GithubHelp home page GithubHelp logo

vault's Introduction

== Instrumentation and reverse code engineering technology:

  • general tools and attack surface:

dbg-heap crpt.
Clang-Type-conf.
possibly-instrument-mem-curp-with.
snowman.
Re-jpeg.
bugid-automated-bug-analysis.
testcase-reduction.
Smashing_The_Browser.
RTFfuzzer.
fuzzingImageMagick.
urlfuzzer.
build skia.
build skia(2).
asan+skia.
asan-win32.
dbg-ios.
swf-flash.
flash.
domato.
adobe reader.
old fuzzer.
ioctlbf.
krnlfuzz.
kfuzz.
bochspwn.
DdiMon.
build upon ddimon.
xenpwn.
icesword.
Bareflank.
proto-fuzz.
vtrace.
Rootkitsmm/Win32k-Fuzzer.
shellphish/fuzzer.

  • misc:
bbg-life.
j00ru//vx.
secfigo/Awesome-Fuzzing.

  • source code:
webgl.
firefox-src.
Mozilla pdf Src.
Mozilla Src.
chromium-src.
quic docs.
chromium quic.

  • env-nix*:
kgdb.
dharma/a>.
webGl/a>.
spiderMonkey.
GDB+py.
afl-qemu/testsuite.
WebAssembly/testsuite.
afl-setup.
afl.
revskills/fzbrowsers#/38.
fuzzing-ff.
gknik.
setup(asan&afl).
afl.
build skia.
build skia(2).
synthesizers.
skia-src.
dumb-input.
llvm.
Clang.

  • ida:
mwr win_driver_plugin.
ncc win_driver_plugin.
fireeye string extractor.
dev-new.
usefull.
joxeankoret/diaphora.

== Exploits, bugs and technical information:

  • javacript:
Acg-bypass ifratric.
Array bugs...
js-ll-overview.
saelo/v9.
firefox-ctf.
saelo->phrack.
p0-jscript.dll.
Ian Beer-(Safari-Browser-exploitation).
(v8-oob)->exp.
phoenhex.re.
Make LoadLibrary Great again.
heapLayOutOpt-for exp.
tc.codereview.
dv.

  • v8

Chrome exploits-(S0rryMybad).
v8-escape-analysis.
v8-opt.
beautiful v8 bug.
^^ much alike.
secmob-private-prop-v8.
secmob-oob.
v8-bytecode.
youtube-v8.
v8os.
v8.ppt.
v8mips.
v8.

  • Chakra:
improved-javascript-performance-webassembly-shared-memory (SharedArrayBuffer is deprecated as of spectre cpu-bug ..) .
p2o-2016.
expsky.
MxatoneMitagationCodeExecInEdge.
yuki-chen.
natashenka-Your_Chakra_Is_Not_Aligned.
oom.
Microsoft-Edge-Windows-10-RCE-EXPLOIT.

  • edgehtml:
bypass cfg++.

  • Wasm:
using-sharedarraybuffer-to-run-javascript-in-parallel.
Interacting-with-code.
emscripten.
compile-mdn.
tuto.
vuln-1.
vuln-2.

  • SandBox:
gpo chrome mojom::directory interface ...
chrome IPC.
google/sandbox-attacksurface-analysis-tools.
lokihardt-chromium escape.
lokihardt-SmartScreen-sbx cr.
secmob-play.google.com rce -> uxss -> chrome sanbox escape! (last pages of the pdf).
mj0011sec safari escape with kernel bug.
(phoenhex) pwn2own-17-safari-sandbox-escape.
SandboxEscaper edge blogpost.
SandboxEscaper/edge.
(forshaw) MSIE.
Chromium sb good overview page 36..
chrome-sb bug-0.
chrome-sb bug-1.
chrome-sb bug-2.

  • Other(browser):
flash zday.
webkit-zdi.
webkit exploit writeup.
webkit-oob-exploit.
chrome-pwnfest2016.
edgeangle.
logicBugsCh-mwr.
S0rryMybad(safariPwn2Own).
jscript9-typedarray-cfg.
chrome.
webkit.
uaf-exp.
zdi-jit.
tencents-chakra.
expsky-mit.
primitives.
js.
CVE-2017-0037.
4B5F5F4B.
ie win7 tc p0.
about the edge sandbox.
pwn-with-red.
34c3-bypass aslr side-channel.
pdfium-bug-0.

  • ServerSide & XSS
from ssrf-to-rce.
^^same.
mcafee-UXSS.
subverting ajax.
SSRF.
bo0om.ru.
lokihardt.
known problems.
Orange ama.
phrack ruby on rails vul.

  • kernel & desktop client side
intel igdkmd64 vul (talos).
RE:windows defender.
telegram zday.
macOs-exp.
winKernelPrimitivesPython(pal).
xairy/linux-kernel-exploitation.
xairy/kernel-exploits.
lgandx/PoC.
awesome-windows-exploitation.
linux-kernel-exploits.
windows-kernel-exploits.
OldKExp.
K0day+rce(win).
MortenSchenk.
winDnsClientRCE.
androidKernelPocs.
kSmbRceLinux.
_SEP_TOKEN_P.. arw.
sensepost ms16-098.
duplicate^.
same same but diff.
progmboy/cansecwest2017.
abatchy17.
pal.
dlpacketstorm.
x41.
pcap.
docs.
hitcoin.
flash as.
br.
safari.
Q overwrite.
tencent.
bypass-cfg.

  • Android:

(( android src )).

libstagefright.so.

kgdb.
/ele7enxxh/poc-exp pocs and exploits ..
fuzzing libStagefright on linux Qihoo.
@natashenka - android apk.
Attack surface and vul patterns.
fuzzing libStagefright.
more fuzzing.
android ASAN.
POC-2017-fuzzing android.
KernelDebugOnNexus6P.
broadpwn.
reversing firmware-andr.
UAF-kernel-and-keen-lab.
luaqemu_bcm_wifi.
android_vuln_poc-exp.
broadcoms-wi-fi_4-P0.
P0-baseband-exp.
TEES-P0.
wifi-cr.
Android Open Source Project.
source-andr.
andr-AFL.
fuzzing android syscalls.
bits-please.blogspot.
azeria.
/ge0n0sis.
ScottyBauer.
keen-lab.
mwr-labs.
arm-emu-vis.
SeLinuxExpPrivEsc.
gpo-0.
gpo-1.
gpo-2.
gpo-3.
gpo-4.
gpo-5.
gpo-6.

  • Other:

JSoverrides.
integers ovf.
artkond/cisco-rce.
SmbRce.
ApacheTomcatRce.
fishstiqz/poolinfo.
SomeAflTrivia.
windows-mitigations.
scrt@dns-hijack.

  • Speciel:
vmware-attack-surface.
ff-exp.
ImageMagickDecoderInfoLeak.
Crypto.
vmware_escape.
JailBreak.
full-exp-chain-chromium-os.
android-wifi-rce.
Hyper-v-short.
Intel-Me-Code-exec.
Qihoo-vmware-escape.
browser@jit-gen.
MsMp.NET.
scan-msmp-console.
MsMp-API-cpp.

  • fuzzing//dictionary
WebAudio.
^^ example bug.
^^ example dict.
SMIL.
IndexDB.
wasm.

  • pdf:
pdfium p0.
ke liu blackhat.
pdfium bugs ...
jaanus kaap fuzzing pdf's.
api's//formats.
insertscript-foxit.
angea.
Html2pdf.
tomcarver/pdf-tools.

  • Office:
office-JsApi.
office-JsApi-II.
office-JsApi-Vul.
office-word@mr_me.
some interesting api's...
embedi RCE.
Office fuzzer ...

  • ShellCode:
llib32.
peter calc.
skylined.
ssherei.
Apc.
Apc.
msf.
arch.
winapi.
Iat.
asnair.
RKX1209.
Salwan.
nixmix.
crypto.

  • vm:
50-shades-of-fuzzing vmware.
Qihoo-vmware-escape.
vmware_escape.
hyper-v bug.
hyper-v bug (gpo).
Xen-qlab.
xen-gpo-1.
xen-gpo-2.
xen-gpo-3.
vmware attack surface.
zdi bug vmware.
zdi bug vmware2.
zdi-zero nights vmware.
vmware-rpc-request-sniffing-zdi.
virtual box escape.

  • SysCalls:
tinysec.
j00ru.

  • Misc:
Tencent-xlab.
Chromium-ext.
CVE-2017-11767.

  • con:
inf.
recon.
a big thread.
PoC||GTFO mirror.
pacsecJp.

post

cross process code injection.

== misc++

registry-hide.
ARM-Qemu.
pykd.
TWindbg.
g-compute.

== Tech Low Level:

Compilers.
vm.

vault's People

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.