GithubHelp home page GithubHelp logo

vault's Introduction

== Instrumentation and reverse code engineering technology:

  • general tools and attack surface:

dbg-heap crpt.
Clang-Type-conf.
possibly-instrument-mem-curp-with.
snowman.
Re-jpeg.
bugid-automated-bug-analysis.
testcase-reduction.
Smashing_The_Browser.
RTFfuzzer.
fuzzingImageMagick.
urlfuzzer.
build skia.
build skia(2).
asan+skia.
asan-win32.
dbg-ios.
swf-flash.
flash.
domato.
adobe reader.
old fuzzer.
ioctlbf.
krnlfuzz.
kfuzz.
bochspwn.
DdiMon.
build upon ddimon.
xenpwn.
icesword.
Bareflank.
proto-fuzz.
vtrace.
Rootkitsmm/Win32k-Fuzzer.
shellphish/fuzzer.

  • misc:
docker.


  • source code:
Darwin-XNU.
webgl.
firefox-src.
Mozilla pdf Src.
Mozilla Src.
chromium-src.
quic docs.
chromium quic.

  • env-nix*:
libfuzzer tuto.
libfuzzer at llvm.
oss-fuzz.
kgdb.
dharma/a>.
webGl/a>.
spiderMonkey.
GDB+py.
afl-qemu/testsuite.
WebAssembly/testsuite.
afl-setup.
afl.
revskills/fzbrowsers#/38.
fuzzing-ff.
gknik.
setup(asan&afl).
afl.
build skia.
build skia(2).
synthesizers.
skia-src.
dumb-input.
llvm.
Clang.

  • ida:
mwr win_driver_plugin.
ncc win_driver_plugin.
fireeye string extractor.
dev-new.
usefull.
joxeankoret/diaphora.

  • IOS || MacOs
Darwin-XNU.
arm registers.
lldb.
a-fun-xnu-infoleak-great writeup!.
ctl_ctloutput-leak.
locating crash logs via itunes.
download webkit compiled.
developer.apple.crashlogs.
poc2018-IOUserClient.
poc2018-IMac internals- s Grob.
analyze runtime apps w/o jb.
p2o-mwr-safari.
fuzzing-p2o-mwr-safari.
sigoza_zeroc0n2018.
ian beer.
passcode bypass re.
getting panic logs.
xcode simbolize memorydump.
developer . apple . com/docu.
resiymbolize.
download kernel debug kit.
kernel dbg docu.
put.as.
gdb.
ian beer - build your own ios debugger.
ian beer deja-xnu.
ian beer ios 11 slides.
ian beer async_awake.
IOKitUser package.
frida.
debugging .
core dumps.
ret2systems fuzzing mobile safari.
gdb+.
vm pages...
darwin headers.
setup theos.
webkit expl tuto.
hooking with logos...

== Exploits, bugs and technical information:

  • javacript:
JSC exploit - 2018.
ifratric - IE infoleak exploit - heap manipulation..
safari reg-exp krzywix.
goog-v8 opt prototypes.
S0rryMyBad-chakra rce.
FUZZING JS INTERPETERS singi-ZEROCON17.
p2o 18 mwr safari exp.
from safari to kernel ZCON2018.
bhusa-ZDI from browser to system compromise.
Acg-bypass ifratric.
Array bugs...
js-ll-overview.
saelo/v9.
firefox-ctf.
saelo->phrack.
p0-jscript.dll.
Ian Beer-(Safari-Browser-exploitation).
(v8-oob)->exp.
phoenhex.re.
Make LoadLibrary Great again.
heapLayOutOpt-for exp.
tc.codereview.
dv.

  • v8

zerocon-Chrome internals & exploitation.
Chrome exploits-(S0rryMybad).
v8-escape-analysis.
v8-opt.
beautiful v8 bug.
^^ much alike.
secmob-private-prop-v8.
secmob-oob.
v8-bytecode.
youtube-v8.
v8os.
v8.ppt.
v8mips.
v8.

  • Chakra:
improved-javascript-performance-webassembly-shared-memory (SharedArrayBuffer is deprecated as of spectre cpu-bug ..) .
p2o-2016.
expsky.
MxatoneMitagationCodeExecInEdge.
yuki-chen.
natashenka-Your_Chakra_Is_Not_Aligned.
oom.
Microsoft-Edge-Windows-10-RCE-EXPLOIT.

  • edgehtml:
bypass cfg++.

  • Wasm:
using-sharedarraybuffer-to-run-javascript-in-parallel.
Interacting-with-code.
emscripten.
compile-mdn.
tuto.
vuln-1.
vuln-2.

  • SandBox:

PATCH CHROMIUM..

IndexedDB sbx - chromium 2018.
gpo chrome mojom::directory interface ...
chrome IPC.
google/sandbox-attacksurface-analysis-tools.
lokihardt-chromium escape.
lokihardt-SmartScreen-sbx cr.
secmob-play.google.com rce -> uxss -> chrome sanbox escape! (last pages of the pdf).
mj0011sec safari escape with kernel bug.
(phoenhex) pwn2own-17-safari-sandbox-escape.
SandboxEscaper edge blogpost.
SandboxEscaper/edge.
(forshaw) MSIE.
Chromium sb good overview page 36..
chrome-sb bug-0.
chrome-sb bug-1.
chrome-sb bug-2.

  • Other(browser):
dom spec.
JSoverrides.
flash zday.
webkit-zdi.
webkit exploit writeup.
webkit-oob-exploit.
chrome-pwnfest2016.
edgeangle.
logicBugsCh-mwr.
S0rryMybad(safariPwn2Own).
jscript9-typedarray-cfg.
chrome.
webkit.
uaf-exp.
zdi-jit.
tencents-chakra.
expsky-mit.
primitives.
js.
CVE-2017-0037.
4B5F5F4B.
ie win7 tc p0.
about the edge sandbox.
pwn-with-red.
34c3-bypass aslr side-channel.
pdfium-bug-0.

  • DOM bugs and UXSS
Blink type conf- guanggong 2018.
dom spec.
chrome-uxss.
a lot of uxss bugs.
mcafee-UXSS.
subverting ajax.
bo0om.ru.
lokihardt.

--chrome dom src--.
--webkit dom src--.

chrome uxss 0.
chrome uxss 1.
chrome uxss 2.
chrome uxss 3.
chrome uxss 4.
chrome uxss 5.
chrome uxss 6.
chrome uxss 8.
chrome uxss 9.
chrome uxss 10.
chrome uxss 11.
chrome uxss 12.
safari uxss 1.
safari uxss 2.
safari uxss 3.
safari uxss 4.
safari uxss 5.
safari uxss 6.
safari uxss 7.
safari uxss 8.

  • Server side & WEBSEC:
ncc- dns rebinding.
fb-django-rce.
SSRF.
known problems.
Orange ama.
from ssrf-to-rce.
^^same.
phrack ruby on rails vul.

  • kernel & desktop client side
cve-2018-8897 LPE WIN.
ensilo mitigations - windows internals 2018 RS3 || RS4.
msmpengine rar vuln gp0.
intel igdkmd64 vul (talos).
RE:windows defender.
telegram zday.
macOs-exp.
winKernelPrimitivesPython(pal).
xairy/linux-kernel-exploitation.
xairy/kernel-exploits.
lgandx/PoC.
awesome-windows-exploitation.
linux-kernel-exploits.
windows-kernel-exploits.
OldKExp.
K0day+rce(win).
MortenSchenk.
winDnsClientRCE.
androidKernelPocs.
kSmbRceLinux.
_SEP_TOKEN_P.. arw.
sensepost ms16-098.
duplicate^.
same same but diff.
progmboy/cansecwest2017.
abatchy17.
pal.
dlpacketstorm.
x41.
pcap.
docs.
hitcoin.
flash as.
br.
safari.
Q overwrite.
tencent.
bypass-cfg.

  • ios

  • Android:

(( android src )).
libstagefright.so.

QCOM pixel RE Tencent.
QLab bluetooth vuln's.
patch stagefright for fuzzing pdf.
patch stagefright to decode only one frame with ^^ (p35).
fix oom when building source..
enable binder & ashmem on lin the easy way ...
kgdb.
/ele7enxxh/poc-exp pocs and exploits ..
fuzzing libStagefright on linux Qihoo.
@natashenka - android apk.
Attack surface and vul patterns.
fuzzing libStagefright.
more fuzzing.
android ASAN.
POC-2017-fuzzing android.
KernelDebugOnNexus6P.
broadpwn.
reversing firmware-andr.
UAF-kernel-and-keen-lab.
luaqemu_bcm_wifi.
android_vuln_poc-exp.
broadcoms-wi-fi_4-P0.
P0-baseband-exp.
TEES-P0.
wifi-cr.
Android Open Source Project.
source-andr.
andr-AFL.
fuzzing android syscalls.
bits-please.blogspot.
azeria.
/ge0n0sis.
ScottyBauer.
keen-lab.
mwr-labs.
arm-emu-vis.
SeLinuxExpPrivEsc.
gpo-0.
gpo-1.
gpo-2.
gpo-3.
gpo-4.
gpo-5.
gpo-6.
samsung guanggong cansecwest.

  • Other:

smb null deref.
integers ovf.
artkond/cisco-rce.
SmbRce.
ApacheTomcatRce.
fishstiqz/poolinfo.
SomeAflTrivia.
windows-mitigations.
scrt@dns-hijack.

  • Com:

com gp0 blog.
COM in 60 seconds.
sandboxescaper-flash-com-server.
iid-clsid-progid.
ExploitDotNetDCOMSerializer.
interop.
cli-vs.
.net-com.
doc-IUnkown.
p0-com-blog.
wincombug.
intelcombug.
SandboxEscaper-flash.
ie11-sbx.
ole-view-dotnet.
bhusa=2014 ie sbx forshaw.
idl decompiler.

  • flash:
gp0 flash.
0x0 configure jre for flex.
0x1 configure jre for flex.
action script api.
flash projector.
adobe flex.
@natashenka recon.

  • Speciel:
vmware-attack-surface.
ff-exp.
ImageMagickDecoderInfoLeak.
Crypto.
vmware_escape.
JailBreak.
full-exp-chain-chromium-os.
android-wifi-rce.
Hyper-v-short.
Intel-Me-Code-exec.
Qihoo-vmware-escape.
browser@jit-gen.
MsMp.NET.
scan-msmp-console.
MsMp-API-cpp.

  • fuzzing//dictionary
WebAudio.
^^ example bug.
^^ example dict.
SMIL.
IndexDB.
wasm.

  • pdf:
pdfmutation.
pdfium p0.
ke liu blackhat.
pdfium bugs ...
jaanus kaap fuzzing pdf's.
api's//formats.
insertscript-foxit.
angea.
Html2pdf.
dumbf.
tomcarver/pdf-tools.

  • Office:
office-JsApi.
office-JsApi-II.
office-JsApi-Vul.
office-word@mr_me.
some interesting api's...
embedi RCE.
Office fuzzer ...

  • ShellCode:
llib32.
peter calc.
skylined.
ssherei.
Apc.
Apc.
msf.
arch.
winapi.
Iat.
asnair.
RKX1209.
Salwan.
nixmix.
crypto.

  • vm:
zdi - virtual box escape.
virtual-box escape.
keenlab vmware escapes!.
@_niklasb insomaninhack virtualbox (video).
virtual box escapes.
50-shades-of-fuzzing vmware.
Qihoo-vmware-escape.
vmware_escape.
hyper-v bug.
hyper-v bug (gpo).
Xen-qlab.
xen-gpo-1.
xen-gpo-2.
xen-gpo-3.
vmware attack surface.
zdi bug vmware.
zdi bug vmware2.
zdi-zero nights vmware.
vmware-rpc-request-sniffing-zdi.
virtual box escape.

  • SysCalls:
tinysec.
j00ru.

  • Misc:
Tencent-xlab.
Chromium-ext.
CVE-2017-11767.

  • con:
inf.
recon.
a big thread.
PoC||GTFO mirror.
pacsecJp.

post

cross process code injection.

== misc++

registry-hide.
ARM-Qemu.
pykd.
TWindbg.
g-compute.

== Tech Low Level:

Compilers.
vm.

https://paypal.me/theakayn

vault's People

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.