hardware
Il software, nella sua accezione più specifica, è un insieme articolato di istruzioni in codice, scritte in un formato intelligibile dall'uomo: tali istruzioni permettono ad un computer di svolgere compiti specifici. Col termine generico, "software" è invece usato per descrivere un programma, uno script o un'applicazione per computer, le quali presentano al loro interno una catena strutturata di codice rappresentato, appunto, da una lunga serie di istruzioni.
A livello più basso (quello più vicino all'hardware) il software è un codice eseguibile formato da istruzioni in linguaggio macchina, non facilmente intelligibili dall'uomo e supportate da una famiglia o da un particolare microprocessore, consistente in un'unità centrale di elaborazione (CPU) o in un'unità grafica di elaborazione (GPU).
Windows
Vulnerabilità ed Exploits
Browser
- 1-Day Browser & Kernel Exploitation - (PDF)
- A Methodical Approach to Browser Exploitation
- Anatomy of an Exploit – Inside the CVE-2013-3893 Internet Explorer Zero-Day – Part 1
- Advanced Heapspraying Technique - (PDF)
- Attacking JavaScript Engines
- Attacking WebKit Applications by Exploiting Memory Corruption Bugs - (PDF)
- Beginners Guide to UAT Exploits IE 0day Exploit Development
- Catalog Browser Exploitation Chapter
- CVE-2018-5129: Out-Of-Bounds Write with Malformed IPC messages
- CVE-2019-0539 Root Cause Analysis
- Evaluating the Safari Sandbox, and Fuzzing WindowServer on MacOS
- From Out of Memory to Remote Code Execution - (PDF)
- Fuzzy Security - Spraying the Heap [Chapter 1: Vanilla EIP] – Putting Needles in the Haystack
- Fuzzy Security - Spraying the Heap [Chapter 2: Use-After-Free] – Finding a Needle in a Haystack
- HeapSpray Aurora Vulnerability
- IE 0day Analysis and Exploit
- IE 11 0day & Windows 8.1 Exploit - (PDF)
- IE11 Sandbox Escapes Presentation - (PDF)
- Learning Browser Exploitation via 33C3 CTF Feuerfuchs Challenge
- Look Mom, I don't Use Shellcode - (PDF)
- Memory Corruption Exploitation in Internet Explorer - (PDF)
- Microsoft Edge Chakra JIT Type Confusion CVE-2019-0539
- Microsoft Edge MemGC Internals - (PDF)
- Performing Root-Cause Analysis of a JSC Vulnerability
- Post-Mortem Analysis of a Use-After-Free Vulnerability (CVE-2011-1260)
- Reducing Target Scope within JSC, Building a JavaScript Fuzzer
- Spartan 0day & Exploit
- The Art of Leaks: The Return of Heap Feng Shui - (PDF)
- The ECMA and the Chakra - (PDF)
- The Secret of ChakraCore: 10 Ways to Go Beyond the Edge - (PDF)
- Using the JIT Vulnerability to Pwn Microsoft Edge - (PDF)
- Weaponizing a JSC vulnerability for single-click RCE
- Weaponizing a Safari sandbox escape
- Windows 10 x64 Edge 0day and Exploit - (PDF)
- Write Once, Pwn Anywhere - (PDF)
Mitigation Bypass
- Browser Security Mitigations Against Memory Corruption Vulnerabilities
- Bypass Control Flow Guard Comprehensively - (PDF)
- Bypassing Control Flow Guard in Windows 10
- Bypassing Control Flow Guard in Windows 10 - Part II
- Bypassing Memory Mitigation Using Data-Only Exploitation Technique - (PDF)
- Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR
- Chaining DEP with ROP – The Rubik’s[TM] Cube/a>
- Chakra Jit Cfg Bypass
- Cross The Wall-Bypass All Modern Mitigations of Microsoft Edge - (PDF)
- Development of a New Windows 10 KASLR Bypass (in One WinDBG Command)
- Disarming and Bypassing EMET 5.1
- Disarming EMET v5.0
- Disarming Enhanced Mitigation Experience Toolkit (EMET)
- Exploit Dev 101: Bypassing ASLR on Windows
- How to Find the Vulnerability to Bypass the Control Flow Guard - (PDF)
- ROP for SMEP bypass
- Simple EMET EAF Bypass
- Smashing The Browser
- SMEP: What Is It, and How to Beat it on Windows
- Universal DEP/ASLR Bypass with Msvcr71.dll and Mona.py
Kernel
- abatchy Kernel Exploitation 1: Setting up the environment
- abatchy Kernel Exploitation 2: Payloads
- abatchy Kernel Exploitation 3: Stack Buffer Overflow (Windows 7 x86/x64)
- abatchy Kernel Exploitation 4: Stack Buffer Overflow (SMEP Bypass)
- abatchy Kernel Exploitation 5: Integer Overflow
- abatchy Kernel Exploitation 6: NULL pointer dereference
- abatchy Kernel Exploitation 7: Arbitrary Overwrite (Win7 x86)
- Arbitrary Write primitive in Windows kernel (HEVD)
- Corelan Team (corelanc0d3r) Heap Spraying Demystified
- DirectX to the Kernel
- Fuzzy Security - Kernel Exploitation -> GDI Bitmap Abuse (Win7-10 32/64bit)
- Fuzzy Security - Kernel Exploitation -> Integer Overflow
- Fuzzy Security - Kernel Exploitation -> Logic Bugs in Razer Rzpnk.sys
- Fuzzy Security - Kernel Exploitation -> Null Pointer Dereference
- Fuzzy Security - Kernel Exploitation -> Pool Overflow
- Fuzzy Security - Kernel Exploitation -> RS2 Bitmap Necromancy
- Fuzzy Security - Kernel Exploitation -> Stack Overflow
- Fuzzy Security - Kernel Exploitation -> UAF
- Fuzzy Security - Kernel Exploitation -> Uninitialized Stack Variable
- Fuzzy Security - Kernel Exploitation -> Write-What-Where
- Intro to Windows kernel exploitation 1/N: Kernel Debugging
- Intro to Windows kernel exploitation 2/N: HackSys Extremely Vulnerable Driver
- Intro to Windows kernel exploitation 3/N: My first Driver exploit
- Intro to Windows kernel exploitation 3.5/N: A bit more of the HackSys Driver
- Kernel Hacking With HEVD Part 1 - The Setup
- Kernel Hacking With HEVD Part 2 - The Bug
- Kernel Hacking With HEVD Part 3 - The Shellcode
- Kernel Hacking With HEVD Part 4 - The Exploit
- Kernel Hacking With HEVD Part 5 - The SMEP Version
- MS11-080 Exploit – A Voyage into Ring Zero
- Sharks in the Pool :: Mixed Object Exploitation in the Windows Kernel Pool
- The Path to Ring-0 Windows Edition
- Windows Kernel Exploitation Basics - Part 1 : Introduction to DVWDDriver
- Windows Kernel Exploitation Basics - Part 2 : Arbitrary Memory Overwrite exploitation using HalDispatchTable
- Windows Kernel Exploitation Basics - Part 3 : Arbitrary Memory Overwrite exploitation using LDT
- Windows Kernel Exploitation Basics - Part 4 : Stack-based Buffer Overflow exploitation (bypassing cookie)
- Windows Kernel Exploitation Tutorial Part 1: Setting up the Environment
- Windows Kernel Exploitation Tutorial Part 2: Stack Overflow
- Windows Kernel Exploitation Tutorial Part 3: Arbitrary Memory Overwrite (Write-What-Where)
- Windows Kernel Exploitation Tutorial Part 4: Pool Feng-Shui –> Pool Overflow
- Windows Kernel Exploitation Tutorial Part 5: NULL Pointer Dereference
- Windows Kernel Exploitation Tutorial Part 6: Uninitialized Stack Variable
- Windows Kernel Exploitation Tutorial Part 7: Uninitialized Heap Variable
- Windows Kernel Graphics Driver Attack Surface - (PDF)
- Windows Kernel Exploitation Tutorial Part 8: Use After Free
- Windows Kernel Pool Spraying
- Windows kernel pool spraying fun - Part 1 - Determine kernel object size
- Windows kernel pool spraying fun - Part 2 - More objects
- Windows kernel pool spraying fun - Part 3 - Let's make holes”