기술 문서 자료 (2021.03 - 1주)

[Exploitation]

⦿ Anatomy of an Exploit: RCE with CVE-2020-1350 SIGRed - Valentina Palmiotti

https://www.graplsecurity.com/post/anatomy-of-an-exploit-rce-with-cve-2020-1350-sigred

 

⦿ Linux Kernel Exploitation Technique by overwriting modprobe_path - Midas

https://lkmidas.github.io/posts/20210223-linux-kernel-pwn-modprobe/

 

⦿ Microsoft DirectWrite heap-based buffer overflow in fsg_ExecuteGlyph while processing variable TTF fonts - Mateusz Jurczyk

https://bugs.chromium.org/p/project-zero/issues/detail?id=2123

 

⦿ Qualcomm IPQ40xx: Analysis of Critical QSEE Vulnerabilities - raelize

https://raelize.com/blog/qualcomm-ipq40xx-analysis-of-critical-qsee-vulnerabilities/

 

⦿ The curious case of CVE-2020-14381 - FrizN

https://blog.frizn.fr/linux-kernel/cve-2020-14381

 

⦿ Tianfu Cup Chrome full chain - Ade Taylor

https://bugs.chromium.org/p/chromium/issues/detail?id=1146670

 

⦿ Yet another RenderFrameHostImpl UAF - Lucas P

https://microsoftedge.github.io/edgevr/posts/yet-another-uaf/

 

 

[Web]

⦿ An Exploration of JSON Interoperability Vulnerabilities - Jake Miller

https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities

 

⦿ How I Might Have Hacked Any Microsoft Account - Laxman Muthiyah

https://thezerohack.com/how-i-might-have-hacked-any-microsoft-account

 

⦿ Top 10 web hacking techniques of 2020 - James Kettle

https://portswigger.net/research/top-10-web-hacking-techniques-of-2020

 

 

[Network]

 

 

[Cyber Operation, Malware]

⦿ APT 공격 보고서 및 샘플 - vx underground

https://vx-underground.org/apts.html

 

⦿ China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions - Recorded Future

https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf

 

⦿ Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight - TONY LAMBERT

https://redcanary.com/blog/clipping-silver-sparrows-wings/

 

⦿ Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities - Josh Grunzweig, Matthew Meltzer

https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/

 

⦿ Sandbox detection and evasion techniques. How malware has evolved over the last 10 years - Positive Technologies

https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques

 

⦿ The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day - Eyal Itkin & Itay Cohen

https://research.checkpoint.com/2021/the-story-of-jian/

 

⦿ Writing a Custom Bootloader - ired.team

https://www.ired.team/miscellaneous-reversing-forensics/windows-kernel-internals/writing-a-custom-bootloade

 

 

[리버싱, 펜테스팅, 분석]

 

[CTF, Wargame]

 

[기타]

 

[툴]