awesome-list/topics/cybersec.md

# Cybersecurity Content

- Go back to [Home page (awesome list)](../)
- See also [Exploitation specific content](./exploitation.md)

## Summary

* [2023](#2023)
* [2022](#2022)
* [2021](#2021)
* [2020](#2020)
* [2019](#2019)
* [2018](#2018)
* [2016](#2016)
* [Other](#other)

## 2023

* ["A Deep Dive into Penetration Testing of macOS Applications (Part 1)"][49]
* ["A Journey Into Hacking Google Search Appliance"][203]
* ["A new method for container escape using file-based DirtyCred"][201]
* ["A Potholing Tour in a SoC"][189]
* ["A Red-Teamer diaries"][156]
* ["Abusing undocumented features to spoof PE section headers"][139]
* ["Analysis on legit tools abused in human operated ransomware"][4]
* "Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway":
  * [Part 1][196]
  * [Part 2][197]
* ["Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991"][119]
* "ARM64 Reversing And Exploitation" (8ksec)
  * [Part 1][107]
  * [Part 2][108]
  * [Part 3][109]
  * [Part 4][110]
  * [Part 5][111]
  * [Part 6][112]
  * [Part 7][113]
* ["Back to the Future with Platform Security"][97]
* ["Bash Privileged-Mode Vulnerabilities in Parallel Desktop and CDPATH Handling in MacOS"][100]
* ["Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs - CVE-2023-35803"][91]
* ["Behind the Shield: Unmasking Scudos's Defenses"][8]
* ["Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability"][81]
* "chonked"
  * ["minidlna 1.3.2 http chunk parsing heap overflow (cve-2023-33476) root cause analysis"][193]
  * ["exploiting cve-2023-33476 for remote code execution"][194]
* ["CAN Injection: keyless car theft"][195]
* ["Coffee: A COFF loader made in Rust"][93]
* ["CVE-2023-2008 - Analyzing and exploiting a bug in the udmabuf driver"][72]
* ["CVE-2023-26258 – Remote Code Execution in ArcServe UDP Backup"][99]
* ["CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent"][186]
* ["Debugger Ghidra Class"][28]
* ["Detecting BPFDoor Backdoor Variants Abusing BPF Filters"][183]
* ["Dirty Pagetable: A Novel Exploitation Technique To Rule Linux Kernel"][51]
* ["Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”"][164]
* ["Diving Into Smart Contract Decompilation"][204]
* ["Drone Security and Fault Injection Attacks"][82]
* ["Emulating IoT Firmware Made Easy: Start Hacking Without the Physical Device"][47]
* ["Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489)"][182]
* ["Escaping the Google kCTF Container with a Data-Only Exploit"][178]
* ["Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers"][130]
* ["Exploiting null-dereferences in the Linux kernel"][148]
* ["EPF: Evil Packet Filter"][73]
* ["Escaping from Bhyve"][192]
* ["ESP32-C3 Wireless Adventure A Comprehensive Guide to IoT"][69]
* ["Executing Arbitrary Code & Executables in Read-Only FileSystems"][52]
* ["Exploit Engineering – Attacking the Linux Kernel"][146]
* ["Exploiting MikroTik RouterOS Hardware with CVE-2023-30799"][198]
* ["Exploring Android Heap Allocations in Jemalloc 'New'"][7]
* ["Finding and exploiting process killer drivers with LOL for 3000$"][172]
* ["Finding bugs in C code with Multi-Level IR and VAST"][92]
* ["Finding Gadgets for CPU Side-Channels with Static Analysis Tools"][75]
* ["For Science! - Using an Unimpressive Bug in EDK II to Do Some Fun Exploitation"][70]
* ["FortiNAC - Just a few more RCEs"][95]
* ["Fortinet Series 3 — CVE-2022–42475 SSLVPN exploit strategy"][32]
* ["Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues"][90]
* "Fuzzing Farm":
  * ["Fuzzing GEGL with fuzzuf"][43]
  * ["Evaluating Performance of Fuzzer"][44]
  * ["Patch Analysis and PoC Development"][45]
  * ["Hunting and Exploiting 0-day [CVE-2022-24834]"][46]
* "Ghidra" (Craig Young):
  * ["A Guide to Reversing Shared Objects with Ghidra"][121]
  * ["Reversing a Simple CrackMe with Ghidra Decompiler"][122]
  * ["Vulnerability Hunting with Ghidra"][123]
  * ["Patching a Bug from a Ghidra Listing"][124]
  * ["Vulnerability Analysis with Ghidra Scripting"][125]
* ["Hacking Amazon's eero 6 (part 1)"][86]
* ["Hacking Brightway scooters: A case study"][29]
* ["Hardware Hacking to Bypass BIOS Passwords"][5]
* "How NATs Work":
  * [Part 1][152]
  * [Part 2][153]
  * [Part 3][154]
  * [Part 4][155]
* "How I Hacked my Car":
  * [Part 1][101]
  * [Part 2][102]
  * [Part 3][103]
  * [Part 4][104]
  * [Part 5][105]
  * [Part 6][106]
* ["How To Secure A Linux Server"][140]
* ["Icicle: A Re-designed Emulator for Grey-Box Firmware Fuzzing"][171]
* ["In-depth analysis on Valorant’s Guarded Regions"][141]
* ["Intercepting Allocations with the Global Allocator"][79]
* ["Introduction to SELinux"][59]
* ["Kernel Exploit Factory"][159]
* ["Learn Makefiles With the tastiest examples"][24]
* [linux-re-101][169]
* ["Linux Kernel Teaching"][131]
* ["Linux Malware: Defense Evasion Techniques"][165]
* ["Linux rootkits explained – Part 1: Dynamic linker hijacking"][60]
* ["Linux Shellcode 101: From Hell to Shell"][53]
* ["Local Privilege Escalation on the DJI RM500 Smart Controller"][160]
* "Lord Of The Ring0":
  * [Part 1][10]
  * [Part 2][11]
  * [Part 3][12]
  * [Part 4][13]
  * [Part 5][14]
* ["Low-Level Software Security for Compiler Developers"][15]
* ["LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863"][202]
* "Malware Reverse Engineering for Beginners":
  * [Part 1][128]
  * [Part 2][129]
* "mast1c0re"
  * ["Introduction – Exploiting the PS4 and PS5 through a game save"][38]
  * ["Part 1 – Modifying PS2 game save files"][39]
  * ["Part 2 – Arbitrary PS2 code execution"][40]
  * ["Part 3 – Escaping the emulator"][41]
* ["Meterpreter vs Modern EDR(s)"][170]
* ["MSMQ QueueJumper (RCE Vulnerability): An in-depth technical analysis"][177]
* ["Obscure Windows File Types"][74]
* "OPC UA Deep Dive Series":
  * [Part 1][211]
  * [Part 2][212]
  * [Part 3][213]
  * [Part 4][214]
  * [Part 5][215]
* ["OpenSSH Pre-Auth Double Free CVE-2023-25136 – Writeup and Proof-of-Concept"][42]
* ["P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm"][206]
* ["P4wnP1-LTE"][209]
* ["Practical Introduction to BLE GATT Reverse Engineering: Hacking the Domyos EL500"][166]
* ["prctl anon_vma_name: An Amusing Linux Kernel Heap Spray"][184]
* ["PyLoose: Python-based fileless malware targets cloud workloads to deliver cryptominer"][98]
* ["Racing Against the Lock: Exploiting Spinlock UAF in the Android Kernel"][185]
* ["Red vs. Blue: Kerberos Ticket Times, Checksums, and You!"][30]
* ["Retreading The AMLogic A113X TrustZone Exploit Process"][77]
* "DualShock4 Reverse Engineering":
  * [Part 1][149]
  * [Part 3][150]
  * [Part 3][151]
* ["Revisiting CVE-2017-11176"][48]
* ["Rust to Assembly: Understanding the Inner Workings of Rust"][134]
* ["Shambles: The Next-Generation IoT Reverse Engineering Tool to Discover 0-Day Vulnerabilities"][55]
* ["Shell in the Ghost: Ghostscript CVE-2023-28879 writeup"][76]
* ["SRE deep dive into Linux Page Cache"][94]
* ["THC's favourite Tips, Tricks & Hacks (Cheat Sheet)"][31]
* ["The art of Fuzzing: Introduction"][57]
* ["The art of fuzzing: Windows Binaries"][89]
* ["The art of fuzzing-A Step-by-Step Guide to Coverage-Guided Fuzzing with LibFuzzer"][54]
* ["The Linux Kernel Module Programming Guide"][3]
* ["The Untold Story of the BlackLotus UEFI Bootkit"][205]
* ["Sshimpanzee"][16]
* ["Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was"][80]
* ["Your not so "Home Office" - SOHO Hacking at Pwn2Own"][5]
* ["Unauthenticated RCE on a RIGOL oscilloscope"][210]
* ["UNCONTAINED: Uncovering Container Confusion in the Linux Kernel"][37]
* ["Under The Hood - Disassembling of IKEA-Sonos Symfonisk Speaker Lamp"][180]
* ["Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911)"][58]
* ["Zenbleed"][207]

## 2022

* "Bypassing software update package encryption ":
  * ["Extracting the Lexmark MC3224i printer firmware"][190]
  * ["Exploiting the Lexmark MC3224i printer"][191]
* ["Bypassing vtable Check in glibc File Structures"][208]
* ["Blind Exploits to Rule Watchguard Firewalls"][173]
* ["CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF"][168]
* ["DirtyCred Remastered: how to turn an UAF into Privilege Escalation"][167]
* ["Dumping the Amlogic A113X Bootrom"][78]
* ["Embedded Systems Security and TrustZone"][145]
* ["exploiting CVE-2019-2215"][61]
* "Hunting for Persistence in Linux"
  * [Part 1][64]
  * [Part 2][65]
  * [Part 3][66]
  * [Part 4][67]
  * [Part 5][68]
* "Hacking Some More Secure USB Flash Drives":
  * [Part 1][132]
  * [Part 2][133]
* "Netgear Orbi":
  * ["orbi hunting 0x0: introduction, uart access, recon"][33]
  * ["orbi hunting 0x1: crashes in soap-api"][34]
  * ["nday exploit: netgear orbi unauthenticated command injection (cve-2020-27861)"][35]
* ["nday exploit: libinput format string bug, canary leak exploit (cve-2022-1215)"][63]
* ["Pulling MikroTik into the Limelight"][120]
* "Reversing embedded device bootloader (U-Boot)":
  * [Part 1][162]
  * [Part 2][163]
* ["Reverse engineering integrity checks in Black Ops 3"][220]
* ["The Old, The New and The Bypass - One-click/Open-redirect to own Samsung S22 at Pwn2Own 2022"][36]
* ["Turning Google smart speakers into wiretaps for $100k"][18]
* ["Vulnerabilities and Hardware Teardown of GL.iNET GL-MT300N-V2 Router"][126]
* ["Vulnerabilities in Tenda's W15Ev2 AC1200 Router"][127]

## 2021

* ["CVE-2021–20226 a reference counting bug which leads to local privilege escalation in io_uring."][179]
* "Digging into Linux namespaces":
  * [Part 1][157]
  * [Part 2][158]
* "Learning Linux Kernel Exploitation":
  * [Part 1][83]
  * [Part 2][84]
  * [Part 3][85]
* "Linux Kernel Exploitation":
  * ["Debugging the Kernel with QEMU"][25]
  * ["Smashing Stack Overflows in the Kernel"][26]
  * ["Controlling RIP and Escalating privileges via Stack Overflow"][27]
* ["Recovering a Full PEM Private key when Half of it is Redacted"][96]
* "Reverse Engineering Bare-Metal Firmware":
  * [Part 1][142]
  * [Part 2][143]
  * [Part 3][144]
* ["Reverse Engineering Yaesu FT-70D Firmware Encryption"][147]

## 2020

* "BGET Explained Binary Heap Exploitation on OP-TEE":
  * [Part 1][187]
  * [Part 2][188]
* ["Exception(al) Failure - Breaking the STM32F1 Read-Out Protection"][161]
* ["Hardware Hacking 101: Identifying and Dumping eMMC Flash"][87]
* ["House of Muney - Leakless Heap Exploitation Technique"][181]
* ["NTLM Relay"][56]

## 2019

* "Executable and Linkable Format 101":
  * ["Sections and Segments"][135]
  * ["Symbols"][136]
  * ["Relocations"][137]
  * ["Dynamic Linking"][138]
* ["Hardening Secure Boot on Embedded Devices for Hostile Environments"][175]
* ["Pew Pew Pew: Designing Secure Boot Securely"][176]
* ["Reverse-engineering Broadcom wireless chipsets"][200]
* "Virtualization Internals":
  * [Part 1][216]
  * [Part 2][217]
  * [Part 3][218]
  * [Part 4][219]

## 2018

* "CVE-2017-11176: A step-by-step Linux Kernel exploitation":
  * [Part 1][19]
  * [Part 2][20]
  * [Part 3][21]
  * [Part 4][22]
* ["eMMC Data Recovery from Damaged Smartphone"][88]

## 2016

* ["Bypassing Secure Boot using Fault Injection"][174]
* ["munmap madness"][199]
* ["Implementation of Signal Handling"][23]
* "Practical Reverse Engineering"
  * ["Digging Through the Firmware"][114]
  * ["Scouting the Firmware"][115]
  * ["Following the Data"][116]
  * ["Dumping the Flash"][117]
  * ["Digging Through the Firmware"][118]
* ["Understanding and Hardening Linux Containers"][50]

## Other

* ["Advanced binary fuzzing using AFL++-QEMU and libprotobuf: a practical case of grammar-aware in-memory persistent fuzzing"][71]
* "Introduction to encryption for embedded Linux"
  * ["Introduction to encryption for embedded Linux developers"][0]
  * ["A hands-on approach to symmetric-key encryption"][1]
  * ["Asymmetric-Key Encryption and Digital Signatures in Practice"][2]
* ["Linux Syscalls Reference"][17]
* ["mjsxj09cm Recovering Firmware And Backdooring"][62]

[0]: https://sergioprado.blog/introduction-to-encryption-for-embedded-linux-developers/
[1]: https://sergioprado.blog/a-hands-on-approach-to-symmetric-key-encryption/
[2]: https://sergioprado.blog/asymmetric-key-encryption-and-digital-signatures-in-practice/
[3]: https://sysprog21.github.io/lkmpg/
[4]: https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf
[5]: http://conference.hitb.org/files/hitbsecconf2023ams/materials/D1T1%20-%20Your%20Not%20So%20Home%20Office%20-%20Soho%20Hacking%20at%20Pwn2Own%20-%20McCaulay%20Hudson%20&%20Alex%20Plaskett.pdf
[6]: https://cybercx.com.au/blog/bypassing-bios-password/
[7]: https://www.synacktiv.com/publications/exploring-android-heap-allocations-in-jemalloc-new
[8]: https://www.synacktiv.com/en/publications/behind-the-shield-unmasking-scudos-defenses
[10]: https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
[11]: https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
[12]: https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
[13]: https://idov31.github.io/2023/02/24/lord-of-the-ring0-p4.html
[14]: https://idov31.github.io/2023/07/19/lord-of-the-ring0-p5.html
[15]: https://llsoftsec.github.io/llsoftsecbook/
[16]: https://blog.lexfo.fr/sshimpanzee.html
[17]: https://syscalls.mebeim.net/?table=x86/64/x64/v6.5
[18]: https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
[19]: https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part1.html
[20]: https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part2.html
[21]: https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part3.html
[22]: https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part4.html
[23]: http://courses.cms.caltech.edu/cs124/lectures-wi2016/CS124Lec15.pdf
[24]: https://makefiletutorial.com
[25]: https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x0-debugging.html
[26]: http://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x1-smashing.html
[27]: https://blog.k3170makan.com/2021/01/linux-kernel-exploitation-0x2.html
[28]: https://github.com/NationalSecurityAgency/ghidra/tree/master/GhidraDocs/GhidraClass/Debugger
[29]: https://robocoffee.de/?p=436
[30]: https://www.trustedsec.com/blog/red-vs-blue-kerberos-ticket-times-checksums-and-you
[31]: https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet
[32]: https://medium.com/@INTfinitySG/fortinet-series-3-cve-2022-42475-sslvpn-exploit-strategy-2578597f892f
[33]: http://blog.coffinsec.com/research/2022/06/12/orbi-hunting-0-intro-uart.html
[34]: http://blog.coffinsec.com/research/2022/06/19/orbi-hunting-1-soap-api-crashes.html
[35]: http://blog.coffinsec.com/research/2022/07/02/orbi-nday-exploit-cve-2020-27861.html
[36]: https://starlabs.sg/blog/2023/06-the-old-the-new-and-the-bypass-one-clickopen-redirect-to-own-samsung-s22-at-pwn2own-2022/
[37]: https://download.vusec.net/papers/uncontained_sec23.pdf
[38]: https://mccaulay.co.uk/mast1c0re-introduction-exploiting-the-ps4-and-ps5-through-a-gamesave/
[39]: https://mccaulay.co.uk/mast1c0re-part-1-modifying-ps2-game-save-files/
[40]: https://mccaulay.co.uk/mast1c0re-part-2-arbitrary-ps2-code-execution/
[41]: https://mccaulay.co.uk/mast1c0re-part-3-escaping-the-emulator/
[42]: https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/
[43]: https://ricercasecurity.blogspot.com/2023/07/fuzzing-farm-1-fuzzing-gegl-with-fuzzuf.html
[44]: https://ricercasecurity.blogspot.com/2023/07/fuzzing-farm-2-evaluating-performance.html
[45]: https://ricercasecurity.blogspot.com/2023/07/fuzzing-farm-3-patch-analysis-and-poc.html
[46]: https://ricercasecurity.blogspot.com/2023/07/fuzzing-farm-4-hunting-and-exploiting-0.html
[47]: https://boschko.ca/qemu-emulating-firmware/
[48]: https://labs.bluefrostsecurity.de/revisiting-cve-2017-11176
[49]: https://www.cyberark.com/resources/threat-research-blog/a-deep-dive-into-penetration-testing-of-macos-applications-part-1
[50]: https://research.nccgroup.com/wp-content/uploads/episerver-images/assets/ad04beb697a64e3ea20579e5bf604b4e/ad04beb697a64e3ea20579e5bf604b4e.pdf
[51]: https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html
[52]: https://labs.withsecure.com/publications/executing-arbitrary-code-executables-in-read-only-filesystems
[53]: https://axcheron.github.io/linux-shellcode-101-from-hell-to-shell/
[54]: https://aviii.hashnode.dev/the-art-of-fuzzing-a-step-by-step-guide-to-coverage-guided-fuzzing-with-libfuzzer
[55]: https://boschko.ca/shambles/
[56]: https://en.hackndo.com/ntlm-relay/
[57]: https://bushido-sec.com/index.php/2023/06/19/the-art-of-fuzzing/
[58]: https://offsec.almond.consulting/windows-msiexec-eop-cve-2020-0911.html
[59]: https://github.blog/2023-07-05-introduction-to-selinux/
[60]: https://www.wiz.io/blog/linux-rootkits-explained-part-1-dynamic-linker-hijacking
[61]: https://cutesmilee.github.io/kernel/linux/android/2022/02/17/cve-2019-2215_writeup.html
[62]: https://whiterose-infosec.super.site/mjsxj09cm-recovering-firmware-and-backdooring
[63]: http://blog.coffinsec.com/nday/2022/08/04/CVE-2022-1215-libinput-fmt-canary-leak.html
[64]: https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
[65]: https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/
[66]: https://pberba.github.io/security/2022/01/30/linux-threat-hunting-for-persistence-systemd-timers-cron/
[67]: https://pberba.github.io/security/2022/02/06/linux-threat-hunting-for-persistence-initialization-scripts-and-shell-configuration/
[68]: https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators/
[69]: https://www.espressif.com/sites/default/files/documentation/ESP32-C3%20Wireless%20Adventure.pdf
[70]: https://blog.quarkslab.com/for-science-using-an-unimpressive-bug-in-edk-ii-to-do-some-fun-exploitation.html
[71]: https://airbus-seclab.github.io/AFLplusplus-blogpost/
[72]: https://labs.bluefrostsecurity.de/blog/cve-2023-2008.html
[73]: https://cs.brown.edu/~vpk/papers/epf.atc23.pdf
[74]: https://remyhax.xyz/posts/obscure-win-files/
[75]: https://github.com/google/security-research/tree/master/pocs/cpus/spectre-gadgets
[76]: https://offsec.almond.consulting/ghostscript-cve-2023-28879.html
[77]: https://boredpentester.com/retreading-the-amlogic-a113x-trustzone-exploit-process/
[78]: https://haxx.in/posts/dumping-the-amlogic-a113x-bootrom/
[79]: https://bd103.github.io/blog/2023-06-27-global-allocators
[80]: https://labs.watchtowr.com/xortigate-or-cve-2023-27997/
[81]: https://starlabs.sg/blog/2023/06-breaking-the-code-exploiting-and-examining-cve-2023-1829-in-cls_tcindex-classifier-vulnerability/
[82]: https://act-on.ioactive.com/acton/attachment/34793/f-b1aa96d0-bd78-4518-bae3-2889aae340de/1/-/-/-/-/DroneSec-GGonzalez.pdf
[83]: https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/
[84]: https://lkmidas.github.io/posts/20210128-linux-kernel-pwn-part-2/
[85]: https://lkmidas.github.io/posts/20210205-linux-kernel-pwn-part-3/
[86]: https://markuta.com/eero-6-hacking-part-1/
[87]: https://riverloopsecurity.com/blog/2020/03/hw-101-emmc/
[88]: https://dangerouspayload.com/2018/10/24/emmc-data-recovery-from-damaged-smartphone/
[89]: https://bushido-sec.com/index.php/2023/06/25/the-art-of-fuzzing-windows-binaries/
[90]: https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
[91]: https://research.aurainfosec.io/pentest/bee-yond-capacity/
[92]: https://blog.trailofbits.com/2023/06/15/finding-bugs-with-mlir-and-vast/
[93]: https://labs.hakaioffsec.com/coffee-a-coff-loader-made-in-rust/
[94]: https://biriukov.dev/docs/page-cache/0-linux-page-cache-for-sre/
[95]: https://frycos.github.io/vulns4free/2023/06/18/fortinac.html
[96]: https://blog.cryptohack.org/twitter-secrets
[97]: https://labs.ioactive.com/2023/06/back-to-future-with-platform-security.html
[98]: https://www.wiz.io/blog/pyloose-first-python-based-fileless-attack-on-cloud-workloads
[99]: https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/
[100]: https://www.zerodayinitiative.com/blog/2023/4/5/bash-privileged-mode-vulnerabilities-in-parallels-desktop-and-cdpath-handling-in-macos
[101]: https://programmingwithstyle.com/posts/howihackedmycar/
[102]: https://programmingwithstyle.com/posts/howihackedmycarpart2/
[103]: https://programmingwithstyle.com/posts/howihackedmycarpart3/
[104]: https://programmingwithstyle.com/posts/howihackedmycarpart4/
[105]: https://programmingwithstyle.com/posts/howihackedmycarpart5/
[106]: https://programmingwithstyle.com/posts/myhackedcarisdoomed/
[107]: https://8ksec.io/arm64-reversing-and-exploitation-part-1-arm-instruction-set-simple-heap-overflow/
[108]: https://8ksec.io/arm64-reversing-and-exploitation-part-2-use-after-free/
[109]: https://8ksec.io/arm64-reversing-and-exploitation-part-3-a-simple-rop-chain/
[110]: https://8ksec.io/arm64-reversing-and-exploitation-part-4-using-mprotect-to-bypass-nx-protection-8ksec-blogs/
[111]: https://8ksec.io/arm64-reversing-and-exploitation-part-5-writing-shellcode-8ksec-blogs/
[112]: https://8ksec.io/arm64-reversing-and-exploitation-part-6-exploiting-an-uninitialized-stack-variable-vulnerability/
[113]: https://8ksec.io/arm64-reversing-and-exploitation-part-7-bypassing-aslr-and-nx/
[114]: http://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/
[115]: https://jcjc-dev.com/2016/04/29/reversing-huawei-router-2-scouting-firmware/
[116]: https://jcjc-dev.com/2016/05/23/reversing-huawei-3-sniffing/
[117]: https://jcjc-dev.com/2016/06/08/reversing-huawei-4-dumping-flash/
[118]: https://jcjc-dev.com/2016/12/14/reversing-huawei-5-reversing-firmware/
[119]: https://qriousec.github.io/post/vbox-pwn2own-2023/
[120]: https://margin.re/2022/06/pulling-mikrotik-into-the-limelight/
[121]: https://medium.com/@cy1337/a-guide-to-reversing-shared-objects-with-ghidra-cec83d5031e6
[122]: https://medium.com/@cy1337/reversing-a-simple-crackme-with-ghidra-decompiler-5dd1b1c3c0ba
[123]: https://medium.com/@cy1337/vulnerability-hunting-with-ghidra-fb3fc53470ba
[124]: https://medium.com/@cy1337/patching-a-bug-from-a-ghidra-listing-8496e529224a
[125]: https://medium.com/@cy1337/vulnerability-analysis-with-ghidra-scripting-ccf416cfa56d
[126]: https://boschko.ca/glinet-router/
[127]: https://boschko.ca/tenda_ac1200_router/
[128]: https://intezer.com/blog/malware-analysis/malware-reverse-engineering-beginners/
[129]: https://intezer.com/blog/incident-response/malware-reverse-engineering-for-beginners-part-2/
[130]: https://www.zerodayinitiative.com/blog/2023/8/1/exploiting-a-flaw-in-bitmap-handling-in-windows-user-mode-printer-drivers
[131]: https://linux-kernel-labs.github.io/refs/heads/master/index.html
[132]: https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/
[133]: https://blog.syss.com/posts/hacking-usb-flash-drives-part-2/
[134]: https://eventhelix.com/rust/
[135]: https://intezer.com/blog/research/executable-linkable-format-101-part1-sections-segments/
[136]: https://intezer.com/blog/malware-analysis/executable-linkable-format-101-part-2-symbols/
[137]: https://intezer.com/blog/malware-analysis/executable-and-linkable-format-101-part-3-relocations/
[138]: https://intezer.com/blog/malware-analysis/executable-linkable-format-101-part-4-dynamic-linking/
[139]: https://secret.club/2023/06/05/spoof-pe-sections.html
[140]: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server
[141]: https://reversing.info/posts/guardedregions/
[142]: https://ragnarsecurity.medium.com/reverse-engineering-bare-metal-kernel-images-part-2-6a52a4afa3ef
[143]: https://ragnarsecurity.medium.com/reverse-engineering-bare-metal-kernel-images-part-2-6a52a4afa3ef
[144]: https://medium.com/geekculture/reverse-engineering-bare-metal-firmware-part-3-analyzing-arm-assembly-and-exploiting-3b2dbe219f19
[145]: https://embeddedsecurity.io
[146]: https://research.nccgroup.com/2023/05/23/offensivecon-2023-exploit-engineering-attacking-the-linux-kernel/
[147]: https://landaire.net/reversing-yaesu-firmware-encryption/
[148]: https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
[149]: https://blog.the.al/2023/01/01/ds4-reverse-engineering.html
[150]: https://blog.the.al/2023/01/02/ds4-reverse-engineering-part-2.html
[151]: https://blog.the.al/2023/01/03/ds4-reverse-engineering-part-3.html
[152]: https://educatedguesswork.org/posts/nat-part-1/
[153]: https://educatedguesswork.org/posts/nat-part-2/
[154]: https://educatedguesswork.org/posts/nat-part-3/
[155]: https://educatedguesswork.org/posts/nat-part-4/
[156]: https://github.com/ihebski/A-Red-Teamer-diaries
[157]: https://blog.quarkslab.com/digging-into-linux-namespaces-part-1.html
[158]: https://blog.quarkslab.com/digging-into-linux-namespaces-part-2.html
[159]: https://github.com/bsauce/kernel-exploit-factory
[160]: https://icanhack.nl/blog/dji-rm500-privilege-escalation/
[161]: https://blog.zapb.de/stm32f1-exceptional-failure/
[162]: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1/
[163]: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2/
[164]: https://securityintelligence.com/x-force/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/
[165]: https://mutur4.github.io/posts/linux-malware-development/edr/
[166]: https://jcjc-dev.com/2023/03/19/reversing-domyos-el500-elliptical/
[167]: https://exploiter.dev/blog/2022/CVE-2022-2602.html
[168]: https://blog.hacktivesecurity.com/index.php/2022/12/21/cve-2022-2602-dirtycred-file-exploitation-applied-on-an-io_uring-uaf/
[169]: https://github.com/michalmalik/linux-re-101
[170]: https://redops.at/en/blog/meterpreter-vs-modern-edrs-in-2023
[171]: https://arxiv.org/pdf/2301.13346.pdf
[172]: https://alice.climent-pommeret.red/posts/process-killer-driver/
[173]: https://web.archive.org/web/20230628130110/https://www.ambionics.io/blog/hacking-watchguard-firewalls
[174]: https://raelize.com/upload/research/2016/2016_BlackHat-EU_Bypassing-Secure-Boot-Using-Fault-Injection_NT-AS.pdf
[175]: https://raelize.com/upload/research/2019/2019_BlueHat-IL_Hardening-Secure-Boot-on-Embedded-Devices-for-Hostile-Environments_NT-AS-CM.pdf
[176]: https://raelize.com/upload//research/2019/2019_Designing-Secure-Boot-Securely_NT-AS.pdf
[177]: https://securityintelligence.com/x-force/msmq-queuejumper-rce-vulnerability-technical-analysis/#
[178]: https://h0mbre.github.io/kCTF_Data_Only_Exploit/#
[179]:
https://flattsecurity.medium.com/cve-2021-20226-a-reference-counting-bug-which-leads-to-local-privilege-escalation-in-io-uring-e946bd69177a
[180]: https://starlabs.sg/blog/2023/08-ikea-sonos-symfonisk-speaker-lamp-teardown/
[181]: https://maxwelldulin.com/BlogPost/House-of-Muney-Heap-Exploitation
[182]: https://blog.assetnote.io/2023/07/04/citrix-sharefile-rce/
[183]: https://www.trendmicro.com/en_ph/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.html
[184]: https://starlabs.sg/blog/2023/07-prctl-anon_vma_name-an-amusing-heap-spray/
[185]: https://0xkol.github.io/assets/files/Racing_Against_the_Lock__Exploiting_Spinlock_UAF_in_the_Android_Kernel.pdf
[186]: https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
[187]: https://phi1010.github.io/2020-09-14-bget-exploitation/
[188]: https://phi1010.github.io/2020-11-02-bget-exploitation-2/
[189]: https://eshard.com/posts/sca-attacks-on-armv8
[190]: https://research.nccgroup.com/2022/02/17/bypassing-software-update-package-encryption-extracting-the-lexmark-mc3224i-printer-firmware-part-1/
[191]: https://research.nccgroup.com/2022/02/18/analyzing-a-pjl-directory-traversal-vulnerability-exploiting-the-lexmark-mc3224i-printer-part-2/
[192]: https://www.synacktiv.com/publications/escaping-from-bhyve.html
[193]: http://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html
[194]: http://blog.coffinsec.com/0day/2023/06/19/minidlna-cve-2023-33476-exploits.html
[195]: https://kentindell.github.io/2023/04/03/can-injection/
[196]: https://blog.assetnote.io/2023/07/21/citrix-CVE-2023-3519-analysis/
[197]: https://blog.assetnote.io/2023/07/24/citrix-rce-part-2-cve-2023-3519/
[198]: https://vulncheck.com/blog/mikrotik-foisted-revisited
[199]: http://tukan.farm/2016/07/27/munmap-madness/
[200]: https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
[201]: https://starlabs.sg/blog/2023/07-a-new-method-for-container-escape-using-file-based-dirtycred/
[202]: https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt
[203]: https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/
[204]: https://jbecker.dev/research/diving-into-decompilation
[205]: https://binarly.io/posts/The_Untold_Story_of_the_BlackLotus_UEFI_Bootkit/index.html
[206]: https://unit42.paloaltonetworks.com/peer-to-peer-worm-p2pinfect/
[207]: http://lock.cmpxchg8b.com/zenbleed.html
[208]: https://blog.kylebot.net/2022/10/22/angry-FSROP/
[209]: https://sensepost.com/blog/2023/p4wnp1-lte/
[210]: https://tortel.li/post/insecure-scope/
[211]: https://claroty.com/team82/research/opc-ua-deep-dive-history-of-the-opc-ua-protocol
[212]: https://claroty.com/team82/research/opc-deep-dive-part-2-what-is-opc-ua
[213]: https://claroty.com/team82/research/opc-ua-deep-dive-part-3-exploring-the-opc-ua-protocol
[214]: https://claroty.com/team82/research/opc-ua-deep-dive-series-part-4-targeting-core-opc-ua-components
[215]: https://claroty.com/team82/research/opc-ua-deep-dive-series-part-5-inside-team82-s-research-methodology
[216]: https://docs.saferwall.com/blog/virtualization-internals-part-1-intro-to-virtualization/
[217]: https://docs.saferwall.com/blog/virtualization-internals-part-2-vmware-and-virtualization-using-binary-translation/
[218]: https://docs.saferwall.com/blog/virtualization-internals-part-3-xen-and-paravirtualization/
[219]: https://docs.saferwall.com/blog/virtualization-internals-part-4-qemu/
[220]: https://web.archive.org/web/20230522230748/https://momo5502.com/posts/2022-11-17-reverse-engineering-integrity-checks-in-black-ops-3/