- Go back to Home page (awesome list)
- See also Exploitation specific content
- "64 bytes and a ROP chain – A journey through nftables":
- "nix libX11: Uncovering and exploiting a 35-year-old vulnerability":
- "A few notes on AWS Nitro Enclaves: Images and attestation"
- "A first look at Android 14 forensics"
- "A "Gau-Hack" from EuskalHack"
- "A Practical Guide to PrintNightmare in 2024"
- "A Technical Deep Dive: Comparing Anti-Cheat Bypass and EDR Bypass "
- "A Trip Down Memory Lane"
- "An Introduction to Chrome Exploitation - Maglev Edition"
- "An unexpected journey into Microsoft Defender's signature World"
- "Advanced CyberChef Techniques For Malware Analysis - Detailed Walkthrough and Examples"
- "AES-GCM and breaking it on nonce reuse"
- "Analyzing Mutation-Coded - VM Protect and Alcatraz English"
- "ARLO: I'M WATCHING YOU"
- "ASLRn’t: How memory alignment broke library ASLR"
- "Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties"
- "Attacking Android Binder: Analysis and Exploitation of CVE-2023-20938"
- "Becoming any Android app via Zygote command injection"
- "Beyond Control: Exploring Novel File System Objects for Data-Only Attacks on Linux Systems"
- "BGGP4: A 420 Byte Self-Replicating UEFI App For x64"
- "Binary type inference in Ghidra"
- "Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC as Example"
- "Breaking the Flash Encryption Feature of Espressif’s Parts"
- "Bus Pirate 5: The Swiss ARRRmy Knife of Hardware Hacking"
- "Buying Spying Insights into Commercial Surveillance Vendors"
- "Bypassing EDRs With EDR-Preloading"
- "Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws"
- "Chaining N-days to Compromise All":
- "Check Point - Wrong Check Point (CVE-2024-24919)"
- "Code injection on Android without ptrace"
- "CodeQL zero to hero": Part 1 Part 2 Part 3
- "Commonly Abused Linux Initial Access Techniques and Detection Strategies"
- "Compiler Options Hardening Guide for C and C++"
- "Continuously fuzzing Python C extensions"
- "CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM"
- "CVE-2022-2586 Writeup"
- "CVE-2022-4262"
- "CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()"
- "Denial of Pleasure: Attacking Unusual BLE Targets with a Flipper Zero"
- "Deobfuscating Android ARM64 strings with Ghidra: Emulating, Patching, and Automating"
- "Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word"
- "Diving Deep into F5 Secure Vault"
- "DJI - The ART of obfuscation"
- "Docker Security – Step-by-Step Hardening (Docker Hardening)"
- "Driving forward in Android drivers"
- "Emulating RH850 architecture with Unicorn Engine"
- "Exploring AMD Platform Secure Boot"
- "Exploring GNU extensions in the Linux kernel"
- "Exploiting Empire C2 Framework"
- "Exploiting Enterprise Backup Software For Privilege Escalation":
- "Exploiting Reversing (ER) series":
- "Exploiting Steam: Usual and Unusual Ways in the CEF Framework"
- "Exploring object file formats"
- "Extracting Secure Onboard Communication (SecOC) keys from a 2021 Toyota RAV4 Prime"
- "Fault Injection Attacks against the ESP32-C3 and ESP32-C6"
- "Flatlined: Analyzing Pulse Secure Firmware and Bypassing Integrity Checking"
- "Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques"
- "Gaining kernel code execution on an MTE-enabled Pixel 8"
- "Ghidra nanoMIPS ISA module"
- "Going Native - Malicious Native Applications"
- "Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution"
- "GhostRace: Exploiting and Mitigating Speculative Race Conditions"
- "GraphStrike: Anatomy of Offensive Tool Development"
- "Hacking a Smart Home Device"
- "HEAP HEAP HOORAY — Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246)"
- "Hi, My Name is Keyboard"
- "Hiding Linux Processes with Bind Mounts"
- "Hunting down the HVCI bug in UEFI"
- "Hunting for Unauthenticated n-days in Asus Routers"
- "Iconv, Set the Charset to RCE":
- "Java Deserialization Tricks"
- "JTAG Hacking with a Raspberry Pi"
- "Kuiper Ransomware’s Evolution"
- "Inside the LogoFAIL PoC: From Integer Overflow to Arbitrary Code Execution"
- "LeftoverLocals: Listening to LLM responses through leaked GPU local memory"
- "Leveraging Binary Ninja il to Reverse a Custom ISA: Cracking the “pot of gold” 37C3"
- "Linux Kernel Exploitation":
- "ManageEngine ADAudit - Reverse engineering Windows RPC to find CVEs":
- "Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu"
- "Mali GPU Kernel LPE"
- "MalpediaFLOSSed"
- "Microsoft BitLocker Bypasses are Practical"
- "Modern implant design: position independent malware development"
- "My new superpower"
- "Not the Drones You're Looking For"
- "Operation triangulation":
- "Out-of-bounds read & write in the glibc's qsort()"
- "Patch Tuesday Diffing: CVE-2024-20696 - Windows Libarchive RCE"
- "PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack"
- "Playing with libmalloc in 2024"
- "Pumping Iron on the Musl Heap – Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap"
- "Pwn2Own Toronto 2023":
- "Pwning a Brother labelmaker, for fun and interop!"
- "Pwntools 10x":
- "Puckungfu 2: Another NETGEAR WAN Command Injection"
- "Recovering an ECU firmware using disassembler and branches"
- "regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)"
- "Resolving Stack Strings with Capstone Disassembler & Unicorn in Python"
- "Reverse engineering a car key fob signal "
- "Reverse Engineering Protobuf Definitions From Compiled Binaries"
- "ROPing Routers from scratch: Step-by-step Tenda Ac8v4 Mips 0day Flow-control ROP -> RCE"
- "Route to Safety: Navigating Router Pitfalls"
- "Rooting a Hive Camera"
- "SAME70 Emulator"
- "Say Friend and Enter":
- "Samsung NX related posts"
- "SECGlitcher (Part 1) - Reproducible Voltage Glitching on STM32 Microcontrollers"
- "Shell We Assemble?"
- "Shellcode evasion using WebAssembly and Rust"
- "SMM isolation":
- "Strengthening the Shield: MTE in Heap Allocators"
- "Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation"
- "The architecture of SAST tools: An explainer for developers"
- "The Dark Side of UEFI: A technical Deep-Dive into Cross-Silicon Exploitation"
- "The 'Invisibility Cloak' - Slash-Proc Magic"
- "The rev.ng decompiler goes open source + start of the UI closed beta"
- "The tale of a GSM Kernel LP"
- "The Wild West of Proof of Concept Exploit Code (PoC)"
- "The Windows Registry Adventure":
- "TIKTAG: Breaking ARM’s Memory Tagging Extension with Speculative Execution"
- "Tony Hawk’s Pro Strcpy"
- "Toolchain Necromancy: Past Mistakes Haunting ASLR"
- "TP-Link TDDP Buffer Overflow Vulnerability"
- "Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762"
- "Understanding AddressSanitizer: Better memory safety for your code"
- "Understanding Unix Garbage Collection and its Interaction with io_uring"
- "Understanding Windows x64 Assembly"
- "VBA: having fun with macros, overwritten pointers & R/W/X memory"
- "Windows Secure-Launch on Qualcomm devices"
- "Windows vs Linux Loader Architecture"
- "Writing a Debugger From Scratch"
- "Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller"
- "A Deep Dive Into Brute Ratel C4 Payloads"
- "A Deep Dive into Penetration Testing of macOS Applications (Part 1)"
- "A Deep Dive into TPM-based BitLocker Drive Encryption"
- "A Detailed Look at Pwn2own Automotive EV Charger Hardware"
- "A LibAFL Introductory Workshop"
- "A look at CVE-2023-29360, a beautiful logical LPE vuln"
- "A Journey Into Hacking Google Search Appliance"
- "A new method for container escape using file-based DirtyCred"
- "A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS: Synology DS920+ Edition"
- "A Potholing Tour in a SoC"
- "A Practical Tutorial on PCIe for Total Beginners on Windows":
- "A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM"
- "A Red-Teamer diaries"
- "A story about tampering EDRs"
- "Abusing Liftoff assembly and efficiently escaping from sbx"
- "Abusing RCU callbacks with a Use-After-Free read to defeat KASLR"
- "Abusing undocumented features to spoof PE section headers"
- "Achieving Remote Code Execution in Steam: a journey into the Remote Play protocol"
- "All about LeakSanitizer"
- "All cops are broadcasting: TETRA under scrutiny"
- "All my favorite tracing tools: eBPF, QEMU, Perfetto, new ones I built and more"
- "An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit"
- "An Introduction into Stack Spoofing"
- "Analysis on legit tools abused in human operated ransomware"
- "Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway":
- "Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991"
- "Analyzing a Modern In-the-wild Android Exploit"
- "Analyzing an Old Netatalk dsi_writeinit Buffer Overflow Vulnerability in NETGEAR Route"
- "ARM64 Reversing And Exploitation" (8ksec)
- "Attacking an EDR"
- "Attacking IoT Devices from Web Perspective"
- "Attacking JS engines: Fundamentals for understanding memory corruption crashes"
- "Audio with embedded Linux training"
- "Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike"
- "b3typer - bi0sCTF 2022"
- "Back to the Future with Platform Security"
- "Bash Privileged-Mode Vulnerabilities in Parallel Desktop and CDPATH Handling in MacOS"
- "Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs - CVE-2023-35803"
- "Behind the Shield: Unmasking Scudos's Defenses"
- "BlackLotus UEFI bootkit: Myth confirmed"
- "BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses"
- "BPF Memory Forensics with Volatility 3"
- "Breaking Fortinet Firmware Encryption"
- "Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability"
- "Breaking Secure Boot on the Silicon Labs Gecko platform"
- "Building a Custom Mach-O Memory Loader for macOS"
- "Building an Exploit for FortiGate Vulnerability CVE-2023-27997"
- "Bypassing a noexec by elf roping"
- "Bypassing PPL in Userland (again)"
- "Bypassing SELinux with init_module"
- "C101101: D-Link DIR-865L":
- "CAN Injection: keyless car theft"
- "chonked"
- "Code Execution in Chromium’s V8 Heap Sandbox"
- "Coffee: A COFF loader made in Rust"
- "Competing in Pwn2Own ICS 2022 Miami: Exploiting a zero click remote memory corruption in ICONICS Genesis64"
- "Conquering the memory through io_uring - Analysis of CVE-2023-2598"
- "Cracking Windows Kernel with HEVD"
- "Cueing up a calculator: an introduction to exploit development on Linux"
- "Customizing Sliver":
- "CVE-2022-27666: My file your memory"
- "CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup"
- "CVE-2023-2008 - Analyzing and exploiting a bug in the udmabuf driver"
- "CVE-2023-23504: XNU Heap Underwrite in dlil.c"
- "CVE-2023-26258 – Remote Code Execution in ArcServe UDP Backup"
- "CVE-2023-36844 And Friends: RCE In Juniper Devices"
- "CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent"
- "cURL audit: How a joke led to significant findings"
- "Debugger Ghidra Class"
- "Debugging D-Link: Emulating firmware and hacking hardware"
- "Decompilation Debugging"
- "Deep Lateral Movement in OT Networks: When is a Perimeter not a Perimeter?"
- "Defining the cobalt strike reflective loader"
- "Demystifying bitwise operations, a gentle C tutorial"
- "Detecting and decrypting Sliver C2 – a threat hunter’s guide"
- "Detecting BPFDoor Backdoor Variants Abusing BPF Filters"
- "Dirty Pagetable: A Novel Exploitation Technique To Rule Linux Kernel"
- "Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”"
- "Diving Into Smart Contract Decompilation"
- "Diving into Starlink's User Terminal Firmware"
- "DJI Mavic 3 Drone Research"
- "Drone Security and Fault Injection Attacks"
- "DualShock4 Reverse Engineering":
- "eBPF: A new frontier for malware"
- "Emulating IoT Firmware Made Easy: Start Hacking Without the Physical Device"
- "Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489)"
- "ENLBufferPwn (CVE-2022-47949)"
- "Escaping the Google kCTF Container with a Data-Only Exploit"
- "Exploitation of a kernel pool overflow from a restrictive chunk size (CVE-2021-31969)"
- "Exploitation of Openfire CVE-2023-32315"
- "Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI"
- "Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers"
- "Exploiting CVE-2021-3490 for Container Escapes"
- "Exploiting null-dereferences in the Linux kernel"
- "Exploring UNIX pipes for iOS kernel exploit primitives"
- "EPF: Evil Packet Filter"
- "Escaping from Bhyve"
- "ESP32-C3 Wireless Adventure A Comprehensive Guide to IoT"
- "Espressif ESP32: Breaking HW AES with Electromagnetic Analysis"
- "Espressif ESP32: Breaking HW AES with Power Analysis"
- "Examining OpenSSH Sandboxing and Privilege Separation – Attack Surface Analysis"
- "Executing Arbitrary Code & Executables in Read-Only FileSystems"
- "Exploit Engineering – Attacking the Linux Kernel"
- "Exploiting a Remote Heap Overflow with a Custom TCP Stack"
- "Exploring Hell's Gate"
- "Exploiting a bug in the Linux kernel with Zig"
- "Exploiting HTTP Parsers Inconsistencies"
- "Exploiting MikroTik RouterOS Hardware with CVE-2023-30799"
- "Exploring Android Heap Allocations in Jemalloc 'New'"
- "Exploring Linux's New Random Kmalloc Caches"
- "Exploring the section layout in linker output"
- "Fantastic Rootkits: And Where To Find Them":
- "Few lesser known tricks, quirks and features of C"
- "Finding and exploiting process killer drivers with LOL for 3000$"
- "Finding bugs in C code with Multi-Level IR and VAST"
- "Finding Gadgets for CPU Side-Channels with Static Analysis Tools"
- "For Science! - Using an Unimpressive Bug in EDK II to Do Some Fun Exploitation"
- "FortiNAC - Just a few more RCEs"
- "Fortinet Series 3 — CVE-2022–42475 SSLVPN exploit strategy"
- "Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues"
- "From C, with inline assembly, to shellcode"
- "Fuzzing Farm":
- "Fuzzing Golang msgpack for fun and panic"
- "Getting RCE in Chrome with incomplete object initialization in the Maglev compiler"
- "Ghidra" (Craig Young):
- "Ghost In The Wire, Sonic In The Wall - Adventures With SonicWall"
- "Google Chrome V8 ArrayShift Race Condition Remote Code Execution"
- "Hacking a Tapo TC60 Camera"
- "Hacking Amazon's eero 6 (part 1)"
- "Hacking Brightway scooters: A case study"
- "Hacking ICS Historians: The Pivot Point from IT to OT"
- "Hacking the Nintendo DSi Browser"
- "Hardware Hacking to Bypass BIOS Passwords"
- "Heads up! Xdr33, A Variant Of CIA’s HIVE Attack Kit Emerges"
- "How a simple K-TypeConfusion took me 3 months long to create a exploit? [HEVD] - Windows 11 (build 22621)"
- "How does Linux start a process"
- "How NATs Work":
- "How I Hacked my Car":
- "How I hacked smart lights: the story behind CVE-2022-47758"
- "How to Emulate Android Native Libraries Using Qiling"
- "How to Voltage Fault Injection"
- "How To Secure A Linux Server"
- "Hunting Vulnerable Kernel Drivers"
- "Icicle: A Re-designed Emulator for Grey-Box Firmware Fuzzing"
- "In-depth analysis on Valorant’s Guarded Regions"
- "In-Memory-Only ELF Execution (Without tmpfs)"
- "Intel BIOS Advisory – Memory Corruption in HID Drivers "
- "Intercepting Allocations with the Global Allocator"
- "Intro to Cutter"
- "Introduction to SELinux"
- "IoT Series":
- "JTAG 'Hacking' the Original Xbox in 2023"
- "Kernel Exploit Factory"
- "Learn Makefiles With the tastiest examples"
- "Let's build a Chrome extension that steals everything"
- "Let’s Go into the rabbit hole — the challenges of dynamically hooking Golang programs"
- "Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation)"
- "lexmark printer haxx"
- linux-re-101
- "Linux debugging, profiling and tracing training"
- "Linux Kernel Exploitation"
- "Linux Kernel PWN":
- "Linux Kernel Unauthenticated Remote Heap Overflow Within KSMBD"
- "Linux Kernel Teaching"
- "Linux Malware: Defense Evasion Techniques"
- "Linux Red Team":
- "Linux Remote Process Injection - (Injecting into a firefox process)"
- "Linux rootkits explained – Part 1: Dynamic linker hijacking"
- "Linux Shellcode 101: From Hell to Shell"
- "Local Privilege Escalation on the DJI RM500 Smart Controller"
- "Lord Of The Ring0":
- "Low-Level Software Security for Compiler Developers"
- "LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863"
- "Making TOCTOU Great again – X(R)IP"
- "Malware Reverse Engineering for Beginners":
- "Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects"
- "mast1c0re"
- "Mélofée: a new alien malware in the Panda's toolset targeting Linux hosts"
- "Meterpreter vs Modern EDR(s)"
- "MTE As Implemented":
- "mTLS: When certificate authentication is done wrong"
- "MSMQ QueueJumper (RCE Vulnerability): An in-depth technical analysis"
- "Multiple Vulnerabilities in Qualcomm and Lenovo ARM-based Devices"
- "NetGear Series: Emulating Netgear R6700V3 circled binary ":
- "New HiatusRAT Router Malware Covertly Spies On Victims"
- "NVMe: New Vulnerabilities Made Easy"
- "nftables Adventures: Bug Hunting and N-day Exploitation (CVE-2023-31248)"
- "Obscure Windows File Types"
- "Old Bug, Shallow Bug: Exploiting Ubuntu at Pwn2own Vancouver 2023"
- "One shot, Triple kill"
- "OPC UA Deep Dive Series":
- "OpenSSH Pre-Auth Double Free CVE-2023-25136 – Writeup and Proof-of-Concept"
- "OrBit: advanced analysis of a Linux dedicated malware"
- "OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow"
- "P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm"
- "P4wnP1-LTE"
- "Patches, Collisions, and Root Shells: A Pwn2Own Adventure"
- "Patch Tuesday -> exploit Wednesday: Pwning windows ancillary function driver for WinSock (afd.sys) in 24 hours"
- "Persistence Techniques That Persist"
- "Practical Introduction to BLE GATT Reverse Engineering: Hacking the Domyos EL500"
- "prctl anon_vma_name: An Amusing Linux Kernel Heap Spray"
- "Producing a POC for CVE-2022-42475 (Fortinet RCE)"
- "Protecting Android clipboard content from unintended exposure"
- "Protecting the Phoenix: Unveiling Critical Vulnerabilities in Phoenix Contact HMI"
- "Prototype Pollution in Python"
- "PSPRAY: Timing Side-Channel based Linux Kernel Heap Exploitation Technique"
- "PyLoose: Python-based fileless malware targets cloud workloads to deliver cryptominer"
- "PwnAgent: A One-Click WAN-side RCE in Netgear RAX Routers with CVE-2023-24749"
- "Pwnassistant - Controlling /home's via a Home Assistant RCE"
- "Pwning Pixel 6 with a leftover patch"
- "Pwning the tp-link ax1800 wifi 6 Router: Uncovered and Exploited a Memory Corruption Vulnerability"
- "Racing Against the Lock: Exploiting Spinlock UAF in the Android Kernel"
- "Readline crime: exploiting a SUID logic bug"
- "Red vs. Blue: Kerberos Ticket Times, Checksums, and You!"
- "Reptar"
- "Restoring Dyld Memory Loading"
- "Retreading The AMLogic A113X TrustZone Exploit Process"
- "Reversing UK mobile rail tickets"
- "Reversing Windows Container":
- "RISC-V Bytes: Exploring a Custom ESP32 Bootloader"
- "REUnziP: Re-Exploiting Huawei Recovery With FaultyUSB"
- "Revisiting CVE-2017-11176"
- "Rooting the FiiO M6":
- "Rooting Xiaomi WiFi Routers"
- "Rust Binary Analysis, Feature by Feature"
- "Rust to Assembly: Understanding the Inner Workings of Rust"
- "Rustproofing Linux":
- "scudo Hardened Allocator — Unofficial Internals Documentation"
- "Securing our home labs: Frigate code review"
- "Securing our home labs: Home Assistant code review"
- "SHA-1 gets SHAttered"
- "Shambles: The Next-Generation IoT Reverse Engineering Tool to Discover 0-Day Vulnerabilities"
- "Shell in the Ghost: Ghostscript CVE-2023-28879 writeup"
- "Shifting boundaries: Exploiting an Integer Overflow in Apple Safari"
- "Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100"
- "Smart Speaker Shenanigans: Making the Sonos ONE Sing its Secrets"
- "Smashing the state machine: the true potential of web race conditions"
- "SRE deep dive into Linux Page Cache"
- "Sshimpanzee"
- "Stepping Insyde System Management Mode"
- "Sudoedit bypass in Sudo <= 1.9.12p1 CVE-2023-22809"
- "THC's favourite Tips, Tricks & Hacks (Cheat Sheet)"
- "The ARM32 Scheduling and Kernelspace/Userspace Boundary"
- "The art of Fuzzing: Introduction"
- "The art of fuzzing: Windows Binaries"
- "The art of fuzzing-A Step-by-Step Guide to Coverage-Guided Fuzzing with LibFuzzer"
- "The Art Of Linux Persistence"
- "The Blitz Tutorial Lab on Fuzzing with AFL++"
- "The code that wasn’t there: Reading memory on an Android device by accident"
- "The Dragon Who Sold His camaro: Analyzing Custom Router Implant"
- "The Importance of Reverse Engineering in Network Analysis"
- "The Linux Kernel Module Programming Guide"
- "The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders"
- "The Role of the Control Flow Graph in Static Analysis"
- "The Silent Spy Among Us: Smart Intercom Attacks"
- "The Stack Series: The X64 Stack"
- "The Untold Story of the BlackLotus UEFI Bootkit"
- "Tickling ksmbd: fuzzing SMB in the Linux kernel"
- "Tool Release: Cartographer"
- "Total Identity Compromise: Microsoft Incident Response lessons on securing Active Directory"
- "Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was"
- "Your not so "Home Office" - SOHO Hacking at Pwn2Own"
- "Ubuntu Shiftfs: Unbalanced Unlock Exploitation Attempt"
- "Unauthenticated RCE on a RIGOL oscilloscope"
- "UNCONTAINED: Uncovering Container Confusion in the Linux Kernel"
- "Uncovering a crazy privilege escalation from Chrome extensions"
- "Uncovering HinataBot: A Deep Dive into a Go-Based Threat"
- "Under The Hood - Disassembling of IKEA-Sonos Symfonisk Speaker Lamp"
- "Understanding a Payload’s Life Featuring Meterpreter & Other Guests "
- "Understanding Dirty Pagetable - m0leCon Finals 2023 CTF Writeup"
- "Understanding the Heap - a beautiful mess"
- "Unleashing ksmbd: crafting remote exploits of the Linux kernel"
- "Unleashing ksmbd: remote exploitation of the Linux kernel (ZDI-23-979, ZDI-23-980)"
- "Unlimited Results: Breaking Firmware Encryption of ESP32-V3"
- "Unveiling secrets of the ESP32":
- "Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More"
- "What is Loader Lock?"
- "Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911)"
- "Windows Installer EOP (CVE-2023-21800)"
- "Writing your own RDI /sRDI loader using C and ASM"
- "Zenbleed"
- "Zero Effort Private Key Compromise: Abusing SSH-Agent For Lateral Movement"
- "A journey into IoT":
- "A Kernel Hacker Meets Fuchsia OS"
- "A Technical Analysis of Pegasus for Android":
- "ALL ABOUT USB-C: INTRODUCTION FOR HACKERS"
- "An In-Depth Look at the ICE-V Wireless FPGA Development Board"
- "ARM 64 Assembly Series":
- "Attacking the Android kernel using the Qualcomm TrustZone"
- "Attacking Titan M with Only One Byte"
- "Avoiding Detection with Shellcode Mutator"
- "BasicFUN Series":
- "Basics for Binary Exploitation"
- "Breaking Secure Boot on Google Nest Hub (2nd Gen) to run Ubuntu"
- "BrokenPrint: A Netgear stack overflow"
- "Bypassing software update package encryption ":
- "Bypassing vtable Check in glibc File Structures"
- "Blind Exploits to Rule Watchguard Firewalls"
- "BPFDoor - An Evasive Linux Backdoor Technical Analysis"
- "Canary in the Kernel Mine: Exploiting and Defending Against Same-Type Object Reuse"
- "Competing in Pwn2Own 2021 Austin: Icarus at the Zenith"
- "CoRJail: From Null Byte Overflow To Docker Escape Exploiting poll_list Objects In The Linux Kernel"
- "Corrupting memory without memory corruption"
- "Creating a Rootkit to Learn C"
- "CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel"
- "[CVE-2022-1786] A Journey To The Dawn"
- "CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF"
- "CVE-2022-27666: Exploit esp6 modules in Linux kernel"
- "CVE-2022-29582 An io_uring vulnerability"
- "Deconstructing and Exploiting CVE-2020-6418"
- "DirtyCred Remastered: how to turn an UAF into Privilege Escalation"
- "Disclosing information with a side-channel in Django"
- "Dumping the Amlogic A113X Bootrom"
- "Dynamic analysis of firmware components in IoT devices"
- "Embedded Systems Security and TrustZone"
- "Emulate Until You Make it"
- "EntryBleed: Breaking KASLR under KPTI with Prefetch (CVE-2022-4543)"
- "Expanding the Dragon: Adding an ISA to Ghidra"
- "Exploiting: Buffer overflow in Xiongmai DVRs"
- "Exploiting CSN.1 Bugs in MediaTek Basebands"
- "exploiting CVE-2019-2215"
- "Exploiting CVE-2022-42703 - Bringing back the stack attack"
- "Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847)"
- "Exploring the Hidden Attack Surface of OEM IoT Devices"
- "Firmware key extraction by gaining EL3"
- "Fortigate - Authentication Bypass Lead to Full Device Takeover"
- "Fourchain":
- "Fuzzing ping(8) … and finding a 24 year old bug"
- "Hacking Bluetooth to Brew Coffee from Github Actions":
- "Hackign More Secure Portable Storage Devices"
- "How did I approach making linux LKM rootkit, “reveng_rtkit” ?"
- "How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables"
- "Huawei Security Hypervisor Vulnerability"
- "Hunting for Persistence in Linux"
- "Hacking Some More Secure USB Flash Drives":
- "Learning eBPF exploitation"
- "Intro to Embedded RE":
- "Introduction to x64 Linux Binary Exploitation":
- "Linux Hardening Guide"
- "Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg"
- "Linux Kernel Exploit (CVE-2022–32250) with mqueue"
- "Linux SLUB Allocator Internals and Debugging":
- "Linternals: Introducing Memory Allocators & The Page Allocator"
- "Linternals: The Slab Allocator"
- "Linux kernel heap feng shui in 2022"
- "Looking for Remote Code Execution bugs in the Linux kernel"
- "Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys"
- "MeshyJSON: A TP-Link tdpServer JSON Stack Overflow"
- "Missing Manuals - io_uring worker pool"
- "Modifying Embedded Filesystems in ARM Linux zImages"
- "Netgear Orbi":
- "nday exploit: libinput format string bug, canary leak exploit (cve-2022-1215)"
- "NFC Relay Attack on Tesla Model Y"
- "Nightmare: One Byte to ROP // Deep Dive Edition"
- "Overview of GLIBC heap exploitation techniques"
- "Parsing TFTP in Rust"
- "Patching, Instrumenting & Debugging Linux Kernel Modules"
- "PCIe DMA Attack against a secured Jetson Nano (CVE-2022-21819)"
- "pipe_buffer arbitrary read write"
- "Pixel 6 Bootloader"
- "Port knocking from the scratch"
- "Pulling MikroTik into the Limelight"
- "Racing against the clock -- hitting a tiny kernel race window"
- "Replicating CVEs with KLEE"
- "Reversing C++, Qt based applications using Ghidra"
- "Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free"
- "Replicant: Reproducing a Fault Injection "
- "Researching Xiaomi’s Tee to Get to Chinese Money"
- "Reversing embedded device bootloader (U-Boot)":
- "Reverse Engineering a Cobalt Strike Dropper With Binary Ninja"
- "Reverse engineering an EV charger"
- "Reverse Engineering Dark Souls 3":
- "Reverse engineering integrity checks in Black Ops 3"
- "Reverse engineering thermal printers"
- "Reviving Exploits Against Cred Structs - Six Byte Cross Cache Overflow to Leakless Data-Oriented Kernel Pwnage"
- "SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)"
- "Shedding Light on Huawei's Security Hypervisor"
- "Shikitega - New stealthy malware targeting Linux"
- "side channels: power analysis"
- "side channels: using the chipwhisperer"
- "SIM Hijacking"
- "Spoofing Call Stacks To Confuse EDRs"
- "SROP Exploitation with radare2"
- "Stealing the Bitlocker key from a TPM"
- "Stranger Strings: An exploitable flaw in SQLite"
- "Survey of security mitigations and architectures, December 2022"
- "Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat"
- "Tetsuji: Remote Code Execution on a GameBoy Colour 22 Years Later"
- "The Dirty Pipe Vulnerability"
- "The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022"
- "The Old, The New and The Bypass - One-click/Open-redirect to own Samsung S22 at Pwn2Own 2022"
- "TheHole New World - how a small leak will sink a great browser (CVE-2021-38003)"
- "The toddler’s introduction to Heap exploitation":
- "TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-2021-4045)"
- "Tracing and Manipulating with DynamoRIO"
- "Trying To Exploit A Windows Kernel Arbitrary Read Vulnerability"
- "Turning Google smart speakers into wiretaps for $100k"
- "UWB Real Time Locating Systems: How Secure Radio Communications May Fail in Practice'"
- "Vulnerabilities and Hardware Teardown of GL.iNET GL-MT300N-V2 Router"
- "Vulnerabilities in BMC Firmware Affect OT/IoT Device Security":
- "Vulnerability Details for CVE-2022-41218"
- "Vulnerabilities in Tenda's W15Ev2 AC1200 Router"
- "When an N-Day turns into a 0day"
- "WPAxFuzz: Sniffing Out Vulnerabilities in Wi-Fi Implementations"
- "Write a Linux firewall from scratch based on Netfilter"
- "Yet another bug into Netfilter"
- "Xiongmai IoT Exploitation"
- "Zyxel authentication bypass patch analysis (CVE-2022-0342)"
- "A dive into the PE file format":
- "A Nerve-Racking Bug Collision in Samsung's NPU Driver"
- "A Practical Approach to Attacking IoT Embedded Designs":
- "Attacking Samsung RKP"
- "Automatic unpacking with Qiling framework"
- "BRAKTOOTH: Causing Havoc on Bluetooth Link Manager"
- "Breaking 64 bit aslr on Linux x86-64"
- "Bypassing GLIBC 2.32’s Safe-Linking Without Leaks into Code Execution: The House of Rust"
- "Complete Guide to Stack Buffer Overflow (OSCP Preparation)"
- "CVE-2020-3992 & CVE-2021-21974: Rre-auth Remote Code Execution in VMWare esxi"
- "CVE-2021–20226 a reference counting bug which leads to local privilege escalation in io_uring."
- "Da Vinci Hits a Nerve: Exploiting Huawei’s NPU Driver"
- "Digging into Linux namespaces":
- "Exploiting crash handlers: LPE on Ubuntu"
- "Extending Ghidra Part 1: Setting up a Development Environment"
- "Fire of Salvation Writeup: Utilizing msg_msg Objects for Arbitrary Read and Arbitrary Write in the Linux Kernel"
- "Fuzzing101 with LibAFL":
- "Getting to know memblock"
- "Ghidra 101":
- "GRCON 2021 - Capture the Signal"
- "Hacking the Furbo Dog Camera":
- "How AUTOSLAB Changes the Memory Unsafety Game"
- "Learning Linux Kernel Exploitation":
- "LinkSys EA6100 AC1200":
- "Linux Internals: How /proc/self/mem writes to unwritable memory"
- "Linux Kernel Exploitation":
- "Live Debugging Techniques for the Linux Kernel"
- "Malware development (0xPat)"
- "mooosl"
- "My RCE PoC walkthrough for (CVE-2021–21974) VMware ESXi OpenSLP heap-overflow vulnerability"
- "New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor"
- "New Old Bugs in the Linux Kernel"
- ["Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug"]
- "Pwn2Own Tokyo 2020: Defeating the TP-link AC1750"
- "Recovering a Full PEM Private key when Half of it is Redacted"
- "Reverse Engineering an Unknown Microcontroller"
- "Reverse Engineering Bare-Metal Firmware":
- "Reverse Engineering Yaesu FT-70D Firmware Encryption"
- "Syzkaller diving":
- "The Art of Exploiting UAF by Ret2bpf in Android Kernel"
- "The Oddest Place You Will Ever Find PAC"
- "Unveiling Evasive Techniques Employed by Malicious Linux Shell Scripts"
- "Wall Of Perdition: Utilizing msg_msg Objects For Arbitrary Read And Arbitrary Write In The Linux Kernel"
- "A Deep Dive Into Samsung's TrustZone"
- "An iOS hacker tries Android"
- "BGET Explained Binary Heap Exploitation on OP-TEE":
- "BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution"
- "CyRC analysis: CVE-2020-7958 biometric data extraction in Android devices"
- "CVE-2020-16040 Analysis & Exploitation"
- "Espressif ESP32: Bypassing Encrypted Secure Boot (CVE-2020-13629)"
- "Espressif ESP32: Bypassing Secure Boot using EMFI"
- "Espressif ESP32: Bypassing Flash Encryption (CVE-2020-15048)"
- "Espressif ESP32: Controlling PC during Secure Boot"
- "Detecting Linux memfd_create() Fileless Malware with Command Line Forensics"
- "Exception(al) Failure - Breaking the STM32F1 Read-Out Protection"
- "Flashback Connects - Cisco RV340 SSL VPN RCE"
- "Hardware Debugging for Reverse Engineers":
- "Hardware Hacking 101: Identifying and Dumping eMMC Flash"
- "House of Muney - Leakless Heap Exploitation Technique"
- "Learning to Decapsulate Integrated Circuits Using Acid Deposition"
- "Loading Dynamic Libraries on Mac"
- "Minesweeper - TP-Link Archer C7 LAN RCE"
- "My Methods To Achieve Persistence In Linux Systems"
- "nRF52 Debug Resurrection":
- "NTLM Relay"
- "Patch Diffing a Cisco RV110W Firmware Update"
- "Norec Attack: Stripping BLE encryption from Nordic’s Library (CVE-2020–15509)"
- "ret2dl_resolve x64: Exploiting Dynamic Linking Procedure In x64 ELF Binaries"
- "Safe-linking – Eliminating a 20 Year-old malloc() Exploit Primitive"
- "SSHD Injection and Password Harvesting"
- "There’s A Hole In Your SoC: Glitching The MediaTek BootROM"
- "Weekend Destroyer - RCE in Western Digital PR4100 NAS"
- "What're you telling me, Ghidra?"
- "Breaking out of Docker via runC – Explaining CVE-2019-5736"
- "Executable and Linkable Format 101":
- "Exploiting Qualcomm WLAN and Modem Over the Air"
- "Hacking microcontroller firmware through a USB"
- "Hardening Secure Boot on Embedded Devices for Hostile Environments"
- "How to Weaponize the Yubikey"
- "Pew Pew Pew: Designing Secure Boot Securely"
- "Pwn the ESP32 crypto-core"
- "Pwn the ESP32 Secure Boot"
- "Reverse Engineering Architecture And Pinout of Custom Asics"
- "Reverse-engineering Broadcom wireless chipsets"
- "Reverse Engineering of a Not-so-Secure IoT Device"
- "Virtualization Internals":
- "A Deep dive into (implicit) Thread Local Storage"
- "A Guide to ARM64 / AArch64 Assembly on Linux with Shellcodes and Cryptography"
- "ARM Exploitation":
- "CVE-2017-11176: A step-by-step Linux Kernel exploitation":
- "eMMC Data Recovery from Damaged Smartphone"
- "Kinibi TEE: Trusted Application Exploitation"
- "My journey towards Reverse Engineering a Smart Band — Bluetooth-LE RE"
- "Reverse Engineering BLE Devices"
- "Reversing ESP8266 Firmware":
- "Vectorized Emulation":438
- "Escalating Privileges in Linux using Fault Injection"
- "Hardware hacking tutorial: Dumping and reversing firmware"
- "HiSilicon DVR hack"
- "How I Reverse Engineered and Exploited a Smart Massager"
- "Linux Heap Exploitation Intro Series: Riding free on the heap – Double free attacks!"
- "Linux ptrace introduction AKA injecting into sshd for fun"
- "Over The Air":
- "Bypassing Secure Boot using Fault Injection"
- "munmap madness"
- "Implementation of Signal Handling"
- "Practical Reverse Engineering"
- "Understanding and Hardening Linux Containers"
- 0xtriboulet
- "A Noobs Guide to ARM Exploitation"
- "Advanced binary fuzzing using AFL++-QEMU and libprotobuf: a practical case of grammar-aware in-memory persistent fuzzing"
- "Advanced Compilers: The Self-Guided Online Course"
- "Analysis of a LoadLibraryA Stack String Obfuscation Technique with Radare2 & x86dbg"
- "Android Kernel Exploitation"
- Anti-Debug Tricks
- "ARM TrustZone: pivoting to the secure world"
- "ARMv8 AArch64/ARM64 Full Beginner's Assembly Tutorial"
- Awesome binary parsing
- Awesome Executable Packing
- Awesome Industrial Protocols
- "Brute Ratel - Scandinavian Defence"
- Comprehensive Rust
- CVE North Stars
- "Debugger Ghidra Class"
- DhavalKapil/heap-exploitation
- Diffing Portal
- exploit_mitigations
- Ghidriff - Ghidra Binary Diffing Engine
- "Grand Theft Auto A peek of BLE relay attack"
- ice9-bluetooth-sniffer
- "Illustrated Connections":
- "Introduction to encryption for embedded Linux"
- "Introduction to Malware Analysis and Reverse Engineering"
- "Kernel Address Space Layout Derandomization"
- "Kernel Exploit Recipes Notebook"
- "Laser-Based Audio Injection on Voice-Controllable Systems"
- Linux Kernel CVEs
- "Linux kernel exploit development"
- "Linux Kernel map"
- "Linux Insides"
- "Linux Syscalls Reference"
- "Lytro Unlock - Making a bad camera slightly better"
- "Minimizing Rust Binary Size"
- "mjsxj09cm Recovering Firmware And Backdooring"
- "Offensive security (0xtriboulet)"
- "Operating System development tutorials in Rust on the Raspberry Pi"
- "Practical Cryprography for Developers"
- Red-Team-Infrastructure-Wiki
- "Reverse Engineering For Everyone!"
- "Reverse Engineering WiFi on RISC-V BL602"
- "Rust Atomics and Locks"
- "RustRedOps"
- "Satellite Hacking Demystified(RTC0007)"
- TEE Reversing
- "THC's favourite Tips, Tricks & Hacks (Cheat Sheet)"
- tmpout.sh: collection of writeups on low-level stuff
- "Trail of Bits Testing Handbook"
- TripleCross
- USB-WiFi
- "VSS: Beginners Guide to Building a Hardware Hacking Lab"
- "WinDBG quick start tutorial"