This repository is to help new-comers (like ourselves) of binary bug hunting area to improve their skills.
Currently, the gap between CTF and real world bug hunting can be quite huge. And this repository is our attempt to solve that problem by porting the real world bug hunting to small exercises.
CVEs are selected out and setup in a certain scene, your goal is to repeat the process of finding such vulnerabilities out.
We have prepared 3 levels. Each level provides excersises with different difficulties:
- Level 1: Details of the CVEs are provided to help you from "re-discovering" the original vulnerability. Reports like this are provided. So this should be the easiest level.
- Level 2: the details will be emitted. But to narrow down, information about which part of the project contains such vulnerability will be provided. For example, if the bug is about ANGEL (module of the Chromium project), the information about the file will be provided. Most of the time, the path to the patch file should help that.
- Level 3: quite like level 2, but need PoC and exploit (optional)
| Exercise No. | CVEs | Target |
|---|---|---|
| LEVEl_1/exercise_1 | CVE-2020-6542 | Chrome WebGL |
| LEVEl_1/exercise_2 | CVE-2020-6463 | Chrome ANGLE |
| LEVEl_1/exercise_3 | CVE-2020-16005 | ANGLE |
| LEVEl_1/exercise_4 | CVE-2021-21204 | Chrome Blink |
| LEVEl_1/exercise_5 | CVE-2021-21203 | Blink |
| LEVEl_1/exercise_6 | CVE-2021-21188 | Blink |
| LEVEl_1/exercise_7 | CVE-2021-30565 | V8 GC |
| Exercise No. | CVEs | Target |
|---|---|---|
| LEVEL_2/exercise_1 | CVE-2021-21128 | Blink |
| LEVEL_2/exercise_2 | CVE-2021-21122 | Blink |
| LEVEL_2/exercise_3 | CVE-2021-21112 | Blink |
| LEVEL_2/exercise_4 | CVE-2021-30565 | Chrome Tab |
| LEVEL_2/exercise_5 | CVE-2021-21159 | Tab |
| LEVEL_2/exercise_6 | CVE-2021-21190 | Chrome pdfium |
| LEVEL_2/exercise_7 | CVE-2020-6422 | Blink |
| Exercise No. | CVEs | Target |
|---|---|---|
| LEVEl_3/exercise_1 | CVE-2021-21226 | navigation_predictor |
| LEVEl_3/exercise_2 | CVE-2021-21224 | V8 |
| LEVEl_3/exercise_3 | CVE-2021-21223 | mojo |
| LEVEl_3/exercise_4 | CVE-2021-21207 | IndexDB |
| LEVEl_3/exercise_5 | CVE-2021-21202 | extensions |
| LEVEl_3/exercise_6 | CVE-2021-21198 | IPC |
| LEVEl_3/exercise_7 | CVE-2021-21155 | Tab |
Writing your exercise follow this format.