[Exploitation]
⦿ Playing in the (Windows) Sandbox - Alex Ilgayev
https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/
⦿ Bug discovery diaries: Abusing VoIPmonitor for Remote Code Execution - Alfred Farrugia
https://www.rtcsec.com/post/2021/03/bug-discovery-diaries-abusing-voipmonitor-for-remote-code-execution/
⦿ Constraint-guided Directed Greybox Fuzzing - Gwangmu Lee & Woochul Shim
https://lifeasageek.github.io/papers/gwangmu-cafl.pdf
⦿ Exchange attack chain CVE-2021-26855&CVE-2021-27065 analysis - HuanGMz
https://paper.seebug.org/1501/
⦿ CVE-2021-1732: win32kfull xxxCreateWindowEx callback out-of-bounds - iamelli0t
https://iamelli0t.github.io/2021/03/25/CVE-2021-1732.html
⦿ macOS: Integer overflow in CoreGraphics leading to out-of-bounds write when rendering fonts - Ivan Fatric
https://bugs.chromium.org/p/project-zero/issues/detail?id=2130
⦿ ProxyLogon vulnerability analysis - Mail Exchange RCE (Perfect combination CVE-2021–26855 + CVE-2021–27065) - Jang
https://testbnull.medium.com/ph%C3%A2n-t%C3%ADch-l%E1%BB%97-h%E1%BB%95ng-proxylogon-mail-exchange-rce-s%E1%BB%B1-k%E1%BA%BFt-h%E1%BB%A3p-ho%C3%A0n-h%E1%BA%A3o-cve-2021-26855-37f4b6e06265
⦿ One day short of a full chain: Part 1 - Android Kernel arbitrary code execution - Man Yue Mo
https://securitylab.github.com/research/one_day_short_of_a_fullchain_android
⦿ One day short of a full chain: Part 2 - Chrome sandbox escape - Man Yue Mo
https://securitylab.github.com/research/one_day_short_of_a_fullchain_sbx
⦿ Alternative Code Execution - S4R1N
https://github.com/S4R1N/AlternativeShellcodeExec
⦿ Using Syscalls to Inject Shellcode on Windows - solomonsklash
https://www.solomonsklash.io/syscalls-for-shellcode-injection.html
⦿ Exploiting XPC in AntiVirus - Wojciech Regula & Csaba Fitzl
https://www.slideshare.net/CsabaFitzl/exploiting-xpc-in-antivirus
⦿ EXPRACE: Exploiting Kernel Races through Raising Interrupts - Yoochan Lee & Chanwoo Min
https://lifeasageek.github.io/papers/yoochan-exprace.pdf
[Web]
[Network]
[Cyber Operation, Malware]
⦿ New Mirai Variant Targeting Network Security Devices - Vaibhav Singhal, Ruchna Nigam
https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities
[리버싱, 펜테스팅, 분석]
⦿ Detecting Manual Syscalls from User Mode - jack-ullrich
https://winternl.com/detecting-manual-syscalls-from-user-mode/
⦿ How to extract Python source code from Py2App packed Mach-O Binaries - taha karim
https://lordx64.medium.com/how-to-extract-python-source-code-from-py2app-packed-mach-o-binaries-4da244e54c88
[CTF, Wargame]
[기타]
[툴]
