deepzero Posted May 4, 2021 Share Posted May 4, 2021 Hi, I want to start a thread to collect root-cause-analysis of vulnerabilities. I am aiming for detailed writeups of real vulnerabilities in real software, preferably in native code. This first post is going to be a bit of a mess, and I will include a bunch of interesting posts that are not technically root-cause-analysis, but I will be more clean in the future. Of course everyone is invited to join in. First a few famous blogarchives full of good content: A whole BUNCH of rootcause analysis by google project zero: https://googleprojectzero.github.io/0days-in-the-wild/rca.html same for ssd-disclosure https://ssd-disclosure.com/advisories-archive/ ZDI blog full of goodies as well: https://www.zerodayinitiative.com/blog --------------------------- Second, a bunch of root-cause-analysis I happen to have had bookmarked: --------------------------- SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities https://ssd-disclosure.com/ssd-advisory-oracle-virtualbox-multiple-guest-to-host-escape-vulnerabilities/ SSD Advisory – VirtualBox VRDP Guest-to-Host Escape https://ssd-disclosure.com/ssd-advisory-virtualbox-vrdp-guest-to-host-escape/ Bluetooth → Wi-Fi Code Execution & Wi-Fi Debugging https://naehrdine.blogspot.com/2021/04/bluetooth-wi-fi-code-execution-wi-fi.html CVE-2018-0952: Privilege Escalation Vulnerability in Windows Standard Collector Service https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service CVE-2021-26415 (ntfs link bait and switch) https://www.cloaked.pl/2021/04/cve-2021-26415/ Yet another RenderFrameHostImpl UAF https://microsoftedge.github.io/edgevr/posts/yet-another-uaf/ CVE-2021-1732: win32kfull xxxCreateWindowEx callback out-of-bounds https://iamelli0t.github.io/2021/03/25/CVE-2021-1732.html#root-cause-analysis CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k https://www.zerodayinitiative.com/blog/2021/5/3/cve-2021-26900-privilege-escalation-via-a-use-after-free-vulnerability-in-win32k BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html Analysis of a Windows IPv6 Fragmentation Vulnerability: CVE-2021-24086 https://blog.quarkslab.com/analysis-of-a-windows-ipv6-fragmentation-vulnerability-cve-2021-24086.html A journey into IonMonkey: root-causing CVE-2019-9810. https://doar-e.github.io/blog/2019/06/17/a-journey-into-ionmonkey-root-causing-cve-2019-9810/ Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086) https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/ One day short of a full chain: Part 1 - Android Kernel arbitrary code execution One day short of a full chain: Part 2 - Chrome sandbox escape One day short of a full chain: Part 3 - Chrome renderer RCE https://securitylab.github.com/research/one_day_short_of_a_fullchain_android/ --------------------------------- Third, and one-time only, interesting blogposts that are not technically root-cause analysis: --------------------------------- Hardware Reverse Engineering wiki https://wiki.recessim.com/view/Main_Page Playing in the (Windows) Sandbox https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/ Offensive Windows IPC Internals 1: Named Pipes https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html Hyper-V debugging for beginners. 2nd edition. https://hvinternals.blogspot.com/2021/01/hyper-v-debugging-for-beginners-2nd.html Security of the Intel Graphics Stack - Part 1 - Introduction https://igor-blue.github.io/2021/02/10/graphics-part1.html The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day https://research.checkpoint.com/2021/the-story-of-jian/ Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now