Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

Hi,

I want to start a thread to collect root-cause-analysis of vulnerabilities.

I am aiming for detailed writeups of real vulnerabilities in real software, preferably in native code.

This first post is going to be a bit of a mess, and I will include a bunch of interesting posts that are not technically root-cause-analysis, but I will be more clean in the  future. :)

Of course everyone is invited to join in. :)

First a few famous blogarchives full of good  content:

 

A whole BUNCH of rootcause analysis by google project zero:

https://googleprojectzero.github.io/0days-in-the-wild/rca.html

same for ssd-disclosure

https://ssd-disclosure.com/advisories-archive/

ZDI blog full of goodies as well:

https://www.zerodayinitiative.com/blog

---------------------------

Second, a bunch of root-cause-analysis I happen to have had bookmarked:

---------------------------

SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities

https://ssd-disclosure.com/ssd-advisory-oracle-virtualbox-multiple-guest-to-host-escape-vulnerabilities/

SSD Advisory – VirtualBox VRDP Guest-to-Host Escape

https://ssd-disclosure.com/ssd-advisory-virtualbox-vrdp-guest-to-host-escape/

Bluetooth → Wi-Fi Code Execution & Wi-Fi Debugging

https://naehrdine.blogspot.com/2021/04/bluetooth-wi-fi-code-execution-wi-fi.html

CVE-2018-0952: Privilege Escalation Vulnerability in Windows Standard Collector Service

https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service

CVE-2021-26415 (ntfs link bait and switch)

https://www.cloaked.pl/2021/04/cve-2021-26415/

Yet another RenderFrameHostImpl UAF

https://microsoftedge.github.io/edgevr/posts/yet-another-uaf/

CVE-2021-1732: win32kfull xxxCreateWindowEx callback out-of-bounds

https://iamelli0t.github.io/2021/03/25/CVE-2021-1732.html#root-cause-analysis

CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k

https://www.zerodayinitiative.com/blog/2021/5/3/cve-2021-26900-privilege-escalation-via-a-use-after-free-vulnerability-in-win32k

BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution

https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html

Analysis of a Windows IPv6 Fragmentation Vulnerability: CVE-2021-24086

https://blog.quarkslab.com/analysis-of-a-windows-ipv6-fragmentation-vulnerability-cve-2021-24086.html

A journey into IonMonkey: root-causing CVE-2019-9810.

https://doar-e.github.io/blog/2019/06/17/a-journey-into-ionmonkey-root-causing-cve-2019-9810/

Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)

https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/

One day short of a full chain: Part 1 - Android Kernel arbitrary code execution

One day short of a full chain: Part 2 - Chrome sandbox escape

One day short of a full chain: Part 3 - Chrome renderer RCE

https://securitylab.github.com/research/one_day_short_of_a_fullchain_android/

---------------------------------

Third, and one-time only, interesting blogposts that are not technically root-cause analysis:

---------------------------------

Hardware Reverse Engineering wiki

https://wiki.recessim.com/view/Main_Page

Playing in the (Windows) Sandbox

https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/

Offensive Windows IPC Internals 1: Named Pipes

https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html

Hyper-V debugging for beginners. 2nd edition.

https://hvinternals.blogspot.com/2021/01/hyper-v-debugging-for-beginners-2nd.html

Security of the Intel Graphics Stack - Part 1 - Introduction

https://igor-blue.github.io/2021/02/10/graphics-part1.html

The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day

https://research.checkpoint.com/2021/the-story-of-jian/

 

  • 3 weeks later...
  • Author

 

Reverse Engineering & Exploiting Dell CVE-2021-21551

https://voidsec.com/reverse-engineering-and-exploiting-dell-cve-2021-21551/

Measured Boot and Malware Signatures: exploring two vulnerabilities found in the Windows loader

https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66

ZDI-21-502: An Information Disclosure Bug in ISC BIND server

https://www.zerodayinitiative.com/blog/2021/6/15/zdi-21-502-an-information-disclosure-bug-in-isc-bind-server

Pwning Home Router - Linksys WRT54G

https://elongl.github.io/exploitation/2021/05/30/pwning-home-router.html

CVE-2021-31440: An Incorrect Bounds Calculation in the Linux Kernel eBPF Verifier

https://www.zerodayinitiative.com/blog/2021/5/26/cve-2021-31440-an-incorrect-bounds-calculation-in-the-linux-kernel-ebpf-verifier

Edited by deepzero

  • 1 month later...
  • Author

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.