•Instrumenting Windows APIs with Frida
https://www.ired.team/miscellaneous-reversing-forensics/windows-kernel-internals/instrumenting-windows-apis-with-frida通過Frida來對Windows API進行插樁CTF相關•HackTM CTF 2020 Qualifiers Write-Up
https://0xkasper.com/articles/hacktm-ctf-2020-qualifiers-write-upHackTM CTF 2020 初賽writeupIOT漏洞相關•A Red Team Guide for a Hardware Penetration Test: Part 1
https://adam-toscher.medium.com/a-red-team-guide-for-a-hardware-penetration-test-part-1-2d14692da9a1紅隊硬體測試手冊第一部分漏洞利用相關•0day Exploit Root Cause Analyses
https://googleprojectzero.blogspot.com/p/rca.html可利用漏洞0day root cause分析瀏覽器漏洞相關•Google deploys Chrome mitigations against new NAT Slipstreaming attack
https://www.zdnet.com/index.php/article/google-deploys-new-chrome-mitigations-against-new-nat-slipstreaming-attack/chrome中開始部署防禦NAT Slipstreaming 攻擊的機制•Internet Explorer 0day 분석
https://enki.co.kr/blog/2021/02/04/ie_0day.htmlInternet Explorer 0day 分析•A Year in Review of 0-days Exploited In-The-Wild in 2020
https://googleprojectzero.blogspot.com/2021/02/deja-vu-lnerability.htmlp0團隊發布2020在野0day分析(瀏覽器相關)應用程式漏洞相關•Issue 2145: gpg: heap buffer overflow in libgcrypt
https://bugs.chromium.org/p/project-zero/issues/detail?id=2145libgcrypt 堆溢出漏洞•A tale of EDR bypass methods
https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/繞過EDR檢測方法研究•fairplay_iokit_uc_run_versioned.c
https://gist.github.com/pwn0rz/e34ab9f6e46956621a9d4f98cf222320CVE-2021-1791 Fairplay OOB Read POC•容器與雲的碰撞——一次對MinIO的測試
https://www.leavesongs.com/PENETRATION/the-collision-of-containers-and-the-cloud-pentesting-a-MinIO.htmlMinIO CVE-2021-21287 漏洞分析•CVE-2021-25646 POC
https://gist.github.com/FanqXu/36c5e0070fd8e0b6646993b4e386a6b1#file-cve-2021-25646-pocCVE-2021-25646 Apache Druid RCE POC•Applying Offensive Reverse Engineering to Facebook Gameroom
https://spaceraccoon.dev/applying-offensive-reverse-engineering-to-facebook-gameroom對Facebook Gameroom進行逆向分析作業系統漏洞相關•CVE-2021-3156
https://github.com/lockedbyte/CVE-Exploits/tree/master/CVE-2021-3156https://github.com/r4j0x00/exploits/tree/master/CVE-2021-3156https://haxx.in/CVE-2021-3156_nss_poc_ubuntu.tar.gzCVE-2021-3156 poc•Sudo Exploit Writeup
https://www.kalmarunionen.dk/writeups/sudo/CVE-2021-3156 writeup•Galaxy's Meltdown - Exploiting SVE-2020-18610
https://github.com/vngkv123/articles/blob/main/Galaxy's%20Meltdown%20-%20Exploiting%20SVE-2020-18610.mdGalaxy's Meltdown SVE-2020-18610漏洞分析writeup•Apple Open Source
https://opensource.apple.com/蘋果開源公布代碼的網站•xnu-7195.81.3 代碼公開
https://opensource.apple.com/tarballs/xnu/xnu-7195.81.3.tar.gz•About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
https://support.apple.com/en-us/HT212147macOS Big Sur 11.2 漏洞更新公告•Notes on the new XNU source release
https://threedots.ovh/blog/2021/02/notes-on-the-new-xnu-source-release/XNU source 源碼分析工具相關•XSSTRON
https://github.com/RenwaX23/XSSTRONxss漏洞檢測工具其它•Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/SolarWinds供應鏈事件最新研究利用Serv-U FTP等漏洞進行利用•Vulnerability Reward Program: 2020 Year in Review
https://security.googleblog.com/2021/02/vulnerability-reward-program-2020-year.html谷歌2020年漏洞獎勵回顧往期推薦
2021.1.25-1.31一周知識動態
【平凡路上】是一個致力於二進位漏洞分析與利用交流與分享的圈子,做純粹的技術分享,與大家共同進步。如果大家覺得公眾號不錯的話,幫忙推薦給身邊的朋友,你的分享是我們的動力。同時歡迎掃描下方二維碼加入【平凡路上】知識星球,在星球裡面與各位師傅分享自己的經驗與心得以及提出自己的疑問,與大家共同進步。