awesome-list/topics/cybersec.md

Cybersecurity Content

• Go back to Home page (awesome list)
• See also Exploitation specific content

Summary

• 2023
• 2022
• 2021
• 2020
• 2019
• 2018
• 2016
• Other

2023

• "A Deep Dive into Penetration Testing of macOS Applications (Part 1)"
• "A Journey Into Hacking Google Search Appliance"
• "A new method for container escape using file-based DirtyCred"
• "A Potholing Tour in a SoC"
• "A Red-Teamer diaries"
• "Abusing undocumented features to spoof PE section headers"
• "Analysis on legit tools abused in human operated ransomware"
• "Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway":
  • Part 1
  • Part 2
• "Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991"
• "ARM64 Reversing And Exploitation" (8ksec)
  • Part 1
  • Part 2
  • Part 3
  • Part 4
  • Part 5
  • Part 6
  • Part 7
• "Back to the Future with Platform Security"
• "Bash Privileged-Mode Vulnerabilities in Parallel Desktop and CDPATH Handling in MacOS"
• "Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs - CVE-2023-35803"
• "Behind the Shield: Unmasking Scudos's Defenses"
• "Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability"
• "chonked"
  • "minidlna 1.3.2 http chunk parsing heap overflow (cve-2023-33476) root cause analysis"
  • "exploiting cve-2023-33476 for remote code execution"
• "CAN Injection: keyless car theft"
• "Coffee: A COFF loader made in Rust"
• "CVE-2023-2008 - Analyzing and exploiting a bug in the udmabuf driver"
• "CVE-2023-26258 – Remote Code Execution in ArcServe UDP Backup"
• "CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent"
• "Debugger Ghidra Class"
• "Detecting BPFDoor Backdoor Variants Abusing BPF Filters"
• "Dirty Pagetable: A Novel Exploitation Technique To Rule Linux Kernel"
• "Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”"
• "Diving Into Smart Contract Decompilation"
• "Drone Security and Fault Injection Attacks"
• "Emulating IoT Firmware Made Easy: Start Hacking Without the Physical Device"
• "Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489)"
• "Escaping the Google kCTF Container with a Data-Only Exploit"
• "Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers"
• "Exploiting null-dereferences in the Linux kernel"
• "EPF: Evil Packet Filter"
• "Escaping from Bhyve"
• "ESP32-C3 Wireless Adventure A Comprehensive Guide to IoT"
• "Executing Arbitrary Code & Executables in Read-Only FileSystems"
• "Exploit Engineering – Attacking the Linux Kernel"
• "Exploiting MikroTik RouterOS Hardware with CVE-2023-30799"
• "Exploring Android Heap Allocations in Jemalloc 'New'"
• "Finding and exploiting process killer drivers with LOL for 3000$"
• "Finding bugs in C code with Multi-Level IR and VAST"
• "Finding Gadgets for CPU Side-Channels with Static Analysis Tools"
• "For Science! - Using an Unimpressive Bug in EDK II to Do Some Fun Exploitation"
• "FortiNAC - Just a few more RCEs"
• "Fortinet Series 3 — CVE-2022–42475 SSLVPN exploit strategy"
• "Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues"
• "Fuzzing Farm":
  • "Fuzzing GEGL with fuzzuf"
  • "Evaluating Performance of Fuzzer"
  • "Patch Analysis and PoC Development"
  • "Hunting and Exploiting 0-day [CVE-2022-24834]"
• "Ghidra" (Craig Young):
  • "A Guide to Reversing Shared Objects with Ghidra"
  • "Reversing a Simple CrackMe with Ghidra Decompiler"
  • "Vulnerability Hunting with Ghidra"
  • "Patching a Bug from a Ghidra Listing"
  • "Vulnerability Analysis with Ghidra Scripting"
• "Hacking Amazon's eero 6 (part 1)"
• "Hacking Brightway scooters: A case study"
• "Hardware Hacking to Bypass BIOS Passwords"
• "How NATs Work":
  • Part 1
  • Part 2
  • Part 3
  • Part 4
• "How I Hacked my Car":
  • Part 1
  • Part 2
  • Part 3
  • Part 4
  • Part 5
  • Part 6
• "How To Secure A Linux Server"
• "Icicle: A Re-designed Emulator for Grey-Box Firmware Fuzzing"
• "In-depth analysis on Valorant’s Guarded Regions"
• "Intercepting Allocations with the Global Allocator"
• "Introduction to SELinux"
• "Kernel Exploit Factory"
• "Learn Makefiles With the tastiest examples"
• linux-re-101
• "Linux Kernel Teaching"
• "Linux Malware: Defense Evasion Techniques"
• "Linux rootkits explained – Part 1: Dynamic linker hijacking"
• "Linux Shellcode 101: From Hell to Shell"
• "Local Privilege Escalation on the DJI RM500 Smart Controller"
• "Lord Of The Ring0":
  • Part 1
  • Part 2
  • Part 3
  • Part 4
  • Part 5
• "Low-Level Software Security for Compiler Developers"
• "LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863"
• "Malware Reverse Engineering for Beginners":
  • Part 1
  • Part 2
• "mast1c0re"
  • "Introduction – Exploiting the PS4 and PS5 through a game save"
  • "Part 1 – Modifying PS2 game save files"
  • "Part 2 – Arbitrary PS2 code execution"
  • "Part 3 – Escaping the emulator"
• "Meterpreter vs Modern EDR(s)"
• "MSMQ QueueJumper (RCE Vulnerability): An in-depth technical analysis"
• "Obscure Windows File Types"
• "OPC UA Deep Dive Series":
  • Part 1
  • Part 2
  • Part 3
  • Part 4
  • Part 5
• "OpenSSH Pre-Auth Double Free CVE-2023-25136 – Writeup and Proof-of-Concept"
• "P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm"
• "P4wnP1-LTE"
• "Practical Introduction to BLE GATT Reverse Engineering: Hacking the Domyos EL500"
• "prctl anon_vma_name: An Amusing Linux Kernel Heap Spray"
• "PyLoose: Python-based fileless malware targets cloud workloads to deliver cryptominer"
• "Racing Against the Lock: Exploiting Spinlock UAF in the Android Kernel"
• "Red vs. Blue: Kerberos Ticket Times, Checksums, and You!"
• "Retreading The AMLogic A113X TrustZone Exploit Process"
• "DualShock4 Reverse Engineering":
  • Part 1
  • Part 3
  • Part 3
• "Revisiting CVE-2017-11176"
• "Rust to Assembly: Understanding the Inner Workings of Rust"
• "Shambles: The Next-Generation IoT Reverse Engineering Tool to Discover 0-Day Vulnerabilities"
• "Shell in the Ghost: Ghostscript CVE-2023-28879 writeup"
• "SRE deep dive into Linux Page Cache"
• "THC's favourite Tips, Tricks & Hacks (Cheat Sheet)"
• "The art of Fuzzing: Introduction"
• "The art of fuzzing: Windows Binaries"
• "The art of fuzzing-A Step-by-Step Guide to Coverage-Guided Fuzzing with LibFuzzer"
• "The Linux Kernel Module Programming Guide"
• "The Untold Story of the BlackLotus UEFI Bootkit"
• "Sshimpanzee"
• "Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was"
• "Your not so "Home Office" - SOHO Hacking at Pwn2Own"
• "Unauthenticated RCE on a RIGOL oscilloscope"
• "UNCONTAINED: Uncovering Container Confusion in the Linux Kernel"
• "Under The Hood - Disassembling of IKEA-Sonos Symfonisk Speaker Lamp"
• "Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911)"
• "Zenbleed"

2022

• "Bypassing software update package encryption ":
  • "Extracting the Lexmark MC3224i printer firmware"
  • "Exploiting the Lexmark MC3224i printer"
• "Bypassing vtable Check in glibc File Structures"
• "Blind Exploits to Rule Watchguard Firewalls"
• "CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF"
• "DirtyCred Remastered: how to turn an UAF into Privilege Escalation"
• "Dumping the Amlogic A113X Bootrom"
• "Embedded Systems Security and TrustZone"
• "exploiting CVE-2019-2215"
• "Hunting for Persistence in Linux"
  • Part 1
  • Part 2
  • Part 3
  • Part 4
  • Part 5
• "Hacking Some More Secure USB Flash Drives":
  • Part 1
  • Part 2
• "Netgear Orbi":
  • "orbi hunting 0x0: introduction, uart access, recon"
  • "orbi hunting 0x1: crashes in soap-api"
  • "nday exploit: netgear orbi unauthenticated command injection (cve-2020-27861)"
• "nday exploit: libinput format string bug, canary leak exploit (cve-2022-1215)"
• "Pulling MikroTik into the Limelight"
• "Reversing embedded device bootloader (U-Boot)":
  • Part 1
  • Part 2
• "Reverse engineering integrity checks in Black Ops 3"
• "The Old, The New and The Bypass - One-click/Open-redirect to own Samsung S22 at Pwn2Own 2022"
• "Turning Google smart speakers into wiretaps for $100k"
• "Vulnerabilities and Hardware Teardown of GL.iNET GL-MT300N-V2 Router"
• "Vulnerabilities in Tenda's W15Ev2 AC1200 Router"

2021

• "CVE-2021–20226 a reference counting bug which leads to local privilege escalation in io_uring."
• "Digging into Linux namespaces":
  • Part 1
  • Part 2
• "Learning Linux Kernel Exploitation":
  • Part 1
  • Part 2
  • Part 3
• "Linux Kernel Exploitation":
  • "Debugging the Kernel with QEMU"
  • "Smashing Stack Overflows in the Kernel"
  • "Controlling RIP and Escalating privileges via Stack Overflow"
• "Recovering a Full PEM Private key when Half of it is Redacted"
• "Reverse Engineering Bare-Metal Firmware":
  • Part 1
  • Part 2
  • Part 3
• "Reverse Engineering Yaesu FT-70D Firmware Encryption"

2020

• "BGET Explained Binary Heap Exploitation on OP-TEE":
  • Part 1
  • Part 2
• "Exception(al) Failure - Breaking the STM32F1 Read-Out Protection"
• "Hardware Hacking 101: Identifying and Dumping eMMC Flash"
• "House of Muney - Leakless Heap Exploitation Technique"
• "NTLM Relay"

2019

• "Executable and Linkable Format 101":
  • "Sections and Segments"
  • "Symbols"
  • "Relocations"
  • "Dynamic Linking"
• "Hardening Secure Boot on Embedded Devices for Hostile Environments"
• "Pew Pew Pew: Designing Secure Boot Securely"
• "Reverse-engineering Broadcom wireless chipsets"
• "Virtualization Internals":
  • Part 1
  • Part 2
  • Part 3
  • Part 4

2018

• "CVE-2017-11176: A step-by-step Linux Kernel exploitation":
  • Part 1
  • Part 2
  • Part 3
  • Part 4
• "eMMC Data Recovery from Damaged Smartphone"

2016

• "Bypassing Secure Boot using Fault Injection"
• "munmap madness"
• "Implementation of Signal Handling"
• "Practical Reverse Engineering"
  • "Digging Through the Firmware"
  • "Scouting the Firmware"
  • "Following the Data"
  • "Dumping the Flash"
  • "Digging Through the Firmware"
• "Understanding and Hardening Linux Containers"

Other

• "Advanced binary fuzzing using AFL++-QEMU and libprotobuf: a practical case of grammar-aware in-memory persistent fuzzing"
• "Introduction to encryption for embedded Linux"
  • "Introduction to encryption for embedded Linux developers"
  • "A hands-on approach to symmetric-key encryption"
  • "Asymmetric-Key Encryption and Digital Signatures in Practice"
• "Linux Syscalls Reference"
• "mjsxj09cm Recovering Firmware And Backdooring"