cybersec.md

Cybersecurity Content

• Go back to Home page (awesome list)
• See also Exploitation specific content

Summary

• 2024
• 2023
• 2022
• 2021
• 2020
• 2019
• 2018
• 2017
• 2016
• 2014
• Other

2024

• "Writing a Debugger From Scratch"
  • "Attaching to a Process"
  • "Register State and Stepping"
  • "Reading Memory"
  • "Exports and Private Symbols"
  • "Breakpoints"
  • "Stacks"
  • "Disassembly"

2023

• "A Deep Dive Into Brute Ratel C4 Payloads"
• "A Deep Dive into Penetration Testing of macOS Applications (Part 1)"
• "A look at CVE-2023-29360, a beautiful logical LPE vuln"
• "A Journey Into Hacking Google Search Appliance"
• "A new method for container escape using file-based DirtyCred"
• "A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS: Synology DS920+ Edition"
• "A Potholing Tour in a SoC"
• "A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM"
• "A Red-Teamer diaries"
• "A story about tampering EDRs"
• "Abusing undocumented features to spoof PE section headers"
• "All about LeakSanitizer"
• "All cops are broadcasting: TETRA under scrutiny"
• "All my favorite tracing tools: eBPF, QEMU, Perfetto, new ones I built and more"
• "An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit"
• "Analysis on legit tools abused in human operated ransomware"
• "Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway":
  • Part 1
  • Part 2
• "Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991"
• "Analyzing a Modern In-the-wild Android Exploit"
• "Analyzing an Old Netatalk dsi_writeinit Buffer Overflow Vulnerability in NETGEAR Route"
• "ARM64 Reversing And Exploitation" (8ksec)
  • Part 1
  • Part 2
  • Part 3
  • Part 4
  • Part 5
  • Part 6
  • Part 7
  • Part 8
  • Part 9
  • Part 10
• "Attacking an EDR"
  • Part 1
  • Part 2
• "Audio with embedded Linux training"
• "Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike"
• "Back to the Future with Platform Security"
• "Bash Privileged-Mode Vulnerabilities in Parallel Desktop and CDPATH Handling in MacOS"
• "Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs - CVE-2023-35803"
• "Behind the Shield: Unmasking Scudos's Defenses"
• "BlackLotus UEFI bootkit: Myth confirmed"
• "Breaking Fortinet Firmware Encryption"
• "Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability"
• "Breaking Secure Boot on the Silicon Labs Gecko platform"
• "Building a Custom Mach-O Memory Loader for macOS"
• "Building an Exploit for FortiGate Vulnerability CVE-2023-27997"
• "Bypassing PPL in Userland (again)"
• "Bypassing SELinux with init_module"
• "CAN Injection: keyless car theft"
• "chonked"
  • "minidlna 1.3.2 http chunk parsing heap overflow (cve-2023-33476) root cause analysis"
  • "exploiting cve-2023-33476 for remote code execution"
• "Coffee: A COFF loader made in Rust"
• "Competing in Pwn2Own ICS 2022 Miami: Exploiting a zero click remote memory corruption in ICONICS Genesis64"
• "CVE-2023-2008 - Analyzing and exploiting a bug in the udmabuf driver"
• "CVE-2023-26258 – Remote Code Execution in ArcServe UDP Backup"
• "CVE-2023-36844 And Friends: RCE In Juniper Devices"
• "CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent"
• "cURL audit: How a joke led to significant findings"
• "Debugger Ghidra Class"
• "Debugging D-Link: Emulating firmware and hacking hardware"
• "Decompilation Debugging"
• "Deep Lateral Movement in OT Networks: When is a Perimeter not a Perimeter?"
• "Defining the cobalt strike reflective loader"
• "Demystifying bitwise operations, a gentle C tutorial"
• "Detecting and decrypting Sliver C2 – a threat hunter’s guide"
• "Detecting BPFDoor Backdoor Variants Abusing BPF Filters"
• "Dirty Pagetable: A Novel Exploitation Technique To Rule Linux Kernel"
• "Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”"
• "Diving Into Smart Contract Decompilation"
• "Diving into Starlink's User Terminal Firmware"
• "DJI Mavic 3 Drone Research Part 1: Firmware Analysis"
• "Drone Security and Fault Injection Attacks"
• "DualShock4 Reverse Engineering":
  • Part 1
  • Part 3
  • Part 3
• "Emulating IoT Firmware Made Easy: Start Hacking Without the Physical Device"
• "Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489)"
• "ENLBufferPwn (CVE-2022-47949)"
• "Escaping the Google kCTF Container with a Data-Only Exploit"
• "Exploitation of Openfire CVE-2023-32315"
• "Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers"
• "Exploiting null-dereferences in the Linux kernel"
• "Exploring UNIX pipes for iOS kernel exploit primitives"
• "EPF: Evil Packet Filter"
• "Escaping from Bhyve"
• "ESP32-C3 Wireless Adventure A Comprehensive Guide to IoT"
• "Espressif ESP32: Breaking HW AES with Electromagnetic Analysis"
• "Espressif ESP32: Breaking HW AES with Power Analysis"
• "Examining OpenSSH Sandboxing and Privilege Separation – Attack Surface Analysis"
• "Executing Arbitrary Code & Executables in Read-Only FileSystems"
• "Exploit Engineering – Attacking the Linux Kernel"
• "Exploiting a Remote Heap Overflow with a Custom TCP Stack"
• "Exploiting HTTP Parsers Inconsistencies"
• "Exploiting MikroTik RouterOS Hardware with CVE-2023-30799"
• "Exploring Android Heap Allocations in Jemalloc 'New'"
• "Exploring Linux's New Random Kmalloc Caches"
• "Fantastic Rootkits: And Where To Find Them":
  • Part 1
  • Part 2
  • Part 3
• "Few lesser known tricks, quirks and features of C"
• "Finding and exploiting process killer drivers with LOL for 3000$"
• "Finding bugs in C code with Multi-Level IR and VAST"
• "Finding Gadgets for CPU Side-Channels with Static Analysis Tools"
• "For Science! - Using an Unimpressive Bug in EDK II to Do Some Fun Exploitation"
• "FortiNAC - Just a few more RCEs"
• "Fortinet Series 3 — CVE-2022–42475 SSLVPN exploit strategy"
• "Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues"
• "From C, with inline assembly, to shellcode"
• "Fuzzing Farm":
  • "Fuzzing GEGL with fuzzuf"
  • "Evaluating Performance of Fuzzer"
  • "Patch Analysis and PoC Development"
  • "Hunting and Exploiting 0-day [CVE-2022-24834]"
• "Getting RCE in Chrome with incomplete object initialization in the Maglev compiler"
• "Ghidra" (Craig Young):
  • "A Guide to Reversing Shared Objects with Ghidra"
  • "Reversing a Simple CrackMe with Ghidra Decompiler"
  • "Vulnerability Hunting with Ghidra"
  • "Patching a Bug from a Ghidra Listing"
  • "Vulnerability Analysis with Ghidra Scripting"
• "Ghost In The Wire, Sonic In The Wall - Adventures With SonicWall"
• "Hacking a Tapo TC60 Camera"
• "Hacking Amazon's eero 6 (part 1)"
• "Hacking Brightway scooters: A case study"
• "Hacking ICS Historians: The Pivot Point from IT to OT"
• "Hacking the Nintendo DSi Browser"
• "Hardware Hacking to Bypass BIOS Passwords"
• "Heads up! Xdr33, A Variant Of CIA’s HIVE Attack Kit Emerges"
• "How a simple K-TypeConfusion took me 3 months long to create a exploit? [HEVD] - Windows 11 (build 22621)"
• "How does Linux start a process"
• "How NATs Work":
  • Part 1
  • Part 2
  • Part 3
  • Part 4
• "How I Hacked my Car":
  • Part 1
  • Part 2
  • Part 3
  • Part 4
  • Part 5
  • Part 6
• "How to Emulate Android Native Libraries Using Qiling"
• "How To Secure A Linux Server"
• "Icicle: A Re-designed Emulator for Grey-Box Firmware Fuzzing"
• "In-depth analysis on Valorant’s Guarded Regions"
• "In-Memory-Only ELF Execution (Without tmpfs)"
• "Intel BIOS Advisory – Memory Corruption in HID Drivers "
• "Intercepting Allocations with the Global Allocator"
• "Introduction to SELinux"
• "IoT Series":
  • "Are People Ready to go?"
  • "How To Build Kernel Image From Scratch"
  • "Firmware testing in QEMU"
  • "Debugging with GDB & GHIDRA + Zero-day"
• "JTAG 'Hacking' the Original Xbox in 2023"
• "Kernel Exploit Factory"
• "Learn Makefiles With the tastiest examples"
• "Let's build a Chrome extension that steals everything"
• "Let’s Go into the rabbit hole (part 1) — the challenges of dynamically hooking Golang programs"
• "Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation)"
• linux-re-101
• "Linux debugging, profiling and tracing training"
• "Linux Kernel Teaching"
• "Linux Malware: Defense Evasion Techniques"
• "Linux Red Team":
  • "Exploitation Techniques"
  • "Privilege Escalation Techniques"
  • "Persistence Techniques"
• ["Linux Remote Process Injection - (Injecting into a firefox process)"][569]
• "Linux rootkits explained – Part 1: Dynamic linker hijacking"
• "Linux Shellcode 101: From Hell to Shell"
• "Local Privilege Escalation on the DJI RM500 Smart Controller"
• "Lord Of The Ring0":
  • Part 1
  • Part 2
  • Part 3
  • Part 4
  • Part 5
• "Low-Level Software Security for Compiler Developers"
• "LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863"
• "Making TOCTOU Great again – X(R)IP"
• "Malware Reverse Engineering for Beginners":
  • Part 1
  • Part 2
• "Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects"
• "mast1c0re"
  • "Introduction – Exploiting the PS4 and PS5 through a game save"
  • "Part 1 – Modifying PS2 game save files"
  • "Part 2 – Arbitrary PS2 code execution"
  • "Part 3 – Escaping the emulator"
• "Mélofée: a new alien malware in the Panda's toolset targeting Linux hosts"
• "Meterpreter vs Modern EDR(s)"
• "MTE As Implemented":
  • Part 1
  • Part 2
• "mTLS: When certificate authentication is done wrong"
• "MSMQ QueueJumper (RCE Vulnerability): An in-depth technical analysis"
• "Multiple Vulnerabilities in Qualcomm and Lenovo ARM-based Devices"
• "NetGear Series: Emulating Netgear R6700V3 circled binary ":
  • Part 1
  • Part 2
• "New HiatusRAT Router Malware Covertly Spies On Victims"
• "NVMe: New Vulnerabilities Made Easy"
• "nftables Adventures: Bug Hunting and N-day Exploitation (CVE-2023-31248)"
• "Obscure Windows File Types"
• "Old Bug, Shallow Bug: Exploiting Ubuntu at Pwn2own Vancouver 2023"
• "OPC UA Deep Dive Series":
  • Part 1
  • Part 2
  • Part 3
  • Part 4
  • Part 5
• "OpenSSH Pre-Auth Double Free CVE-2023-25136 – Writeup and Proof-of-Concept"
• "OrBit: advanced analysis of a Linux dedicated malware"
• "OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow"
• "P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm"
• "P4wnP1-LTE"
• "Patches, Collisions, and Root Shells: A Pwn2Own Adventure"
• "Patch Tuesday -> exploit Wednesday: Pwning windows ancillary function driver for WinSock (afd.sys) in 24 hours"
• "Persistence Techniques That Persist"
• "Practical Introduction to BLE GATT Reverse Engineering: Hacking the Domyos EL500"
• "prctl anon_vma_name: An Amusing Linux Kernel Heap Spray"
• "Producing a POC for CVE-2022-42475 (Fortinet RCE)"
• "Protecting Android clipboard content from unintended exposure"
• "Protecting the Phoenix: Unveiling Critical Vulnerabilities in Phoenix Contact HMI"
  • Part 1
  • Part 2
  • Part 3
• "PyLoose: Python-based fileless malware targets cloud workloads to deliver cryptominer"
• "PwnAgent: A One-Click WAN-side RCE in Netgear RAX Routers with CVE-2023-24749"
• "Pwning Pixel 6 with a leftover patch"
• "Pwning the tp-link ax1800 wifi 6 Router: Uncovered and Exploited a Memory Corruption Vulnerability"
• "Racing Against the Lock: Exploiting Spinlock UAF in the Android Kernel"
• "Readline crime: exploiting a SUID logic bug"
• "Red vs. Blue: Kerberos Ticket Times, Checksums, and You!"
• "Restoring Dyld Memory Loading"
• "Retreading The AMLogic A113X TrustZone Exploit Process"
• "RISC-V Bytes: Exploring a Custom ESP32 Bootloader"
• "REUnziP: Re-Exploiting Huawei Recovery With FaultyUSB"
• "Revisiting CVE-2017-11176"
• "Rooting the FiiO M6":
  • "Using the "World's Worst Fuzzer" To Find A Kernel Bug"
  • "Writing an LPE Exploit For Our Overflow Bug"
• "Rust Binary Analysis, Feature by Feature"
• "Rust to Assembly: Understanding the Inner Workings of Rust"
• "SHA-1 gets SHAttered"
• "Shambles: The Next-Generation IoT Reverse Engineering Tool to Discover 0-Day Vulnerabilities"
• "Shell in the Ghost: Ghostscript CVE-2023-28879 writeup"
• "Shifting boundaries: Exploiting an Integer Overflow in Apple Safari"
• "Smart Speaker Shenanigans: Making the Sonos ONE Sing its Secrets"
• "Smashing the state machine: the true potential of web race conditions"
• "SRE deep dive into Linux Page Cache"
• "Stepping Insyde System Management Mode"
• "THC's favourite Tips, Tricks & Hacks (Cheat Sheet)"
• "The ARM32 Scheduling and Kernelspace/Userspace Boundary"
• "The art of Fuzzing: Introduction"
• "The art of fuzzing: Windows Binaries"
• "The art of fuzzing-A Step-by-Step Guide to Coverage-Guided Fuzzing with LibFuzzer"
• "The Blitz Tutorial Lab on Fuzzing with AFL++"
• "The code that wasn’t there: Reading memory on an Android device by accident"
• "The Dragon Who Sold His camaro: Analyzing Custom Router Implant"
• "The Importance of Reverse Engineering in Network Analysis"
• "The Linux Kernel Module Programming Guide"
• "The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders"
• "The Role of the Control Flow Graph in Static Analysis"
• "The Silent Spy Among Us: Smart Intercom Attacks"
• "The Stack Series: The X64 Stack"
• "The Untold Story of the BlackLotus UEFI Bootkit"
• "Tickling ksmbd: fuzzing SMB in the Linux kernel"
• "Tool Release: Cartographer"
• "Total Identity Compromise: Microsoft Incident Response lessons on securing Active Directory"
• "Sshimpanzee"
• "Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was"
• "Your not so "Home Office" - SOHO Hacking at Pwn2Own"
• "Ubuntu Shiftfs: Unbalanced Unlock Exploitation Attempt"
• "Unauthenticated RCE on a RIGOL oscilloscope"
• "UNCONTAINED: Uncovering Container Confusion in the Linux Kernel"
• "Uncovering a crazy privilege escalation from Chrome extensions"
• "Uncovering HinataBot: A Deep Dive into a Go-Based Threat"
• "Under The Hood - Disassembling of IKEA-Sonos Symfonisk Speaker Lamp"
• "Understanding a Payload’s Life Featuring Meterpreter & Other Guests "
• "Understanding the Heap - a beautiful mess"
• "Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911)"
• "Windows Installer EOP (CVE-2023-21800)"
• "Writing your own RDI /sRDI loader using C and ASM"
• "Zenbleed"
• "Zero Effort Private Key Compromise: Abusing SSH-Agent For Lateral Movement"

2022

• "A journey into IoT":
  • "Chip identification, BUSSide, and I2C"
  • "Discover components and ports"
  • "Firmware dump and analysis"
• "ARM 64 Assembly Series":
  • "Basic definitions and registers"
  • "Offset and Addressing modes"
  • "Load and Store"
  • "Branch"
  • "Data Processing (Part 1)"
  • "Data Processing (Part 2)"
  • "selections and loops"
  • "Subroutines"
• "Attacking Titan M with Only One Byte"
• "Avoiding Detection with Shellcode Mutator"
• "Breaking Secure Boot on Google Nest Hub (2nd Gen) to run Ubuntu"
• "Bypassing software update package encryption ":
  • "Extracting the Lexmark MC3224i printer firmware"
  • "Exploiting the Lexmark MC3224i printer"
• "Bypassing vtable Check in glibc File Structures"
• "Blind Exploits to Rule Watchguard Firewalls"
• "BPFDoor - An Evasive Linux Backdoor Technical Analysis"
• "CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel"
• "[CVE-2022-1786] A Journey To The Dawn"
• "CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF"
• "CVE-2022-29582 An io_uring vulnerability"
• "DirtyCred Remastered: how to turn an UAF into Privilege Escalation"
• "Dumping the Amlogic A113X Bootrom"
• "Dynamic analysis of firmware components in IoT devices"
• "Embedded Systems Security and TrustZone"
• "EntryBleed: Breaking KASLR under KPTI with Prefetch (CVE-2022-4543)"
• "Exploiting CSN.1 Bugs in MediaTek Basebands"
• "exploiting CVE-2019-2215"
• "Firmware key extraction by gaining EL3"
• "Fortigate - Authentication Bypass Lead to Full Device Takeover"
• "How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables"
• "Huawei Security Hypervisor Vulnerability"
• "Hunting for Persistence in Linux"
  • Part 1
  • Part 2
  • Part 3
  • Part 4
  • Part 5
• "Hacking Some More Secure USB Flash Drives":
  • Part 1
  • Part 2
• "Intro to Embedded RE":
  • "Tools and Series"
  • "UART Discovery and Firmware Extraction via UBoot"
• "Linux Hardening Guide"
• "Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg"
• "Linux Kernel Exploit (CVE-2022–32250) with mqueue"
• "Linux SLUB Allocator Internals and Debugging":
  • Part 1
  • Part 2
  • Part 3
  • Part 4
• "Linternals: Introducing Memory Allocators & The Page Allocator"
• "Linternals: The Slab Allocator"
• "Looking for Remote Code Execution bugs in the Linux kernel"
• "Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys"
• "Missing Manuals - io_uring worker pool"
• "Netgear Orbi":
  • "orbi hunting 0x0: introduction, uart access, recon"
  • "orbi hunting 0x1: crashes in soap-api"
  • "nday exploit: netgear orbi unauthenticated command injection (cve-2020-27861)"
• "nday exploit: libinput format string bug, canary leak exploit (cve-2022-1215)"
• "Overview of GLIBC heap exploitation techniques"
• "Patching, Instrumenting & Debugging Linux Kernel Modules"
• "pipe_buffer arbitrary read write"
• "Pixel 6 Bootloader"
  • "Booting up"
  • "Emulation, ROP"
  • "Exploitation"
• "Port knocking from the scratch"
• "Pulling MikroTik into the Limelight"
• "Racing against the clock -- hitting a tiny kernel race window"
• "Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free"
• "Researching Xiaomi’s Tee to Get to Chinese Money"
• "Reversing embedded device bootloader (U-Boot)":
  • Part 1
  • Part 2
• "Reverse Engineering a Cobalt Strike Dropper With Binary Ninja"
• "Reverse engineering integrity checks in Black Ops 3"
• "Reverse engineering thermal printers"
• "Reviving Exploits Against Cred Structs - Six Byte Cross Cache Overflow to Leakless Data-Oriented Kernel Pwnage"
• "SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)"
• "Shedding Light on Huawei's Security Hypervisor"
• "Shikitega - New stealthy malware targeting Linux"
• "side channels: power analysis"
• "side channels: using the chipwhisperer"
• "Spoofing Call Stacks To Confuse EDRs"
• "Stealing the Bitlocker key from a TPM"
• "Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat"
• "Tetsuji: Remote Code Execution on a GameBoy Colour 22 Years Later"
• "The Dirty Pipe Vulnerability"
• "The Old, The New and The Bypass - One-click/Open-redirect to own Samsung S22 at Pwn2Own 2022"
• "The toddler’s introduction to Heap exploitation":
  • "Part 1"
  • "Part 2"
  • "Overflows"
  • "Use After Free & Double free"
  • "FastBin Dup to Stack"
  • "FastBin Dup Consolidate"
  • "Unsafe Unlink"
  • "House of Spirit"
  • "House of Lore"
• "Trying To Exploit A Windows Kernel Arbitrary Read Vulnerability"
• "Turning Google smart speakers into wiretaps for $100k"
• "Vulnerabilities and Hardware Teardown of GL.iNET GL-MT300N-V2 Router"
• "Vulnerabilities in BMC Firmware Affect OT/IoT Device Security":
  • Part 1
  • Part 2
• "Vulnerabilities in Tenda's W15Ev2 AC1200 Router"
• "Write a Linux firewall from scratch based on Netfilter"
• "Yet another bug into Netfilter"

2021

• "A dive into the PE file format":
  • "Introduction"
  • "DOS Header, DOS Stub and Rich Header"
  • "NT Headers"
  • "Data Directories, Section Headers and Sections"
  • "Imports (Import Direcory Table, ILT, IAT)"
  • "PE Base Relocations"
  • "Writing a PE Parser"
• "Breaking 64 bit aslr on Linux x86-64"
• "Bypassing GLIBC 2.32’s Safe-Linking Without Leaks into Code Execution: The House of Rust"
• "Complete Guide to Stack Buffer Overflow (OSCP Preparation)"
• "CVE-2021–20226 a reference counting bug which leads to local privilege escalation in io_uring."
• "Digging into Linux namespaces":
  • Part 1
  • Part 2
• "Fire of Salvation Writeup: Utilizing msg_msg Objects for Arbitrary Read and Arbitrary Write in the Linux Kernel"
• "Ghidra 101":
  • "Cursor Text Highlighting"
  • "Slice Highlighting"
  • "Decoding Stack Strings"
  • "Loading Windows Symbols (PDB files)"
  • "Creating Structures in Ghidra"
  • "Loading Windows Symbols (PDB files) in Ghidra 10.x"
• "GRCON 2021 - Capture the Signal"
• "Learning Linux Kernel Exploitation":
  • Part 1
  • Part 2
  • Part 3
• "Linux Kernel Exploitation":
  • "Debugging the Kernel with QEMU"
  • "Smashing Stack Overflows in the Kernel"
  • "Controlling RIP and Escalating privileges via Stack Overflow"
• "Live Debugging Techniques for the Linux Kernel"
  • Part 1
  • Part 2
  • Part 3
• "New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor"
• "New Old Bugs in the Linux Kernel"
• "Recovering a Full PEM Private key when Half of it is Redacted"
• "Reverse Engineering Bare-Metal Firmware":
  • Part 1
  • Part 2
  • Part 3
• "Reverse Engineering Yaesu FT-70D Firmware Encryption"
• "Syzkaller diving":
  • Part 1
  • Part 2
  • Part 3
• "The Oddest Place You Will Ever Find PAC"
• "Wall Of Perdition: Utilizing msg_msg Objects For Arbitrary Read And Arbitrary Write In The Linux Kernel"

2020

• "A Deep Dive Into Samsung's TrustZone"
  • Part 1
  • Part 2
  • Part 3
• "BGET Explained Binary Heap Exploitation on OP-TEE":
  • Part 1
  • Part 2
• "BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution"
• "Detecting Linux memfd_create() Fileless Malware with Command Line Forensics"
• "Exception(al) Failure - Breaking the STM32F1 Read-Out Protection"
• "Hardware Hacking 101: Identifying and Dumping eMMC Flash"
• "House of Muney - Leakless Heap Exploitation Technique"
• "Loading Dynamic Libraries on Mac"
• "Minesweeper - TP-Link Archer C7 LAN RCE"
• "My Methods To Achieve Persistence In Linux Systems"
• "nRF52 Debug Resurrection":
  • Part 1
  • Part 2
• "NTLM Relay"
• "Patch Diffing a Cisco RV110W Firmware Update"
  • Part 1
  • Part 2
• "ret2dl_resolve x64: Exploiting Dynamic Linking Procedure In x64 ELF Binaries"
• "SSHD Injection and Password Harvesting"
• "Weekend Destroyer - RCE in Western Digital PR4100 NAS"
• "What're you telling me, Ghidra?"

2019

• "Breaking out of Docker via runC – Explaining CVE-2019-5736"
• "Executable and Linkable Format 101":
  • "Sections and Segments"
  • "Symbols"
  • "Relocations"
  • "Dynamic Linking"
• "Hacking microcontroller firmware through a USB"
• "Hardening Secure Boot on Embedded Devices for Hostile Environments"
• "Pew Pew Pew: Designing Secure Boot Securely"
• "Pwn the ESP32 Secure Boot"
• "Reverse Engineering Architecture And Pinout of Custom Asics"
• "Reverse-engineering Broadcom wireless chipsets"
• "Virtualization Internals":
  • Part 1
  • Part 2
  • Part 3
  • Part 4

2018

• "A Guide to ARM64 / AArch64 Assembly on Linux with Shellcodes and Cryptography"
• "CVE-2017-11176: A step-by-step Linux Kernel exploitation":
  • Part 1
  • Part 2
  • Part 3
  • Part 4
• "eMMC Data Recovery from Damaged Smartphone"
• "My journey towards Reverse Engineering a Smart Band — Bluetooth-LE RE"
• "Vectorized Emulation":438
  • "Hardware accelerated taint tracking at 2 trillion instructions per second"
  • "MMU Design"

2017

• "HiSilicon DVR hack"
• "How I Reverse Engineered and Exploited a Smart Massager"
• "Linux ptrace introduction AKA injecting into sshd for fun"

2016

• "Bypassing Secure Boot using Fault Injection"
• "munmap madness"
• "Implementation of Signal Handling"
• "Practical Reverse Engineering"
  • "Digging Through the Firmware"
  • "Scouting the Firmware"
  • "Following the Data"
  • "Dumping the Flash"
  • "Digging Through the Firmware"
• "Understanding and Hardening Linux Containers"

2014

• "ret2dir: Rethinking Kernel Isolation"

Other

• "A Noobs Guide to ARM Exploitation"
• "Advanced binary fuzzing using AFL++-QEMU and libprotobuf: a practical case of grammar-aware in-memory persistent fuzzing"
• "Advanced Compilers: The Self-Guided Online Course"
• "ARM TrustZone: pivoting to the secure world"
• Awesome Industrial Protocols
• "Brute Ratel - Scandinavian Defence"
• "Introduction to encryption for embedded Linux"
  • "Introduction to encryption for embedded Linux developers"
  • "A hands-on approach to symmetric-key encryption"
  • "Asymmetric-Key Encryption and Digital Signatures in Practice"
• "Debugger Ghidra Class"
• DhavalKapil/heap-exploitation
• Diffing Portal
• Ghidriff - Ghidra Binary Diffing Engine
• "Grand Theft Auto A peek of BLE relay attack"
• ice9-bluetooth-sniffer
• "Illustrated Connections":
  • dtls
  • quic
  • tls 1.2
  • tls 1.3
• "Introduction to Malware Analysis and Reverse Engineering"
• "Laser-Based Audio Injection on Voice-Controllable Systems"
• Linux Kernel CVEs
• "Linux Kernel map"
• "Linux Insides"
• "Linux Syscalls Reference"
• "Lytro Unlock - Making a bad camera slightly better"
• "Minimizing Rust Binary Size"
• "mjsxj09cm Recovering Firmware And Backdooring"
• "Offensive security (0xtriboulet)"
• "Operating System development tutorials in Rust on the Raspberry Pi"
• Red-Team-Infrastructure-Wiki
• "Reverse Engineering For Everyone!"
• "Satellite Hacking Demystified(RTC0007)"
• TEE Reversing
• tmpout.sh: collection of writeups on low-level stuff
• "THC's favourite Tips, Tricks & Hacks (Cheat Sheet)"
• USB-WiFi
• "VSS: Beginners Guide to Building a Hardware Hacking Lab"
• "WinDBG quick start tutorial"