🐛 bug.directory
Search
Search
Dark mode
Light mode
Explorer
"Tianfu Cup 2023" Chrome use-after-free
“To live is to fight, to fight is to live! - IBM ODM Remote Code Execution
4 exploits, 1 bug - Exploiting CVE-2024-20017 4 Different Ways
15 bugs in Realtek Jungle SDK
21 compilers and 3 orders of magnitude in 60 minutes
30 Years of Decompilation and the Unsolved Structuring Problem - Part 1
30 Years of Decompilation and the Unsolved Structuring Problem - Part 2
2023 CTF Challenge And Write-Up Database
2023 Firmware Security Thread
A Catastrophe For Control - Understanding the ScreenConnect Authentication Bypass
A Deep Dive into the CoSoSys EndPoint Protector Exploit - Remote Code Execution
A Handful of Imagination GPU Vulnerabilities
A journey through KiUserExceptionDispatcher
A LibAFL Introductory Workshop
A review of zero-day in-the-wild exploits in 2023
A step-by-step guide to writing an iOS kernel exploit
A Trick, The Story Of CVE-2024-26230
Accessory Authentication
Achieving Remote Code Execution in Steam - a journey into the Remote Play protocol
Address Sanitizer for Bare-metal Firmware
AMD Radeon DirectX 11 Driver Arbitrary Write
An Introduction to Chrome Exploitation - Maglev Edition
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Analyzing Modern DRMs
angr for real-world use cases
ARLO - I'm Watching You
Attack of the clones - Getting RCE in Chrome's renderer with duplicate object properties
Attacking Android Binder - Analysis and Exploitation of CVE-2023-20938
Attacking UNIX Systems via CUPS, Part I
BadgeLife @ Off-By-One Conference 2024
Binder Internals
Breaking Barriers and Assumptions - Techniques for Privilege Escalation on Windows - Part 3
Breaking Bitlocker - Bypassing the Windows Disk Encryption
Breaking SIP with Apple-Signed Packages
Buffer Overflow in Via H264 Processing
Buffer-overflow in Skia
Bugs of Yore - A Bug Hunting Journey on VMware's Hypervisor
Bypassing ARM's Memory Tagging Extension with a Side-Channel Attack
Bypassing Veeam Authentication CVE-2024-29849
Bytecode Breakdown - Unraveling Factorio's Lua Security Flaws
C++ Unwind Exception Metadata - A Hidden Reverse Engineering Bonanza
Can You Get Root With Only a Cigarette Lighter?
Chaining N-days to Compromise All - Part 1 — Chrome Renderer RCE
Chaining N-days to Compromise All - Part 2 — Windows Kernel LPE (a.k.a Chrome Sandbox Escape)
Chaining N-days to Compromise All - Part 4 — VMware Workstation Information leakage
Chaining N-days to Compromise All - Part 6 — Windows Kernel LPE - Get SYSTEM
Chaining N-days to Compromise All -Windows Driver LPE - Medium to System
Chrome Exploitation - From Zero To Heap-Sandbox Escape
CodeQL zero to hero part 3 - Security research with CodeQL
corCTF 2024 - trojan-turtles writeup
CVE-2020-27786 (Race Condition + Use-After-Free)
CVE-2022-22265 Samsung npu driver
CVE-2023-6345 - Integer overflow in Skia
CVE-2023-26322 - Xiaomi Pro 13 isUrlMatchLevel Permissive List of Allowed Inputs Remote Code Execution Vulnerability
CVE-2023-34992 - Fortinet FortiSIEM Command Injection Deep-Dive
CVE-2023-36049 - Microsoft .NET CRLF Injection Arbitrary File Write & Deletion Vulnerability
CVE-2023-42942 - xpcroleaccountd Root Privilege Escalation
CVE-2023-46263 - Ivanti Avalanche Arbitrary File Upload Vulnerability
CVE-2023-52447 - Exploit Technique
CVE-2024-0204 - Fortra GoAnywhere MFT Authentication Bypass Deep-Dive
CVE-2024-1212 - Unauthenticated Command Injection In Progress Kemp LoadMaster
CVE-2024-1283 - Cross-{Cache, Bucket} Browser Exploit
CVE-2024-2389 - Command Injection Vulnerability In Progress Flowmon
CVE-2024-3832 - Object corruption on wasm functions installation
CVE-2024-3914 - V8 UAF
CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js
CVE-2024-4761 - v8 missing check of WasmObject type cast causes type confusion and OOB access
CVE-2024-4947 - Type Confusion in V8
CVE-2024-5274 - A Minor Flaw in V8 Parser Leading to Catastrophes
CVE-2024-20697 - Windows Libarchive Remote Code Execution Vulnerability
CVE-2024-21115 - An Oracle VirtualBox LPE Used To Win Pwn2Own
CVE-2024-22058 Ivanti Landesk LPE
CVE-2024-25938 - Foxit Reader Barcode widget Calculate event use-after-free vulnerability
CVE-2024-27815 - A Buffer Overflow in the XNU Kernel
CVE-2024-27822 - macOS PackageKit Privilege Escalation
CVE-2024-28183 OTA Anti-Rollback Bypass via TOCTOU in ESP-IDF
CVE-2024-29510 – Exploiting Ghostscript using format strings
CVE-2024-29511 - Abusing Ghostscript's OCR device
CVE-2024-29824 Deep Dive - Ivanti EPM SQL Injection Remote Code Execution Vulnerability
CVE-2024-30043 - Abusing URL Parsing Confusion To Exploit XXE On SharePoint Server And Cloud
CVE-2024-37079 - VMware vCenter Server Integer Underflow Code Execution Vulnerability
CVR - The Mines of Kakadûm
Deep Dive into RCU Race Condition - Analysis of TCP-AO UAF (CVE-2024–27394)
Deploying Rust in Existing Firmware Codebases
Dissecting the CVE-2024-38106 Fix
Diving into ADB protocol internals - Pt 1
DJI - The ART of obfuscation
Do a firmware update for your AirPods...now
Driving forward in Android drivers
Effective Fuzzing - A Dav1d Case Study
Eliminating Memory Safety Vulnerabilities at the Source
Emulating RH850 architecture with Unicorn Engine
Etiquette for dropping PoCs in 2024? A Linux LPE
Evernote RCE - From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution
Exploit Development - Windows Kernel Exploitation - Debugging Environment and Stack Overflow
Exploit GSM
Exploitation 4011 - Windows Kernel Exploitation
Exploited V8 Bugs in 2024
Exploiting a SpiderMonkey - From Integer Range Inconsistency to Bound Check Elimination then RCE
Exploiting American Conquest
Exploiting Android's Hardened Memory Allocator
Exploiting Issue-1472121
Exploiting the NT Kernel in 24H2 - New Bugs in Old Code & Side Channels Against KASLR
Exploiting V8 at openECSC
exploits.club Weekly Newsletter 20 - Special @_manfp Edition
Exploring AMD Platform Secure Boot
Exploring Counter-Strike - Global Offensive Attack Surface
FAQ - The tragedy of low-level exploitation
Finding Gadgets for CPU Side-Channels with Static Analysis Tools
Finding Vulnerability Variants at Scale
FireFox OOB Read via clipboard component
Fixing an Elgato HD60 S HDMI capture device with the help of Ghidra
Flipping Pages - An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
From object transition to RCE in the Chrome renderer
From Pwn2Own Automotive - Taking Over the Autel Maxicharger
Fuzz Everything, Everywhere, All at Once
Fuzzer Development - Sandboxing Syscalls
Fuzzer Development 3 - Building Bochs, MMU, and File I0
Fuzzer Development 4 - Snapshots, Code-Coverage, and Fuzzing
Fuzzware Goes Open-Source
gaining access to anyones browser without them even visiting a website
Gaining kernel code execution on an MTE-enabled Pixel 8
Ghidra nanoMIPS ISA module
Ghostrace - Exploiting and Mitigating Speculative Race Conditions
Ghostwrite CPU Vulnerability
Glitching in 3D - Low Cost EMFI Attacks
Google And Arm - Raising The Bar on GPU Security
Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution
Hacking a 2014 Tablet...in 2024
Hacking Exchange from the Outside In
Hardware and firmware reverse engineering primer - dissecting an FPV and video surveillance platform
Heap Buffer Overflow In ANGLE
Heap exploitation, glibc internals and nifty tricks
Hi, My Name Is Keyboard
HITCON CTF QUAL 2024 Pwn Challenge Part 1 - Halloween and v8sbx
How an old bug in Lighttpd gained new life in AMI BMC, including Lenovo and Intel products
How Low Can You Go - An Analysis of 2023 Time-to-Exploit Trends
How we found and fixed an eBPF Linux Kernel Vulnerability
Hunting Bugs in Nginx JavaScript Engine (njs)
Hyper-V 1-day Class - CVE-2024-38127
Iconv, set the charset to RCE - Exploiting the glibc to hack the PHP engine part 3
IERAE CTF 2024 - Intel CET Bypass Challenge
iMessage with PQ3 -The new state of the art in quantum-secure messaging at scale
Inside The iOS Bug That Made Deleted Photos Reappear
Inside the LogoFAIL PoC - From Integer Overflow to Arbitrary Code Execution
Introducing Java fuzz harness synthesis using LLMs
Introducing LLM-based harness synthesis for unfuzzed projects
Introduction To Windows Secure Channel RCE - CVE-2024-28148
iOS - A Journey In The USB Networking Stack
ioxide - N_GSM 0 day
IPC Fuzzing with Snapshots
Ivan Frantic's MacOS Video Decoder Bugs
Jailbreaking an Electric Vehicle in 2023
Jailbreaking RabbitOS - Uncovering Secret Logs, and GPL Violations
Jailbreaking The Apple HomePod - Fun With Checkm8 And Smart Speakers
Java Deserialization Tricks
Keynote - Rust in the Linux kernel
kfd write-ups
Leveraging Binary Ninja IL To Reverse a Custom ISA - Cracking The "Pot Of Gold" 37C3
Linux - UAF in the tipc_buf_append()
Linux Kernel - Vulnerability in the eBPF verifier register limit tracking
Linux Kernel CodeQL Queries
Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability
Linux Kernel Int Overflow Leading To Priv Esc
Linux RCU internal
Listen Up - Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap
LLM-based Fuzz Harness generation with OSS-Fuzz-gen
LLVM's 'RFC - C++ Buffer Hardening' at Google
Low-Level Development on Retail Android Hardware - Reconnaissance and Prototyping a Bootloader
Making Mojo Exploits More Difficult
Mali GPU Kernel LPE
Meta Bug Bounty - Fuzzing "netconsd" for fun and profit
Mind the Patch Gap - Exploiting an io_uring Vulnerability in Ubuntu
Missing signs - how several brands forgot to secure a key piece of Android
mistymntncop - CVE-2022-4262 PoC
Modern Anti-Abuse Mechanisms in Competitive Video Games at Black Hat 2024
Modern Cryptographic Attacks - A Guide For The Perplexed
Molding Lies Into Reality - Exploiting CVE-2024-4358
Multiple Vulnerabilities in the Deep Sea Electronics DSE855
Nintendo hacking 2023-2008
Nintendo Switch Game Hacking Resources
nix libX11 - Uncovering and Exploiting a 35-year-old Vulnerability
No Way, PHP Strikes Again - CVE-2024-4577
NVIDIA GPU Compiler Driver Shader Functionality out-of-bounds read vulnerability
One Year of Mobile VRP - Reward Increases and Lessons Learned
OpenSSH Backdoors
Operation Mango - Scalable Discovery of Taint-Style Vulnerabilities in Binary Firmware Services
Oracle VM VirtualBox 7.0.10 r158379 Escape (CVE-2023-22098 PoC)
OSS-Fuzz Gen
OST2 Introductory Course To HyperDbg
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)
Pixel Tablet Dock (korlan) Secure Boot Bypass
Pixel's Proactive Approach to Security - Addressing Vulnerabilities in Cellular Modems
PixieFail - Nine vulnerabilities in Tianocore's EDK II IPv6 network stack.
PoC for CVE-2023-4427
Potential One Click MMS RCE on Xiomi via Malicious GIF
PowerVR - integer overflows in DevmemXIntMapPages() and DevmemXIntUnmapPages(), exploitable as dangling GPU page table entries
Preauth RCE on NVIDIA Triton Server
Project Naptime - Evaluating Offensive Security Capabilities of Large Language Models
Puckungfu 2 - Another NETGEAR WAN Command Injection
Pumping Iron on the Musl Heap - Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap
Pwn2Own - Pivoting from WAN to LAN to Attack a Synology BC500 IP Camera, Part 2
Pwn2Own - WAN-to-LAN Exploit Showcase
Pwn2Own Automotive - CHARX Vulnerability Discovery
Pwn2Own Automotive - Popping the CHARX SEC-3100
Pwn2Own Automotive 2024 - Hacking the JuiceBox 40
Pwn2Own Stories
QakBot attacks with Windows zero-day (CVE-2024-30051)
QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends)
Qualys Releases Two glibc Bugs
Race condition in 9p File System
Race conditions in Linux Kernel perf events
Racing round and round - The little bug that could
Radek Domanski from FlashBack team on PWN2OWN
RCE & SQLi for pre-auth RCE in IP.Board e-commerce plugin ‘nexus’
RCE on Ollama
Reasons for the Unreasonable Success of Fuzzing
Recovering an ECU firmware using disassembler and branches
regreSSHion - RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)
Relution Remote Code Execution via Java Deserialization Vulnerability
Remote, One-Click, Breaking through Smartphones via a Non Well-Known Remote Attack Surface
Resurrecting Internet Explorer - Threat Actors Using Zero-Day Tricks In Internet Shortcut File To Lure Victims
Return of the JIT
Reverse Engineering The XZ Backdoor
Review of the SAILR paper
Ring Around The Regex - Lessons learned from fuzzing regex libraries (Part 1)
Ring Around The Regex - Lessons learned from fuzzing regex libraries (Part 2)
Robots Dream of Root Shells
ROPing Routers From Scratch - Step-By-Step TEnda Ac8v4 MIPs 0day Flow-Control ROP -> RCE
Safer with Google - Advancing Memory Safety
Say Friend and Enter - Digitally lockpicking an advanced smart lock
Say Friend and Enter - Digitally lockpicking an advanced smart lock (Part 2)
Secure by Design - Google’s Perspective on Memory Safety
Security research without ever leaving GitHub - From code scanning to CVE via Codespaces and private vulnerability reporting
Shuffle Up and Deal - Analyzing the Security of Automated Card Shufflers
SIMurai - Slicing Through the Complexity of SIM Card Security Research
Sky's the Limit - Quick Analysis and Exploitation of a Chrome ipcz TOCTOU Vulnerability
SLUB Internals for Exploit Developers
Smoke and Mirrors - Driver Signatures Are Optional
So You Wanna Find Bugs In The Linux Kernel
SolarWinds Security Event Manager AMF deserialization RCE (CVE-2024-0692)
SSD ADVISORY - D-LINK DIR-X4860 Security Vulnerabilities
SSD Advisory - Google Chrome RCE
SSD Advisory - Linux Kernel taprio OOB
SSD Advisory - TP-LINK VIGI onvif_discovery Overflow
SSD Advisory – Foscam R4M UDTMediaServer Buffer Overflow
Stardew Valley PRNG Seed Cracking
Start Your Engines - Capturing the First Flag in Google's New v8CTF
Streaming vulnerabilities from Windows Kernel - Proxying to Kernel - Part II
Streaming vulnerabilities from Windows Kernel (Part 1) - Proxying to Kernel
Strengthening the Shield - MTE in Heap Allocators
Super Hat Trick - Exploit Chrome and Firefox Four Times
Surviving MiraclePtr Navigating of Webp and Beyond by Kira
Telegram for Android - Use-after-free in Connection onReceivedData
The Boom, the Bust, the Adjust and the Unknown
The Exploit Development Lifecycle
The FloW Drops PPW
The real slim shady - Ivanti Endpoint Manager (EPM) Pre-Auth RCE CVE-2024-29847
The V8 Heap Sandbox
The Way to Android Root - Exploiting Your GPU on Smartphone
The Windows Registry Adventure
The Windows Registry Adventure 3 - Learning resources
TIKTAG - Breaking ARM’s Memory Tagging Extension with Speculative Execution
Tony Hawk's Pro Strcpy
Trail Of Bits Handbook - Fuzzing
Trail of Bits Testing Handbook
UAF in PowerVR
UEFI is the new BIOS
Unauthenticated Command Execution on Tp-Link AC1350
Unburdened By What Has Been - Exploiting New Attack Surfaces in Radio Layer 2 for Baseband RCE on Samsung Exynos
Understanding AddressSanitizer - Better memory safety for your code
Underutilized Fuzzing Strategies for Modern Software Testing
Universal Code Execution by Chaining Messages in Browser Extensions
Vanguard x VALORANT
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
VirtualBox Vuln Research Set-Up
Vulnerabilities found in VMWare by me
Vulnerabilities of Realtek SD card reader driver, part 1
Welcome To 2024 - The SSLVPN Chaos Continues
When Samsung meets MediaTek - the story of a small bug chain
Why Code Security Matters - Even in Hardened Environments
Windows AppLocker Driver LPE Vulnerability - CVE-2024-21338
Windows WiFi Driver RCE Vulnerability – CVE-2024-30078
Winning the AIxCC Qualification Round
You Can't Spell WebRTC without RCE - Part 1
You Can't Spell WebRTC without RCE - Part 2
You Can’t Spell WebRTC without RCE - Part 3
ZDI Discloses Lexmark Pwn2Own Bugs
ZDI-24-821 - A Remote UAF in The Kernel's net tipc
Zero-Click Calendar invite - Critical zero-click vulnerability chain in macOS
Home
❯
tags
❯
Tag: variant_analysis
Tag: variant_analysis
1 item with this tag.
Oct 23, 2024
Finding Vulnerability Variants at Scale
variant_analysis
codeQL
heap_overflow