

1 http://exploit-exercises.com/ Providesavarietyofvirtualmachinestoexploit

2 http://sourceforge.net/projects/metasploitable/files/ Metasploitable2

Trainings

Nr URL Description

1 https://www.corelan-training.com/

Win32ExploitDevelopmentclass

2 http://www.opensecuritytraining.info/Training.html TrainingClasses

3 http://pentest.cryptocity.net/

PenetrationTestingandVulnerabilityAnalysis

4 http://www.cis.syr.edu/~wedu/Teaching/CompSec/lecturenotes.html LectureNotes

5 https://community.rapid7.com/community/metasploit/blog/2012/07/05/part-1-metasploit-module-development--the-series

Metasploitexploitdevelopment-TheseriesPart1.

6 http://security.cs.rpi.edu/courses/binexp-spring2015/ModernBinaryExploitation

(tobecontinued...)

ArticlesonDebugging

ITSecurityCatalog

100VariousStuff

Nr URL Description

1 http://msdn.microsoft.com/en-us/magazine/cc163311.aspx

AnalyzeCrashestoFindSecurityVulnerabilitiesinYourApps

2https://blogs.technet.com/b/srd/archive/2009/01/28/stack-overflow-stack-exhaustion-not-the-same-as-stack-buffer-overflow.aspxnotthesameasstackbufferoverflow)

Stackoverflow(stackexhaustion)notthesameasstackbufferoverflow

3 http://sysc.tl/2009/07/02/freebsd-kernel-debugging/FreeBSDkerneldebugging

4 https://blogs.msdn.com/b/sudeepg/archive/2010/04/29/debugging-a-crash-an-example.aspx

debuggingacrash–Anexample

5 http://resources.infosecinstitute.com/debugging-fundamentals-for-exploit-development/

DebuggingFundamentalsforExploitDevelopment

6 http://resources.infosecinstitute.com/in-depth-seh-exploit-writing-tutorial-using-ollydbg/

OllyDbgTricksforExploitDevelopment

7 http://blogs.msdn.com/b/ntdebugging/archive/2013/06/14/understanding-pool-corruption-part-1-buffer-overflows.aspx

UnderstandingPoolCorruptionPart1–BufferOverflows

8 http://blogs.msdn.com/b/ntdebugging/archive/2013/08/22/understanding-pool-corruption-part-2-special-pool-for-buffer-overruns.aspx

UnderstandingPoolCorruptionPart2–SpecialPoolforBufferOverruns

9 http://blogs.msdn.com/b/ntdebugging/archive/2008/02/01/kernel-stack-overflows.aspx

KernelStackOverflows

10 http://www.contextis.com/resources/blog/kgdb-android-debugging-kernel-boss/

KGDBonAndroid:Debuggingthekernellikeaboss

ITSecurityCatalog

101VariousStuff

11 https://community.rapid7.com/community/metasploit/blog/2015/09/10/a-debugging-session-in-the-kernel

Adebuggingsessioninthekernel

12 https://objective-see.com/blog.html#blogEntry8

KernelDebuggingaVirtualizedOSXElCapitanImage

Listsoflistsofsecurityconferences

Nr URL Title

1 http://en.wikipedia.org/wiki/Computer_se... Computersecurityconference

2 http://www.secsocial.com/blog/?page_id=4... SecurityConferences

3 https://www.google.com/calendar/embed?sr... InformationSecurityConferences

4 http://www.ethicalhacker.net/component/o... EthicalHackerCalendar

5 http://packetstormsecurity.org/papers/ca... PacketStormCFPMonitor

6 http://satoss.uni.lu/lists/ Listofsecurityconferences

7 http://infosecevents.net/calendar/ Upcominginformationsecurityevents

8 http://research.phreedom.org/

TheSecurityResearchIndexisaprojectindendedtohelpthesecuritycommunitykeepupwithalltheresearchpresentedatconferencesaroundtheworld.

9 http://cc.thinkst.com/ ConCollector

10 http://securityconferences.net/ ComputerSecurityConferences

11 http://www.conpiler.com/ CONpiler—Securityconferencesaroundtheworld

12 https://secore.info/conferences SECurityOrganizer&ReporterExchange

13 http://www.clocate.com/conferences/it-se... Clocate-ConferencesandExhibitions

14 http://www.sp3ctr3.me/hardware-security-resources/ HardwareSecurityResources

ITSecurityCatalog

102VariousStuff

Bugbounty

Nr URL Description

1 http://weis2007.econinfosec.org/papers/29.pdf TheLegitimateVulnerabilityMarket

2 https://docs.google.com/present/view?id=0Ae_usSLlqH60ZGZnYjI0NTVfMjBobngybWRoaA&hl=en

Google'sVulnerabilityRewardPrograms

3 http://blog.nibblesec.org/2011/10/no-more-free-bugs-initiatives.html

http://www.bugsheet.com/bug-bounties

4 http://blog.bugcrowd.com/list-of-active-bug-bounty-programs/ TheBugBountyList

Timelineandhistory

ITSecurityCatalog

103VariousStuff

Nr URL Description

1 [http://ilm.thinkst.com/folklore/index.shtml

MemoryCorruptionandHackerFolklore

2 https://zynamics.files.wordpress.com/2010/02/code_reuse_timeline1.pngCodeReuseTimeline

3 [http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/

Past,Present,FutureofWindowsExploitation

4 https://media.blackhat.com/bh-us-10/whitepapers/Meer/BlackHat-USA-2010-Meer-History-of-Memory-Corruption-Attacks-wp.pdf

MemoryCorruptionAttacks:The(almost)CompleteHistory

5 [https://paulmakowski.wordpress.com/2011/01/25/smashing-the-stack-in-2011/

SmashingtheStackin2011

6 http://www.isg.rhul.ac.uk/sullivan/pubs/tr/technicalreport-ir-cs-73.pdf

MemoryErrors:ThePast,thePresent,andtheFuture

7 http://blogbromium.files.wordpress.com/2013/01/heap-sprays-to-sandbox-escapes_issa0113.pdf

HeapSpraystoSandboxEscapes:ABriefHistoryofBrowserExploitation

Media

ITSecurityCatalog

104VariousStuff

Nr URL Description

1 https://ange4771.imgur.com/AngeAlbertiniposters

2 [https://community.rapid7.com/community/infosec/blog/2011/02/24/dual-cores-metasploit-track-free-download

DualCore'sMetasploitTrack:FreeDownload!

3 http://0xdabbad00.com/2013/04/28/exploit-mitigation-kill-chain/ExploitMitigationKillChain

Advisories

Nr URL Description

1 https://github.com/QubesOS/qubes-secpack/tree/master/QSBs

QubesOSAdvisories

ITSecurityCatalog

105VariousStuff