Jump to content
Tuts 4 You

A collection of root-cause-analysis of real vulnerabilites in real software

deepzero

By deepzero
in Reverse Engineering Articles

 Share

Recommended Posts

deepzero

deepzero

Posted
Posted

Hi,

I want to start a thread to collect root-cause-analysis of vulnerabilities.

I am aiming for detailed writeups of real vulnerabilities in real software, preferably in native code.

This first post is going to be a bit of a mess, and I will include a bunch of interesting posts that are not technically root-cause-analysis, but I will be more clean in the  future. :)

Of course everyone is invited to join in. :)

First a few famous blogarchives full of good  content:

 

A whole BUNCH of rootcause analysis by google project zero:

https://googleprojectzero.github.io/0days-in-the-wild/rca.html

same for ssd-disclosure

https://ssd-disclosure.com/advisories-archive/

ZDI blog full of goodies as well:

https://www.zerodayinitiative.com/blog

---------------------------

Second, a bunch of root-cause-analysis I happen to have had bookmarked:

---------------------------

SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities

https://ssd-disclosure.com/ssd-advisory-oracle-virtualbox-multiple-guest-to-host-escape-vulnerabilities/

SSD Advisory – VirtualBox VRDP Guest-to-Host Escape

https://ssd-disclosure.com/ssd-advisory-virtualbox-vrdp-guest-to-host-escape/

Bluetooth → Wi-Fi Code Execution & Wi-Fi Debugging

https://naehrdine.blogspot.com/2021/04/bluetooth-wi-fi-code-execution-wi-fi.html

CVE-2018-0952: Privilege Escalation Vulnerability in Windows Standard Collector Service

https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service

CVE-2021-26415 (ntfs link bait and switch)

https://www.cloaked.pl/2021/04/cve-2021-26415/

Yet another RenderFrameHostImpl UAF

https://microsoftedge.github.io/edgevr/posts/yet-another-uaf/

CVE-2021-1732: win32kfull xxxCreateWindowEx callback out-of-bounds

https://iamelli0t.github.io/2021/03/25/CVE-2021-1732.html#root-cause-analysis

CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k

https://www.zerodayinitiative.com/blog/2021/5/3/cve-2021-26900-privilege-escalation-via-a-use-after-free-vulnerability-in-win32k

BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution

https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html

Analysis of a Windows IPv6 Fragmentation Vulnerability: CVE-2021-24086

https://blog.quarkslab.com/analysis-of-a-windows-ipv6-fragmentation-vulnerability-cve-2021-24086.html

A journey into IonMonkey: root-causing CVE-2019-9810.

https://doar-e.github.io/blog/2019/06/17/a-journey-into-ionmonkey-root-causing-cve-2019-9810/

Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)

https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/

One day short of a full chain: Part 1 - Android Kernel arbitrary code execution

One day short of a full chain: Part 2 - Chrome sandbox escape

One day short of a full chain: Part 3 - Chrome renderer RCE

https://securitylab.github.com/research/one_day_short_of_a_fullchain_android/

---------------------------------

Third, and one-time only, interesting blogposts that are not technically root-cause analysis:

---------------------------------

Hardware Reverse Engineering wiki

https://wiki.recessim.com/view/Main_Page

Playing in the (Windows) Sandbox

https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/

Offensive Windows IPC Internals 1: Named Pipes

https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html

Hyper-V debugging for beginners. 2nd edition.

https://hvinternals.blogspot.com/2021/01/hyper-v-debugging-for-beginners-2nd.html

Security of the Intel Graphics Stack - Part 1 - Introduction

https://igor-blue.github.io/2021/02/10/graphics-part1.html

The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day

https://research.checkpoint.com/2021/the-story-of-jian/

 

Link to comment
Share on other sites
  • 3 weeks later...
deepzero

deepzero

Posted
  • Author
Posted (edited)

 

Reverse Engineering & Exploiting Dell CVE-2021-21551

https://voidsec.com/reverse-engineering-and-exploiting-dell-cve-2021-21551/

Measured Boot and Malware Signatures: exploring two vulnerabilities found in the Windows loader

https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66

ZDI-21-502: An Information Disclosure Bug in ISC BIND server

https://www.zerodayinitiative.com/blog/2021/6/15/zdi-21-502-an-information-disclosure-bug-in-isc-bind-server

Pwning Home Router - Linksys WRT54G

https://elongl.github.io/exploitation/2021/05/30/pwning-home-router.html

CVE-2021-31440: An Incorrect Bounds Calculation in the Linux Kernel eBPF Verifier

https://www.zerodayinitiative.com/blog/2021/5/26/cve-2021-31440-an-incorrect-bounds-calculation-in-the-linux-kernel-ebpf-verifier

Edited by deepzero
Link to comment
Share on other sites
  • 1 month later...
deepzero

deepzero

Posted
  • Author
Posted

An EPYC escape: Case-study of a KVM breakout

https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html?m=1

CVE-2021-26892: An Authorization Bypass on the Microsoft Windows EFI System Partition

https://www.zerodayinitiative.com/blog/2021/6/30/cve-2021-26892-an-authorization-bypass-on-the-microsoft-windows-efi-system-partition

ZDI-21-502: An Information Disclosure Bug in ISC BIND server

https://www.zerodayinitiative.com/blog/2021/6/15/zdi-21-502-an-information-disclosure-bug-in-isc-bind-server

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...