Software
Il software, nella sua accezione più specifica, è un insieme articolato di istruzioni in codice, scritte in un formato intelligibile dall'uomo: tali istruzioni permettono ad un computer di svolgere compiti specifici. Col termine generico, "software" è invece usato per descrivere un programma, uno script o un'applicazione per computer, le quali presentano al loro interno una catena strutturata di codice rappresentato, appunto, da una lunga serie di istruzioni.
A livello più basso (quello più vicino all'hardware) il software è un codice eseguibile formato da istruzioni in linguaggio macchina, non facilmente intelligibili dall'uomo e supportate da una famiglia o da un particolare microprocessore, consistente in un'unità centrale di elaborazione (CPU) o in un'unità grafica di elaborazione (GPU).
Windows
Vulnerabilità ed Exploits
Browser
- 1-Day Browser & Kernel Exploitation - (PDF)
- A Methodical Approach to Browser Exploitation
- Anatomy of an Exploit – Inside the CVE-2013-3893 Internet Explorer Zero-Day – Part 1
- Advanced Heapspraying Technique - (PDF)
- Attacking JavaScript Engines
- Attacking WebKit Applications by Exploiting Memory Corruption Bugs - (PDF)
- Beginners Guide to UAT Exploits IE 0day Exploit Development
- Catalog Browser Exploitation Chapter
- CVE-2018-5129: Out-Of-Bounds Write with Malformed IPC messages
- CVE-2019-0539 Root Cause Analysis
- Evaluating the Safari Sandbox, and Fuzzing WindowServer on MacOS
- From Out of Memory to Remote Code Execution - (PDF)
- Fuzzy Security - Spraying the Heap [Chapter 1: Vanilla EIP] – Putting Needles in the Haystack
- Fuzzy Security - Spraying the Heap [Chapter 2: Use-After-Free] – Finding a Needle in a Haystack
- HeapSpray Aurora Vulnerability
- IE 0day Analysis and Exploit
- IE 11 0day & Windows 8.1 Exploit - (PDF)
- IE11 Sandbox Escapes Presentation - (PDF)
- Learning Browser Exploitation via 33C3 CTF Feuerfuchs Challenge
- Look Mom, I don't Use Shellcode - (PDF)
- Memory Corruption Exploitation in Internet Explorer - (PDF)
- Microsoft Edge Chakra JIT Type Confusion CVE-2019-0539
- Microsoft Edge MemGC Internals - (PDF)
- Performing Root-Cause Analysis of a JSC Vulnerability
- Post-Mortem Analysis of a Use-After-Free Vulnerability (CVE-2011-1260)
- Reducing Target Scope within JSC, Building a JavaScript Fuzzer
- Spartan 0day & Exploit
- The Art of Leaks: The Return of Heap Feng Shui - (PDF)
- The ECMA and the Chakra - (PDF)
- The Secret of ChakraCore: 10 Ways to Go Beyond the Edge - (PDF)
- Using the JIT Vulnerability to Pwn Microsoft Edge - (PDF)
- Weaponizing a JSC vulnerability for single-click RCE
- Weaponizing a Safari sandbox escape
- Windows 10 x64 Edge 0day and Exploit - (PDF)
- Write Once, Pwn Anywhere - (PDF)
Mitigation Bypass
- Browser Security Mitigations Against Memory Corruption Vulnerabilities
- Bypass Control Flow Guard Comprehensively - (PDF)
- Bypassing Control Flow Guard in Windows 10
- Bypassing Control Flow Guard in Windows 10 - Part II
- Bypassing Memory Mitigation Using Data-Only Exploitation Technique - (PDF)
- Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR
- Chaining DEP with ROP – The Rubik’s[TM] Cube/a>
- Chakra Jit Cfg Bypass
- Cross The Wall-Bypass All Modern Mitigations of Microsoft Edge - (PDF)
- Development of a New Windows 10 KASLR Bypass (in One WinDBG Command)
- Disarming and Bypassing EMET 5.1
- Disarming EMET v5.0
- Disarming Enhanced Mitigation Experience Toolkit (EMET)
- Exploit Dev 101: Bypassing ASLR on Windows
- How to Find the Vulnerability to Bypass the Control Flow Guard - (PDF)
- ROP for SMEP bypass
- Simple EMET EAF Bypass
- Smashing The Browser
- SMEP: What Is It, and How to Beat it on Windows
- Universal DEP/ASLR Bypass with Msvcr71.dll and Mona.py
Kernel
- abatchy Kernel Exploitation 1: Setting up the environment
- abatchy Kernel Exploitation 2: Payloads
- abatchy Kernel Exploitation 3: Stack Buffer Overflow (Windows 7 x86/x64)
- abatchy Kernel Exploitation 4: Stack Buffer Overflow (SMEP Bypass)
- abatchy Kernel Exploitation 5: Integer Overflow
- abatchy Kernel Exploitation 6: NULL pointer dereference
- abatchy Kernel Exploitation 7: Arbitrary Overwrite (Win7 x86)
- Arbitrary Write primitive in Windows kernel (HEVD)
- Corelan Team (corelanc0d3r) Heap Spraying Demystified
- DirectX to the Kernel
- Fuzzy Security - Kernel Exploitation -> GDI Bitmap Abuse (Win7-10 32/64bit)
- Fuzzy Security - Kernel Exploitation -> Integer Overflow
- Fuzzy Security - Kernel Exploitation -> Logic Bugs in Razer Rzpnk.sys
- Fuzzy Security - Kernel Exploitation -> Null Pointer Dereference
- Fuzzy Security - Kernel Exploitation -> Pool Overflow
- Fuzzy Security - Kernel Exploitation -> RS2 Bitmap Necromancy
- Fuzzy Security - Kernel Exploitation -> Stack Overflow
- Fuzzy Security - Kernel Exploitation -> UAF
- Fuzzy Security - Kernel Exploitation -> Uninitialized Stack Variable
- Fuzzy Security - Kernel Exploitation -> Write-What-Where
- Intro to Windows kernel exploitation 1/N: Kernel Debugging
- Intro to Windows kernel exploitation 2/N: HackSys Extremely Vulnerable Driver
- Intro to Windows kernel exploitation 3/N: My first Driver exploit
- Intro to Windows kernel exploitation 3.5/N: A bit more of the HackSys Driver
- Kernel Hacking With HEVD Part 1 - The Setup
- Kernel Hacking With HEVD Part 2 - The Bug
- Kernel Hacking With HEVD Part 3 - The Shellcode
- Kernel Hacking With HEVD Part 4 - The Exploit
- Kernel Hacking With HEVD Part 5 - The SMEP Version
- MS11-080 Exploit – A Voyage into Ring Zero
- Sharks in the Pool :: Mixed Object Exploitation in the Windows Kernel Pool
- The Path to Ring-0 Windows Edition
- Windows Kernel Exploitation Basics - Part 1 : Introduction to DVWDDriver
- Windows Kernel Exploitation Basics - Part 2 : Arbitrary Memory Overwrite exploitation using HalDispatchTable
- Windows Kernel Exploitation Basics - Part 3 : Arbitrary Memory Overwrite exploitation using LDT
- Windows Kernel Exploitation Basics - Part 4 : Stack-based Buffer Overflow exploitation (bypassing cookie)
- Windows Kernel Exploitation Tutorial Part 1: Setting up the Environment
- Windows Kernel Exploitation Tutorial Part 2: Stack Overflow
- Windows Kernel Exploitation Tutorial Part 3: Arbitrary Memory Overwrite (Write-What-Where)
- Windows Kernel Exploitation Tutorial Part 4: Pool Feng-Shui –> Pool Overflow
- Windows Kernel Exploitation Tutorial Part 5: NULL Pointer Dereference
- Windows Kernel Exploitation Tutorial Part 6: Uninitialized Stack Variable
- Windows Kernel Exploitation Tutorial Part 7: Uninitialized Heap Variable
- Windows Kernel Graphics Driver Attack Surface - (PDF)
- Windows Kernel Exploitation Tutorial Part 8: Use After Free
- Windows Kernel Pool Spraying
- Windows kernel pool spraying fun - Part 1 - Determine kernel object size
- Windows kernel pool spraying fun - Part 2 - More objects
- Windows kernel pool spraying fun - Part 3 - Let's make holes”
Misc
Software Categories
#
- 360 degree feedback
- 3d architecture
- 3d CAD
A
- ab testing
- account based marketing
- accounting
- accounting practice management
- accounts payable
- accounts receivable
- accreditation management
- ad server
- admissions
- advertising agency
- advocacy
- affiliate
- airline reservation system
- alumni management
- aml
- android kiosk
- animal shelter
- anti-spam
- api management
- app design
- apparel management
- applicant tracking
- application development
- application lifecycle management
- application performance management
- appointment reminder
- appointment scheduling
- arborist
- architectural cad
- architecture software
- archiving
- art gallery
- artificial intelligence
- assessment
- asset tracking
- assisted living
- association management
- attendance tracking
- auction
- audience response
- audit
- augmented reality
- authentication
- auto body
- auto dealer
- auto dealer accounting
- auto dialer
- auto repair
- automated underwriting system
- automated testing
- aviation maintenance
B
- background check
- backup
- bakery
- banking systems
- bar pos
- barbershop
- barcoding
- benefits administration
- big data
- big data analytics tools
- big data platforms
- big data storage solutions
- billing and invoicing
- billing and provisioning
- bim
- blog
- board management
- bookkeeper
- bpm
- bpm tools
- brand management
- brand protection
- brewery
- budgeting
- bug tracking
- building maintenance
- business analytics
- business card
- business continuity
- business intelligence tools
- business management
- business performance management
- business phone systems
- business plan
- business process management
C
- calibration management
- call accounting
- call center
- call recording
- call tracking
- camp management
- campaign management
- campground management
- car rental
- car sharing
- carpet cleaning
- catalog management
- catering
- ccm
- cdn providers
- cemetery
- change management
- channel management
- chemical
- child care
- chiropractic
- church accounting
- church management
- church presentation
- claims processing
- class registration
- classroom management
- click fraud
- clinical trial management
- cloud communication platform
- cloud hosting service providers
- cloud management
- cloud pbx
- cloud security
- cloud storage
- cloud storage providers
- club management
- cmdb
- cmms
- coaching
- code enforcement
- collaboration
- commercial insurance
- commercial loan
- commercial real estate
- commission
- community
- company secretarial
- compensation management
- competitive intelligence
- complaint management
- compliance
- computer repair shop
- computer security
- conference
- conflict checking
- consignment
- construction accounting
- construction bid management
- construction crm
- construction estimating
- construction management
- construction scheduling
- contact management
- content management
- content marketing
- contest
- continuous integration
- contract management
- contractor management
- convenience store
- corporate wellness
- corrective and preventive action
- courier
- course authoring
- court management
- cpq
- creative management
- credentialing
- currency exchange
- customer advocacy
- customer communications management
- customer data platform
- customer engagement
- customer experience
- customer journey mapping tools
- customer loyalty
- customer reference management
- customer relationship management
- customer satisfaction
- customer service
- customer success
- cybersecurity
D
- dance studio
- dashboard
- data analysis
- data center management
- data discovery
- data entry
- data extraction
- data governance
- data loss prevention
- data management
- data mining
- data quality
- data visualization
- data warehouse
- database management
- debt collection
- decision support
- deep learning
- delivery management
- demand planning
- dental
- dental charting
- desktop management
- document management
- document version control
- donation management
- driving school
- dry cleaning
- dental imaging
- dermatology
- devops
- diagram
- digital asset management
- digital rights management
- digital signage
- digital signature
- digital workplace
- disk imaging
- distribution
- dock scheduling
- docketing
- document control
E
- e-discovery
- e-prescribing
- eam
- ecommerce
- edi
- ehs management
- elearning authoring tools
- electrical contractor
- electrical design
- electrical estimating
- electronic data capture
- electronic discovery
- electronic medical records
- electronic signature
- email archiving
- email management
- email marketing
- email security
- email signature
- email tracking
- embedded analytics
- email verification tools
- emergency notification
- emissions management
- employee communication tools
- employee engagement
- employee monitoring
- employee recognition
- employee scheduling
- ems
- endpoint protection
- endpoint security
- energy management
- engineering cad
- enterprise accounting
- enterprise architecture
- enterprise content management
- enterprise performance
- enterprise performance management
- enterprise reporting
- enterprise resource planning
- enterprise risk management
- enterprise search
- environmental
- equipment maintenance
- erp
- erp support services
- etl
- event booking
- event check in
- event management
- event marketing
- exam
- expense report
F
- facility management
- farm management
- fashion design and production
- fax server
- festival management
- field service management
- file sharing
- file sync
- financial crm
- financial fraud detection
- financial management
- financial reporting
- financial risk management
- financial services
- fire department
- fitness
- fixed asset management
- fleet maintenance
- fleet management
- florist
- flowchart
- food delivery
- food service distribution
- food service management
- food traceability
- forestry
- forms automation
- franchise management
- freight
- fuel management
- fund accounting
- fundraising
- funeral home
G
- game development
- gamification
- gantt chart
- garage door
- garden center
- gdpr compliance
- gis
- golf course
- government
- gps tracking
- gradebook
- grant management
- graphic design
- grc
- gymnastics
H
- handyman
- healthcare crm
- heatmap
- hedge fund
- help desk
- higher education
- hoa
- home builder
- home care
- home health care
- home inspection
- horse
- hospice
- hospital management
- hospitality property management
- hostel management
- hr analytics
- human resource
- human services
- hvac
- hvac estimating
- hybrid cloud solutions
I
- idea management
- identity management
- incident management
- influencer marketing
- innovation
- inside sales
- inspection
- insurance agency
- insurance policy
- insurance rating
- integrated risk management
- integration
- intellectual property management
- internal communications
- intranet
- inventory control
- inventory management
- investigation management
- investment accounting
- investment management
- invoice automation
- iot
- ipad kiosk
- ipad pos
- issue tracking
- it asset management
- it management
- it outsourcing companies
- it project management
- it service
- itsm
- ivr
- iwms
J
- jail management
- janitorial
- java cms
- jewelry store management
- job board
- job costing
- job evaluation
- job shop
K
- k-12
- kennel
- key management
- kiosk
- knowledge management
L
- laboratory information management system
- land management
- landing page
- landscape
- law enforcement
- law practice management
- lawn care
- lead capture
- lead generation
- lead management
- lead nurturing
- learning management system
- lease accounting
- lease management
- leave management
- legal billing
- legal calendar
- legal case management
- legal document management
- library automation
- license management
- link management tools
- live chat
- lms
- load balancing
- loan origination
- loan servicing
- location intelligence
- log management
- logbook
- logistics
- long term care
- lost and found
M
- mac crm
- machine learning
- maid service
- mailroom management
- maintenance management
- managed print services
- manufacturing
- manufacturing execution
- marine
- market research
- marketing analytics
- marketing attribution
- marketing automation
- marketing planning
- marketplace
- martial arts
- massage therapy
- master data management
- medical billing
- medical imaging
- medical inventory
- medical lab
- medical practice management
- medical scheduling
- medical spa
- medical transcription
- meeting
- meeting room booking system
- membership management
- mental health
- mentoring
- microlearning
- mind mapping
- mining
- mining
- miscellaneous tools
- mobile applications
- mobile analytics
- mobile banking
- mobile content management system
- mobile credit card processing
- mobile device management
- mobile learning
- mobile marketing
- mobility
- mortgage and loans
- moving
- mrm
- mrp
- msp
- multi-channel ecommerce
- municipal
- museum
- music school
N
- network mapping
- network monitoring
- network security
- network security tools
- network troubleshooting
- nonprofit
- nonprofit accounting
- nonprofit crm
- nursing home
- nutrition analysis
- nutritionist
O
- occupational therapy
- ocr
- oee
- oil and gas
- okr
- onboarding
- online banking
- online crm
- online proofing
- optometry
- order entry
- order management
- org chart
P
- p&c insurance
- packaging
- pacs
- parking management
- parks and recreation
- password management
- patch management
- patient case management
- patient engagement
- patient management
- patient portal
- patient scheduling
- pawn shop
- payment processing
- payroll
- pci compliance
- pediatric
- performance appraisal
- performance testing
- personal trainer
- personalization
- pest control
- pet grooming
- pet sitting
- pharmacy
- photography studio
- physical security
- physical therapy
- pilates studioli>
- pim
- plastic surgery
- plm
- plumbing
- plumbing estimating
- podiatry
- point of sale (POS)
- policy management
- political campaign
- polling
- pool service
- portal
- ppc
- pre-employment testing
- predictive analytics
- predictive dialer
- presentation
- preventive maintenance
- pricing optimization
- print estimating
- privileged access management
- procurement
- product configurator
- product data management
- product lifecycle management
- product management
- product roadmap
- production scheduling
- productivity
- professional services automation
- project management
- project portfolio management
- project tracking
- proofreading
- proposal management
- prototyping
- psa
- public relations
- public transportation
- public works
- publishing and subscriptions
- punch list
- purchasing
- push notifications
Q
- qualitative data analysis
- quality management
- quoting
R
- real estate agency
- real estate cma
- real estate crm
- real estate property management
- real estate transaction management
- recruiting
- recruiting agency
- recruitment management
- recurring billing
- recycling
- referral
- registration
- remodeling estimating
- remote support
- rental
- rental property management
- reporting
- reputation management
- requirements management
- reservations
- residential construction estimating
- resource management
- restaurant management
- restaurant pos
- retail management systems
- retargeting
- revenue management
- review management
- rfp
- risk management
- roofing
- route planning
S
- safety management
- sales coaching
- sales enablement
- sales force automation
- sales forecasting
- sales tax
- salon
- scheduling
- scholarship management
- school accounting
- school administration
- school bus routing
- security compliance
- security compliance services
- security system installer
- self storage
- seo
- server backup
- server management
- server monitoring
- service desk
- service dispatch
- shipment tracking
- shipping
- shopping cart
- siem tools
- simulation
- single sign on
- small business crm
- small business ecommerce
- small business loyalty programs
- sms marketing
- soar tools
- social crm tools
- social media analytics tools
- social media management tools
- social media marketing
- social media monitoring
- social networking
- social work case management
- softphone
- software testing
- source code management
- sourcing
- spa
- space management
- spc
- speech recognition
- speech therapy
- sports league
- spreadsheet
- staffing agency
- statistical analysis
- stock portfolio
- store locator
- strategic planning
- student engagement platform
- student information system
- succession planning
- supply chain management
- survey
- sustainability
- swim school
T
- takeoff
- talent management
- task management
- tax practice management
- team communication
- telecom expense management
- telemarketing
- telemedicine
- telephony
- text mining
- ticketing
- time and expense
- time clock
- time tracking
- timeshare
- tms
- tool management
- tour operator
- towing
- trade promotion management
- training
- transactional email
- translation management
- transportation dispatch
- transportation management
- travel agency
- travel management
- treasury
- trucking
- trust accounting
- tutoring
U
- unified communications
- utility billing
- utility management
- ux
V
- vacation rental
- vector graphics
- vendor management
- venue management
- veterinary
- video conferencing
- video editing
- virtual data room
- virtual machine
- virtual tour
- virtualization
- visitor management
- visual search
- voip
- voip providers
- voting
- visual search
- vpn
- vpn providers
- vulnerability management
W
- waitlist
- waiver
- warehouse management
- waste management
- web analytics
- web conferencing
- web to print
- webinar
- website applications
- website builder
- website monitoring
- winery
- wireframe
- wireless expense management
- work order
- workflow management
- workforce management
- worship
Y
- yard management
- yoga studio
Z
- zoo