二进制情报推送记录 · De4dCr0w's Blog

2019/10/18-二进制情报推送

[1] r3kapig HITCON CTF 2019 Writeup https://r3kapig.com/writeup/20191018-hitcon-quals/

[2] Analyzing Linux kernel crash dumps with crash https://www.dedoimedo.com/computers/crash-analyze.html

[3] gdb 分析崩溃文件 http://www.brendangregg.com/blog/2016-08-09/gdb-example-ncurses.html

[4] IDA静态分析的一系列手册和环境，该网站有丰富的课程学习 https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/technical-operational#identification_handling https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/documents/static-analysis-of-artefacts-toolset.pdf https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/documents/static-analysis-of-artefacts-handbook.pdf

[6] 研究员 Brandon Falk 开源了一个用于 Fuzz calc.exe 计算器程序的工具 https://github.com/gamozolabs/guifuzz

2019/10/21-二进制情报推送

[1] OSDFCon19会议关于 Linux 操作系统取证分析的议题 ——Slide https://github.com/ashemery/LinuxForensics

[2] QEMU 虚拟机逃逸相关的漏洞资料整理 https://github.com/ray-cp/vm-escape

[3] Sans关于信息安全各个方向的paper，部分提供免费下载 https://www.sans.org/reading-room

[4] LibreOffice 在文件转换时产生的漏洞分析 https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/

[5] CVE-2019-2215：Android 提权漏洞分析，附提权poc https://hernan.de/blog/2019/10/15/tailoring-cve-2019-2215-to-achieve-root/

[6] ByePg：对异常挂钩对抗PatchGuard以及原理分析 https://blog.can.ac/2019/10/19/byepg-defeating-patchguard-using-exception-hooking/

2019/10/22-二进制情报推送

[1] CppCon 2019议题分享：当代的C++逆向工程——Youtube https://www.youtube.com/watch?v=ZJpvdl_VpSM

[2] DEFCON 27 历史议题下载 https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20presentations/

[3] Python Security - 记录 Python 历史漏洞及补丁版本信息的 Repo https://github.com/vstinner/python-security

[4] Git 内部是如何存储数据的以及如何实现的 Git 历史的 Rewriting https://blog.isquaredsoftware.com/presentations/2019-03-git-internals-rewrite/#/0

[5] DEFCON历史议题下载 https://media.defcon.org/

2019/10/23-二进制情报推送

[1] RUBY 2.X UNIVERSAL RCE DESERIALIZATION GADGET CHAIN https://www.elttam.com.au/blog/ruby-deserialization/

[2] qemu-pwn-基础知识 https://ray-cp.github.io/archivers/qemu-pwn-basic-knowledge

[3] vm-escape case搜集： https://github.com/ray-cp/vm-escape/tree/master/qemu-escape

[4] 有人公开了一个 NTFS MFT parsing 的整数溢出 0Day，可以触发蓝屏 https://exatrack.com/public/vuln_NTFS_EN.pdf

[5] BROP技术研究 https://mp.weixin.qq.com/s/Old4dKS2aDp1TETTn0WzoQ

[6] 手把手教你构建 C 语言编译器（2）- 虚拟机 https://lotabout.me/2015/write-a-C-interpreter-2/

[7] VM pwn 初探 http://dittozzz.top/2019/09/28/VM-pwn-%E5%88%9D%E6%8E%A2/

2019/10/25-二进制情报推送

[1] HITCON CTF Quals 2019 PoE 官方题解https://david942j.blogspot.com/2019/10/official-write-up-hitcon-ctf-quals-2019.html

[2] 分析恶意软件Malware过程系列 https://poxyran.github.io/poxyblog/src/pages/22-10-2019-unpacking-malware-series-maze-ransomware.html

[3] pyvmidbg - 在 KVM 平台利用虚拟机自省技术（VMI）实现对虚拟机的调试 https://youtu.be/U-wDpvItPUU

[4] linux kernel 研究的博客推荐 https://duasynt.com/blog/linux-kernel-module-autoloading

[5] linux kernel pwn - pwnbox - InCTF Internationals 2019 https://blog.bi0s.in/2019/10/11/Pwn/Kernel-Exploitation/pwnbox_md/

[6] remain - SECCON CTF Quals 2019 - glibc 2.30 https://blog.bi0s.in/2019/10/20/Pwn/remain/

[7] PSec 2019 会议《Advancing Windows Security》的演讲视频 https://www.platformsecuritysummit.com/2019/speaker/weston/

[8] MMD研究员对于Linux后渗透的蓝队视角 https://2019.hack.lu/archive/2019/Fileless-Malware-Infection-and-Linux-Process-Injection-in-Linux-OS.pdf

2019/10/28-二进制情报推送

[1] Exploiting UMA, FreeBSD’s kernel memory allocator http://phrack.org/issues/66/8.html#article

[2] Linux内核5.1.17之前，Metasploit模块利用了kernel / ptrace.c中ptrace_link中的问题 https://packetstormsecurity.com/files/154957

[3] Removing ROP Gadgets from OpenBSD https://www.openbsd.org/papers/asiabsdcon2019-rop-slides.pdf

[4] Paper《Compiler Fuzzing: How Much Does It Matter》 https://srg.doc.ic.ac.uk/files/papers/compilerbugs-oopsla-19.pdf

[5] 一种利用补丁的未知漏洞发现方法 http://www.jos.org.cn/jos/ch/reader/create_pdf.aspx?file_no=5505&journal_id=jos

[6] A Measurement Study on Linux Container Security: Attacks and Countermeasures https://loccs.sjtu.edu.cn/gossip//blog/2019/03/27/a-measurement-study-on-linux-container-security-attacks-and-countermeasures/

2019/10/29-二进制情报推送

[1] 推荐一个博客，里面内容比较杂，啥都有一点，搞Windows kernel时可以看看 http://showlinkroom.me/

[2] Exploiting COF Vulnerabilities in the Linux kernel https://ruxcon.org.au/assets/2016/slides/ruxcon2016-Vitaly.pdf

[3] sec-wiki上关于linux-kernel的资料 https://www.sec-wiki.com/news/search?wd=linux+kernel

[4] linux kernel exploit搜集 https://github.com/SecWiki/linux-kernel-exploits

[5] linux 内核内存管理 slub算法（一）原理 https://blog.csdn.net/lukuen/article/details/6935068

2019/10/31-二进制情报推送

[1] Check Point Research Vulnerability Repository https://cpr-zero.checkpoint.com/

[2] Orange 对近期 PHP-FPM RCE(CVE-2019-11043) 漏洞的分析 https://blog.orange.tw/2019/10/an-analysis-and-thought-about-recently.html

[3] 推荐一个知识面涉及巨广的博客 https://www.cnblogs.com/LittleHann/

[4] C++ links: debugging - tracing https://github.com/MattPD/cpplinks/blob/master/debugging.tracing.md

[5] Deep Dive: Intel Analysis of Speculative Behavior of SWAPGS and Segment Registers https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-speculative-behavior-swapgs-and-segment-registers

[6] 大宝在iOS上找到的一个引用计数重复释放的漏洞，和最近调引用计数的kernel漏洞相关，配合着一起看 https://blogs.projectmoon.pw/iOS/iOS_13_1_3_Full_Chain_Eop.pdf

[7] 推荐一个博客Project Moon，主要是浏览器、系统漏洞相关 https://blogs.projectmoon.pw/

[8] 腾讯玄武最新的推送地址，微博经常删除或者不更 https://sec.today/pulses/

2019/11/04 [1] git-vuln-finder：一款从git commit中查找潜在的安全漏洞工具 https://github.com/cve-search/git-vuln-finder

[2] 一个return-to-user的kernel 利用技巧练习 https://github.com/pr0cf5/kernel-exploit-practice/tree/master/return-to-user

[3] Windows漏洞利用开发——生成Win32 ROP利用链 https://h0mbre.github.io/Creating_Win32_ROP_Chains/#

[4] 0day以及Nday漏洞的分析笔记和Poc搜集 https://github.com/badd1e/Disclosures

[5] Virtuailor：用于在IDA Pro中自动创建C ++虚表的IDAPython工具 https://www.kitploit.com/2019/11/virtuailor-idapython-tool-for-creating.html

2019/11/05

[1] Getting Arbitrary Code Execution from fopen’s 2nd Argument http://hugeh0ge.github.io/2019/11/04/Getting-Arbitrary-Code-Execution-from-fopen-s-2nd-Argument/

[2] Windows Security Internals，介绍了 Windows 驱动安全开发、基于硬件、模拟器的安全解决方案 https://onedrive.live.com/view.aspx?resid=6B6F697B4993F8EA!25998&ithint=file%2cpptx&authkey=!AH0gGR0QDyy4Cl0

[3] 人工智能（AI）安全方向的资料整理 https://github.com/DeepSpaceHarbor/Awesome-AI-Security

[4] https://github.com/0vercl0k/rp rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries.

[5] awesome-windows-exploitation https://github.com/r3p3r/nixawk-awesome-windows-exploitation

[6] Hack.lu 2019 会议关于如何提取设备固件的一个议题 https://2019.hack.lu/archive/2019/snarf-it_pub.pdf

[7] 利用 r2 逆向分析框架分析 Windows Minidumps https://radareorg.github.io/blog/posts/minidump/

[8] 如何提高 Generative Fuzzers 的效率 https://blog.regehr.org/archives/1700

[9] (MSRC Case 54347) Microsoft Windows Service Host (svchost) 本地提权漏洞的分析 https://nafiez.github.io/security/eop/2019/11/05/windows-service-host-process-eop.html

2019/11/06:

[1] 推荐一个很不错的有关linux kernel pwn的博客 *** https://blog.lizzie.io/

[2] 浅谈Bypass disable_function https://mp.weixin.qq.com/s/sWDXjrRCGzSaFSbCkntj4g

[3] Google CTF 2019 Gomium Pwn Challenge writeup https://github.com/netanel01/ctf-writeups/blob/master/googlectf/2019/pwn_gomium/README.md

[4] GeekPwn2018 VMWare ESXi and Workstation Uninitialized Variable RCE（CVE-2018-6981）漏洞分析 https://github.com/badd1e/Disclosures/tree/master/CVE-2018-6981_VMWare_ESXi

[5] James Forshaw 2016 年在 Troopers 会议的演讲： The Joy of Sandbox Mitigations https://www.troopers.de/media/filer_public/f6/07/f6076037-85e0-42b7-9a51-507986edafce/the_joy_of_sandbox_mitigations_export.pdf

[6] CVE-2019-12527：Squid缓冲区溢出漏洞利用分析 https://cert.360.cn/report/detail?id=0c5d2571c8910f242945f9532b6a404c

2019/11/08

[1] 内核利用实践：绕过KPTI和SMEP https://github.com/pr0cf5/kernel-exploit-practice/tree/master/bypass-smep

[2] 新手向——CVE-2017-11176漏洞分析（下）—— 调试一个内核漏洞 https://www.anquanke.com/post/id/190279

[3] Privilege escalation in Windows Domains https://blog.compass-security.com/2019/07/privilege-escalation-in-windows-domains-1-3/ https://blog.compass-security.com/2019/08/privilege-escalation-in-windows-domains-2-3/ https://blog.compass-security.com/2019/08/privilege-escalation-in-windows-domains-3-3/

[4] Reversing GO binaries like a pro https://rednaga.io/2016/09/21/reversing_go_binaries_like_a_pro/

[5] Attacking Hyper-V —— Poc 2019 Slide https://github.com/FoxHex0ne/Slides

[6] Windows win32k xxxCreateWindowEx 内核信息泄露漏洞（CVE-2019-1071）的分析 https://www.ragestorm.net/blogs/?p=458

[7] Wireshark 教程：分析Trickbot（窃取用户信息和银行恶意软件感染）原理 https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-trickbot-infections/

[8] Crackme 移动端合集 https://github.com/OWASP/owasp-mstg/tree/master/Crackmes

[9] CVE-2019-2215：安卓 /dev/binder UAF 漏洞分析 https://dayzerosec.com/posts/analyzing-androids-cve-2019-2215-dev-binder-uaf/

2019/11/12

[1] Linux-Slub-Overflow-Exploit https://www.w0lfzhang.com/2017/09/07/Linux-Slub-Overflow-Exploit/

[2] 你用它上網，我用它進你內網! 中華電信數據機遠端代碼執行漏洞 https://blog.orange.tw/2019/11/HiNet-GPON-Modem-RCE.html

[3] 一些阅读源码和 Fuzzing 的经验，涵盖黑盒与白盒测试 https://github.com/lcatro/Source-and-Fuzzing

[4] Trail of Bits Blog 发了一篇关于 Fuzz 测试用例集精简的 Blo https://blog.trailofbits.com/2019/11/11/test-case-reduction/

[5] Hunting Advanced IoT Malware，来自 AVAR 2019 会议 https://drive.google.com/file/d/1XYZu-iAUmHYn04qZuHLHF1LOuyw5fHYV/view

[6] 微软研究员关于内存安全的一个演讲《Quest Memory Safety》 https://github.com/microsoft/MSRC-Security-Research/tree/master/presentations/2019_09_Ekoparty

2019/11/13

[1] 微软11月安全更新，共修复74个漏洞，其中比较重要的是IE 远程执行漏洞（CVE-2019-1429） https://www.zdnet.com/article/microsofts-november-2019-patch-tuesday-arrives-with-a-patch-for-an-ie-zero-day/

[2] Adobe 11月安全更新 https://helpx.adobe.com/security.html

[3] Android 11月安全更新 https://source.android.com/security/bulletin/2019-11-01.html

[4] Intel 11月安全更新，修复了Zombie v2变种 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

[5] SAP 11月安全更新 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390

[6] CVE-2019-1384：NTLM Reflection 漏洞分析 https://shenaniganslabs.io/2019/11/12/Ghost-Potato.html

[7] 更新后的Zombieload文档 https://zombieloadattack.com/zombieload.pdf

2019/11/14

[1] Issue 1957: Ubuntu: refcount underflow and type confusion in shiftfs https://bugs.chromium.org/p/project-zero/issues/detail?id=1957

[2] 跟IDA Pro有关的资源收集。当前包括的工具个数450左右 https://github.com/xrkk/awesome-ida

[3] PowerFL - Fuzzing VxWorks 嵌入式系统 https://www.petergoodman.me/docs/qpss-2019-slides.pdf

[4] Hackers to Hackers(H2HC) 2019 会议的议题 PPT 公开了 https://github.com/h2hconference/2019

[5] DEFCon 2016 会议上《Attacking & Auditing Docker Containers Using Open Source》相关的工具和代码公开了 https://github.com/appsecco/defcon-26-workshop-attacking-and-auditing-docker-containers

[6] H2HC - Daniel Medina - Modern Heap Exploitation The Poison NULL byte.pptx https://github.com/h2hconference/2019/blob/master/H2HC%20-%20Daniel%20Medina%20-%20Modern%20Heap%20Exploitation%20The%20Poison%20NULL%20byte.pptx

[7] H2HC University - Scotti & Hamasaki - Dissecting a Linux Kernel Exploit.pdf https://github.com/h2hconference/2019/blob/master/H2HC%20University%20-%20Scotti%20%26%20Hamasaki%20-%20Dissecting%20a%20Linux%20Kernel%20Exploit.pdf

[8] H2HC - Marek Zmyslowski - Crash Analysis with Reverse Taint.pptx https://github.com/h2hconference/2019/blob/master/H2HC%20-%20Marek%20Zmyslowski%20-%20Crash%20Analysis%20with%20Reverse%20Taint.pptx

[9] CVE-2019-1347: When a mouse over a file is enough to crash your system https://blog.tetrane.com/2019/11/12/pe-parser-crash.html

2019/11/15

[1] iOS越狱的发展历程 https://api.tihmstar.net/35c3slides.pdf

[2] 挖洞心路历程学习——Video https://media.ccc.de/v/35c3-9579-attacking_chrome_ipc

[3] 使用AFL对Linux内核Fuzzing的总结 https://www.4hou.com/info/news/20269.html

[4] jingyi的fuzz工具总结，有时间得看了 https://xz.aliyun.com/t/5521

[5] bochspwn_reloaded-j00ru一年半工作的总结 https://j00ru.vexillium.org/papers/2018/bochspwn_reloaded.pdf

[6] 推荐一个博客，从j00ru那里得知 https://hasherezade.github.io/

[7] j00ru发布过的文章和paper https://j00ru.vexillium.org/articles/

[8] j00ru参加过的议题分享 https://j00ru.vexillium.org/talks/

2019/11/18

[1] 关于Linux v5.3版本内核安全建议 https://outflux.net/blog/archives/2019/11/14/security-things-in-linux-v5-3/

[2] DEF CON 27 Conference - Wenxiang Qian - Breaking Google Home Exploit It with SQLite ——Video https://www.youtube.com/watch?v=YBwT7PU6QU4&feature=youtu.be

[3] Fuzzing平台建设的研究与设计 https://mp.weixin.qq.com/s/ziri8oOb4aF26nB1DBaPrQ

[4] bluekeep漏洞Windows7 32位下的Poc，作者测试大约有80%的成功率 https://github.com/0xeb-bp/bluekeep

[5] 像NSA一样渗透企业内部网 —— Orange Tsai在DEF CON 27会议上的分享 https://www.youtube.com/watch?v=1IoythC_pIY

[6] DEF CON 27 Conference - Omer Yair - Exploiting Windows Exploit Mitigation for ROP Exploits https://www.youtube.com/watch?v=gIJOtP1AC3A

[7] CVE-2019-9810：IonMonkey——Mozilla JIT 引擎导致root的漏洞分析（Pwn2Own 2019） https://doar-e.github.io/blog/2019/06/17/a-journey-into-ionmonkey-root-causing-cve-2019-9810/

[8] Jandroid：用于半自动化识别Android应用上可利用的逻辑漏洞 https://github.com/FSecureLABS/Jandroid

2019/11/19

[1] j00ru主编的《PageOut》发布第二期 https://pagedout.institute/download/PagedOut_002_beta2.pdf#page=24

[2] AFL Fuzz 相关的资料整理 https://github.com/Microsvuln/Awesome-AFL

[3] Nicolas Joly 关于Outlook漏洞挖掘的议题分享——Video https://www.youtube.com/watch?v=Voee9DgojPA&feature=youtu.be

[4] 正好需要学的几个利用技巧都在这（brop、ret2_csu_init、ret2dlresolve、srop）： https://github.com/nushosilayer8/pwn

[5] Dragon CTF 2019 题解Slide https://twitter.com/DragonSectorCTF/status/1196550086005678081?s=19

[6] j00ru Dragon CTF 2019上关于BabyKernel的题解（Windows x64下）——有时间需要学习一下Windows内核 https://github.com/j00ru/ctf-tasks/tree/master/Dragon%20CTF%202019/Main%20event/BabyKernel

2019/11/20/

[1] 利用HEVD学习windows kernel exploit 正式篇1 StackOverflow http://showlinkroom.me/2019/06/16/WindowKernelExploit01/

[2] Google CTF 2019 比赛题目的 Solutions 公开了 https://github.com/google/google-ctf/blob/master/2019/finals/solutions.pdf

[3] Javafuzz - 基于覆盖率反馈的用于测试 Java Package 的 Fuzz 工具 https://github.com/fuzzitdev/javafuzz

[4] IDA Pro Malware Analysis Tips（视频） https://youtu.be/qCQRKLaz2nQ

[5] ELF格式说明文档 http://www.skyfree.org/linux/references/ELF_Format.pdf

[6] glibc内存管理ptmalloc源代码分析.pdf https://paper.seebug.org/papers/Archive/refs/heap/glibc%E5%86%85%E5%AD%98%E7%AE%A1%E7%90%86ptmalloc%E6%BA%90%E4%BB%A3%E7%A0%81%E5%88%86%E6%9E%90.pdf

[7] 重磅｜国家网信办《网络安全威胁信息发布管理办法(征求意见稿)》及答记者问 https://mp.weixin.qq.com/s/Ox3BUd9fNooyBLhJ8hw-vQ

2019/11/21

[1] POC 2019 议题下载 http://powerofcommunity.net/2019.htm

[2] TokyoWesterns CTF 2019 - gnote https://rpis.ec/blog/tokyowesterns-2019-gnote/

[3] DEF CON 27 Conference - Maksim Shudrak - How To Improve Coverage Guided Fuzzing Find New 0days——Youtube https://www.youtube.com/watch?v=4BkAxMfHSzI

[4] 浅析常见Debug调试器的安全隐患 https://security.tencent.com/index.php/blog/msg/137

[5] CVE-2017-11176: A step-by-step Linux Kernel exploitation (part 1/4) https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part1.html

[6] A SIMPLE STORY OF DSSVC, “LIVE AND DIE”——k0shl挖洞 https://whereisk0shl.top/post/a-simple-story-of-dssvc

2019/11/25

[1] 推荐一个博客，里面有linux kernel、浏览器、qemu漏洞的分析 https://dangokyo.me/post-list/

[2] Open Compute Project 总结的《固件安全开发实践》 https://github.com/opencomputeproject/Security/blob/master/SecureFirmwareDevelopmentBestPractices.md

[3] 二进制反混淆介绍 https://calwa.re/reversing/obfuscation/binary-deobfuscation-preface

[4] VMware 逃逸 exp 集合 https://github.com/xairy/vmware-exploitation

[5] 从内存任意读写到权限提升的三种方法 http://p4nda.top/2018/11/07/stringipc/

2019/11/26

[1] Google Hacking————你真的会用Google吗？ https://zhuanlan.zhihu.com/p/22161675

[2] Basics of Windows shellcode writing 有很多动态图解释 https://idafchev.github.io/exploit/2017/09/26/writing_windows_shellcode.html

[3] 32位/64位dlresolve最全总结（不用泄露地址-执行one_gadget） https://xz.aliyun.com/t/5722

[4] A sample of tcp-ipv6 fuzz: 基于 ebpf 实现的 syzkaller tcp-ipv6 fuzzer https://github.com/hardenedlinux/harbian-qa/blob/master/syzkaller/kstat_demo/tcp-ipv6/test.md

[5] uClibc Unlink Heap Exploitation https://blog.infosectcbr.com.au/2019/11/uclibc-unlink-heap-exploitation.html

[6] Chrome 沙箱逃逸相关的 PoC 整理 https://github.com/frustreated/chrome-sbx-db

2019/11/28

[1] [Redhat2019] Kaleidoscope 一道基于解释器改编的题,利用honggfuzz和QEMU插桩完成 http://matshao.com/2019/11/11/Redhat2019-Kaleidoscope/

[2] MalwareAnalysis.co 网站总结、整理了很多恶意软件分析相关的资料和工具 https://malwareanalysis.co/

[3] Zero-day vulnerability in Bash - Suidbash Google CTF Finals 2019 (pwn) https://www.youtube.com/watch?v=-wGtxJ8opa8

[4] A collection of awesome penetration testing resources, tools and other shiny things https://github.com/enaqx/awesome-pentest

[5] xray:一款功能强大的安全评估工具 https://github.com/chaitin/xray

[6] Linux内核快速模糊测试工具的集合 https://github.com/atrosinenko/kbdysch

2019/12/09

[1] Windows 10 UAC bypass for all executable files which are autoelevate true https://github.com/sailay1996/UAC_Bypass_In_The_Wild

[2] Plaid CTF关于real world ctf 2019的一部分题解（不是final赛） https://github.com/pwning/public-writeup/tree/master/rwctf2019

[3] Hands Off and Putting SLAB/SLUB Feng Shui in Blackbox https://i.blackhat.com/eu-19/Wednesday/eu-19-Chen-Hands-Off-And-Putting-SLAB-SLUB-Feng-Shui-In-A-Blackbox.pdf

[4] Fuzzing and Exploiting Virtual Channels in Microsoft Remote Desktop Protocol for Fun and Profit https://i.blackhat.com/eu-19/Wednesday/eu-19-Park-Fuzzing-And-Exploiting-Virtual-Channels-In-Microsoft-Remote-Desktop-Protocol-For-Fun-And-Profit-4.pdf

[5] 一款改进的Fuzz的工具，试试看，假的？kAFL https://i.blackhat.com/eu-19/Thursday/eu-19-Aschermann-What-The-Fuzz.pdf

[6] Automatic Heap Layout Manipulation for Exploitation https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-heelan.pdf

2019/12/10

[1] PTRACE_TRACEME 本地提权漏洞解析 https://paper.seebug.org/1087/

[2] 作者在HackZone CT比赛：X86_64平台使用任意写入来获取RCE解题思路 https://amriunix.com/post/from-read-glibc-to-rce-x86_64/

[3] 系统安全-Linux内核：USB驱动程序存在多个漏洞——内有syzkaller如何fuzz USB驱动 https://www.openwall.com/lists/oss-security/2019/12/03/4

[4] Windows Linux子系统（WSL）：终极使用手册 https://sec.today/pulses/629b336e-50d9-48af-8021-ab22877f6e26/

[5] Windows 内核 IDT（中断描述符表）的介绍 https://sec.today/pulses/e319ee66-59ea-49e7-9c81-ec8df561bdf0/

2019/12/12

[1] Local Privilege Escalation in OpenBSD’s dynamic loader (CVE-2019-19726) https://seclists.org/oss-sec/2019/q4/153

[2] Maddie Stone 在 Jailbreak Security Summit 会议关于 Whats App 0Day 漏洞分析的 PPT 和视频 https://sec.today/pulses/25814be3-28ae-46e5-a3a3-a5413e33bc7b/

https://sec.today/pulses/4d3bfd5f-aee7-4760-8839-0a9edd9eb391/

[3] 从研究者视角看漏洞研究之2010年代 https://sec.today/pulses/de48d20c-9a58-4d67-91c9-11b2d190470a/

[4] Google 开源了一个工具 - PathAuditor，用于检测 root 等特权用户访问不安全路径的漏洞 https://security.googleblog.com/2019/12/detecting-unsafe-path-access-patterns.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GoogleOnlineSecurityBlog+%28Google+Online+Security+Blog%29

[5] pwn的一些相关资料，写的挺好的 https://github.com/jmpews/pwn2exploit

2019/12/13

[1] Black Hat USA 2019 会议的视频都公开了 https://www.youtube.com/playlist?list=PLH15HpR5qRsWrfkjwFSI256x1u2Zy49VI&hootPostID=c85fbdb76ae4b957bf70f00f346caa62

[2] Linux系统编程 https://akaedu.github.io/book/pt03.html

[3] Linux C系统编程练习题 UNIX环境高级编程练习，这个好，可以随时看看 https://github.com/cuixuage/Linux-GCC

[4] WinDbg预览-时间线：调试器中的时间线可以允许用户记录跟踪 https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/windbg-timeline-preview

[5] Real World CTF 2019 Safari 漏洞利用 Writeup https://gts3.org/2019/Real-World-CTF-2019-Safari.html

2019/12/16

[1] 在线汇编和反汇编网站，支持多种架构 https://disasm.pro/

[2] 分析WindAFL 对闭源的一些图片软件进行Fuzz，看起来不错，试试 https://www.apriorit.com/dev-blog/644-reverse-vulnerabilities-software-no-code-dynamic-fuzzing

[3] Saar Amar 对 Windows 10 低碎片堆（LFH）的研究 Paper https://github.com/peleghd/Windows-10-Exploitation

[4] Issue 1975: Linux: privilege escalation via io_uring offload of sendmsg() onto kernel thread with kernel creds - P0 https://bugs.chromium.org/p/project-zero/issues/detail?id=1975

[5] Botconf 2019 会议关于 Android 恶意软件静态分析的议题 https://maxkersten.nl/wp-content/uploads/2019/12/StaticAndroidMalwareAnalysisWorkshop-Botconf2019.pdf

[6] THREAT CON 2019 会议的视频公开了 https://www.youtube.com/playlist?list=PLi85BaSNE5jtJy6c-5L7SXpVtfGjfXKHa

[7] writeup up for rwctf2019-final-printer https://github.com/bash-c/rwctf2019-final-printer

2019/12/18

[1] 模糊测试工具WinAFL使用指南 https://www.freebuf.com/articles/system/216437.html

[2] 过滤crash的工具——Fuzz https://archive.codeplex.com/?p=msecdbg

[3] Lazarus Group使用Dacls RAT攻击Linux平台 https://blog.netlab.360.com/dacls-the-dual-platform-rat/

[4] Linux特权升级指南手册 https://payatu.com/blog/Rashid-Feroze/guide-linux-privilege-escalation

[5] 安全研究人员近期发现一种针对运行Linux平台新恶意软件活动，Momentum僵尸网络针对运行在各种CPU架构上的Linux平台发起DDoS攻击。 https://blog.trendmicro.com/trendlabs-security-intelligence/ddos-attacks-and-iot-exploits-new-activity-from-momentum-botnet/

[6] Google Cloud Git/Python/Go Shell 环境漏洞分析 https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/

2019/12/20

[1] Android 上线了一个代码搜索工具 https://cs.android.com https://cs.android.com/android/platform/superproject/+/master:art/benchmark/const-class/src/ConstClassBenchmark.java

[2] Ph0wn 2019 - SecureFS 1 & 2 writeups https://github.com/vdehors/writeups/tree/master/ph0wn2019/pwn/securefs

[3] 一种快速定位Linux ELF恶意软件main函数的方法 http://t.cn/Ai0HmOH7

[4] Google 在 sanitizers Repo 介绍了一些存在条件竞争问题的代码模型 https://github.com/google/sanitizers/wiki/ThreadSanitizerPopularDataRaces

[5] Reversing a real-world 249 bytes backdoor! https://anee.me/reversing-a-real-world-249-bytes-backdoor-aadd876c0a32

[6] 攻击Java Web应用-[Java Web安全] https://javasec.org/

[7] CTF Design Guidelines https://docs.google.com/document/d/1QBhColOjT8vVeyQxM1qNE-pczqeNSJiWOEiZQF2SSh8/preview#heading=h.u6znxdc7qfgk

2019/12/24

[1] Fuzzing Bay Area 会议相关的议题资料 https://github.com/FuzzTesting/BayAreaMeetup

[2] Ubuntu whoopsie integer overflow vulnerability (CVE-2019-11484)，这个可以好好分析 https://securitylab.github.com/research/ubuntu-whoopsie-CVE-2019-11484

[3] 逆向分析go Part1 https://blog.osiris.cyber.nyu.edu/2019/12/19/go-deepdive/

[4] 利用Cutter patch 二进制文件的五种方法——Writeup https://www.megabeets.net/5-ways-to-patch-binaries-with-cutter/#method-1

[5] 自动探测堆漏洞利用技术——Paper https://arxiv.org/pdf/1903.00503.pdf

[6] RWCTF 2018 VMWare逃逸Writeup——Part1 https://nafod.net/blog/2019/12/21/station-escape-vmware-pwn.html

2019/12/26

[1] CVE-2019-13272：linux 内核PTRACE_TRACEME 本地提权Poc，适配aarch64平台 https://github.com/jiayy/android_vuln_poc-exp/tree/master/EXP-CVE-2019-13272-aarch64

[2] .飛鴿傳書 - 紅隊演練中的數位擄鴿——DEVCORE https://devco.re/blog/2019/12/23/how-binary-dog-survives-in-web-world/

[3] 利用Intel PT追踪SMM（ring-2）的代码 https://sysenter-eip.github.io/intel_pt_smm

[4] How debuggers work: Part 1 - Basics 已看完，主要是ptrace的讲解 https://eli.thegreenplace.net/2011/01/23/how-debuggers-work-part-1

[5] PeX: A Permission Check Analysis Framework for Linux Kernel https://github.com/lzto/pex

[6] QEMU-AddressSanitizer - Patch QEMU 以支持 AddressSanitizer，检测 Guest 虚拟机的内存类 Bugs https://andreafioraldi.github.io/articles/2019/12/20/sanitized-emulation-with-qasan.html

[7] SoftSec Lab @ KAIST 团队将业界主流的 Fuzzers 生成了一个关联关系数据库并画了一张图 https://github.com/SoftSec-KAIST/Fuzzing-Survey https://fuzzing-survey.org/

2019/12/28

[1] Linux内核与设备驱动程序学习笔记 https://github.com/gatieme/LDD-LinuxDeviceDrivers

[2] 利用auxv控制canary https://mp.weixin.qq.com/s/fYADILsWhT_u15tIdC_GgA

[3] Linux kernel 脉络和主干总结 http://kernel.pursuitofcloud.org/709678

[4] DejaBlue(CVE-2019-1181/1182) Windows RDP漏洞分析 https://mp.weixin.qq.com/s/It-_89nbfy68cCx7xk3Ehg

[5] awesome-forensics 取证工具和文章搜集 https://github.com/alphaSeclab/awesome-forensics/blob/master/Readme_en.md

[6] A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms) https://github.com/marin-m/vmlinux-to-elf

[7] Using radare2 to patch a binary https://rderik.com/blog/using-radare2-to-patch-a-binary/

2019/12/31

[1] Finding potential software vulnerabilities from git commit messages https://github.com/cve-search/git-vuln-finder

[2] Abusing Signals with SIGROP Exploits https://sec.alexflor.es/post/minipwn/

[3] Linux内核编程笔记 http://blog.ifjy.me/%E8%BD%AF%E4%BB%B6%E5%BC%80%E5%8F%91/kernel/2016/07/16/Linux%E5%86%85%E6%A0%B8%E7%BC%96%E7%A8%8B%E7%AC%94%E8%AE%B0.html

[4] 优秀远控软件的集合 https://github.com/alphaSeclab/awesome-rat/blob/master/Readme_en.md

[5] 36C3：SQLite代码执行 https://fahrplan.events.ccc.de/congress/2019/Fahrplan/system/event_attachments/attachments/000/004/053/original/36C3-SQLite3-OmerGull.pdf

[6] 另一个绕过canary的技巧：thread stack bypass canary http://eternalsakura13.com/2018/04/24/starctf_babystack/

2020/01/03

[1] New bypass and protection techniques for ASLR on Linux https://www.openwall.com/lists/oss-security/2018/02/27/5

[2] CyberTruck Challenge 2019 — Android CTF https://medium.com/bugbountywriteup/cybertruck-challenge-2019-android-ctf-e39c7f796530

[3] Solving a VM-based CrackMe https://0ffset.net/reverse-engineering/solving-a-vm-based-crackme/

[4] Exploiting Array-Out-of-Bounds-Write-Accesses on Linux https://github.com/kirschju/wiedergaenger

[5] Offset2lib: bypassing full ASLR on 64bit Linux https://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html

[6] 一款在线对比工具，可以对比不同编译器生成的汇编代码 https://godbolt.org/z/X_cUYh

[7] Vulnerability Spotlight: Two buffer overflow vulnerabilities in OpenCV 分析了一下午，没有捡到漏 https://blog.talosintelligence.com/2020/01/opencv-buffer-overflow-jan-2020.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+feedburner%2FTalos+%28Talos%E2%84%A2+Blog%29

2020/01/06

[1] 看雪知识库 https://www.kanxue.com/chm.htm

[2] Linux内核内存corruption检查利器KASAN实现原理 https://mp.weixin.qq.com/s/hJtvjEHIuTyjz2Na1HZJSw

[3] Linux kernel 5.0.0-rc7 f2fs 文件系统溢出漏洞 PoC——内附fuzz工具janus https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19927

[4] HITBCyberWeek 议题公开——Youtube https://www.youtube.com/playlist?list=PLmv8T5-GONwSkE-EJ6FChd_AW2Lz58OEp

[5] Bypassing AV via in-memory PE execution https://blog.dylan.codes/bypassing-av-via/

[6] 绕过ARM架构中的”SMAP”——PAN https://siguza.github.io/PAN/

[7] PEASS - Windows/Linux 本地提权相关的工具、脚本 https://github.com/m0nad/awesome-privilege-escalation

2020/01/09

[1] Adapting the POC for CVE-2017-1000112 to Other Kernels https://ricklarabee.blogspot.com/2017/12/adapting-poc-for-cve-2017-1000112-to.html

[2] 最新的Linux IO接口（io_uring）介绍——paper https://kernel.dk/io_uring.pdf

[3] 全勤矿工systemdMiner最新变种利用暗网代理下载恶意模块 https://mp.weixin.qq.com/s/DGo6h8KgCmTDsaeURiaAag

[4] 重剑无锋关于远控免杀的分享总结 https://github.com/QChiLan/BypassAntiVirus

[5] A Linux Bash Shell Poster For Linux/Unix Users https://twitter.com/nixcraft/status/1060581136638861312

2020/01/09

[1] Ubuntu旧版本镜像下载地址： http://old-releases.ubuntu.com/releases/

[2] 以 shellphish 的 how2heap 为例，介绍 linux 堆的相关数据结构和堆漏洞的利用方式 http://blog.topsec.com.cn/pwn%e7%9a%84%e8%89%ba%e6%9c%af%e6%b5%85%e8%b0%88%ef%bc%88%e4%ba%8c%ef%bc%89%ef%bc%9alinux%e5%a0%86%e7%9b%b8%e5%85%b3/

[3] Linux X86 程序启动 – main函数是如何被执行的？ https://luomuxiaoxiao.com/?p=516

[4] Pwn 盲打（Bilnd Pwn）的一般解决思路 https://www.anquanke.com/post/id/196722

[5] 一个查看C和C++源码的网站 https://code.woboq.org/

2020/01/10

[1] glibc中malloc的执行流程图 https://raw.githubusercontent.com/5N1p3R0010/my_pwn/master/heap.png

[2] 国科大博一，研究内核的，可以进行交流学习 https://github.com/bsauce

[3] E2fsprogs e2fsck rehash.c mutate_name() Code Execution Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973

[4] Return-Oriented-Exploitation On ARM，来自 BSidesBUD 2019 会议的视频 https://youtu.be/hwqo-Nk37bw?list=PLq9wT6ZZJ_TkVWWNZokdA_EsEC27elypv

[5] KVM学习—实现自己的内核 https://www.jianshu.com/p/5ec4507e9be0

[6] 内核安全专题——简书 https://www.jianshu.com/c/d661200fd92b

[7] 又一个打pwn的大佬博客 https://ray-cp.github.io/

[8] Kernel 内存映射 https://jin-yang.github.io/post/kernel-memory-virtual-physical-map.html

2020/01/14

[1] On Linux’s Random Number Generation https://research.nccgroup.com/2019/12/19/on-linuxs-random-number-generation/

[2] kernel pwn 比赛部署方法： https://github.com/mncoppola/Linux-Kernel-CTF

[3] Bypassing SMEP Using vDSO Overwrites(使用vDSO重写来绕过SMEP防护) https://hardenedlinux.github.io/translation/2015/11/25/Translation-Bypassing-SMEP-Using-vDSO-Overwrites.html

[4] 强网杯出题思路-solid_core-HijackPrctl https://bbs.pediy.com/thread-225488.htm

[5] CVE-2020-0601: THE CHAINOFFOOLS/CURVEBALL ATTACK EXPLAINED WITH POC 分析 https://research.kudelskisecurity.com/2020/01/15/cve-2020-0601-the-chainoffools-attack-explained-with-poc/

[6] CVE-2020-0601 Poc https://github.com/kudelskisecurity/chainoffools/blob/master/gen-key.py#L21 https://github.com/ollypwn/cve-2020-0601

2020/01/19

[1] Compiling Your Story: Using Techniques from Compiler Design to Check Your Narrative https://www.youtube.com/watch?v=1vAxQc30i40

[2] RDP to RCE: When Fragmentation Goes Wrong —— exploit CVE-2020-0609 CVE-2020-0610 https://www.kryptoslogic.com/blog/2020/01/rdp-to-rce-when-fragmentation-goes-wrong/

[3] Control Flow Integrity (CFI) in the Linux kernel https://outflux.net/slides/2020/lca/cfi.pdf

[4] 【linux内核userfaultfd使用】Balsn CTF 2019 - KrazyNote https://www.jianshu.com/p/a70a358ec02c

[5] 【linux内核漏洞利用】call_usermodehelper提权路径变量总结 https://www.jianshu.com/p/a2259cd3e79e

2020/01/21

[1] CMS、中间件漏洞检测利用合集 Since 2019-9-15 https://github.com/mai-lang-chai/Middleware-Vulnerability-detection

[2] Modern Memory Safety in C/C++ https://github.com/struct/mms