Awesome Windows Exploitation Study References
List of Awesome Windows Exploitation Study References
This list is for anyone wishing to upgrade about Windows Exploitation Research.
Anyway, this is a living resources and will update regularly with latest research articles/talks of awesome researchers.
Kudos to all orignial authors of each research ref.
You can help by sending Pull Requests to add more information.
Table of Contents
↑ Browser
- Beginners guide to UAT exploits IE 0day exploit development
- Fuzzy Security - Spraying the Heap [Chapter 1: Vanilla EIP] – Putting Needles in the Haystack
- Fuzzy Security - Spraying the Heap [Chapter 2: Use-After-Free] – Finding a needle in a Haystack
- Anatomy of an exploit – inside the CVE-2013-3893 Internet Explorer zero-day – Part 1
- Using the JIT Vulnerability to Pwn Microsoft Edge
↑ Flash
↑ Mitagation Bypass
- Disarming and Bypassing EMET 5.1
- Universal DEP/ASLR bypass with msvcr71.dll and mona.py
- Chaining DEP with ROP – the Rubik’s[TM] Cube
- Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR
↑ Kernel
- Windows Kernel Pool Spraying
- Windows Kernel Exploitation Basics - Part 1 : Introduction to DVWDDriver
- Windows Kernel Exploitation Basics - Part 2 : Arbitrary Memory Overwrite exploitation using HalDispatchTable
- Windows Kernel Exploitation Basics - Part 3 : Arbitrary Memory Overwrite exploitation using LDT
- Windows Kernel Exploitation Basics - Part 4 : Stack-based Buffer Overflow exploitation (bypassing cookie)
- Arbitrary Write primitive in Windows kernel (HEVD)
- MS11-080 Exploit – A Voyage into Ring Zero
- Windows kernel pool spraying fun - Part 1 - Determine kernel object size
- Windows kernel pool spraying fun - Part 2 - More objects
- Windows kernel pool spraying fun - Part 3 - Let's make holes
- Fuzzy Security - Kernel Exploitation -> Stack Overflow
- Fuzzy Security - Kernel Exploitation -> Write-What-Where
- Fuzzy Security - Kernel Exploitation -> Null Pointer Dereference
- Fuzzy Security - Kernel Exploitation -> Uninitialized Stack Variable
- Fuzzy Security - Kernel Exploitation -> Integer Overflow
- Fuzzy Security - Kernel Exploitation -> UAF
- Fuzzy Security - Kernel Exploitation -> Pool Overflow
- Fuzzy Security - Kernel Exploitation -> GDI Bitmap Abuse (Win7-10 32/64bit)
- Fuzzy Security - Kernel Exploitation -> RS2 Bitmap Necromancy
- Fuzzy Security - Kernel Exploitation -> Logic bugs in Razer rzpnk.sys
- Intro to Windows kernel exploitation 1/N: Kernel Debugging
- Intro to Windows kernel exploitation 2/N: HackSys Extremely Vulnerable Driver
- Intro to Windows kernel exploitation 3/N: My first Driver exploit
- Intro to Windows kernel exploitation 3.5/N: A bit more of the HackSys Driver
- Sharks in the Pool :: Mixed Object Exploitation in the Windows Kernel Pool
- Windows Kernel Exploitation Tutorial Part 1: Setting up the Environment
- Windows Kernel Exploitation Tutorial Part 2: Stack Overflow
- Windows Kernel Exploitation Tutorial Part 3: Arbitrary Memory Overwrite (Write-What-Where)
- Windows Kernel Exploitation Tutorial Part 4: Pool Feng-Shui –> Pool Overflow
- Windows Kernel Exploitation Tutorial Part 5: NULL Pointer Dereference
- Windows Kernel Exploitation Tutorial Part 6: Uninitialized Stack Variable
- Windows Kernel Exploitation Tutorial Part 7: Uninitialized Heap Variable
- Windows Kernel Exploitation Tutorial Part 8: Use After Free
- Corelan Team (corelanc0d3r) Heap Spraying Demystified