Repository for a lecture I gave at various conferences between 2018 and 2019. 👨🏫
- 🇵🇱 Boiling Frogs Wrocław 2019 ➡️ https://www.youtube.com/watch?v=g0PdMFI1WTk
- 🇵🇱 4Developers Wrocław 2018 ➡️ https://www.youtube.com/watch?v=3U1iA_4E_-U
Due to time constraints imposed by the conferences, I was never able to cover all the material in the way I wanted.
In 2019 I started a podcast 🎤 Cyberiada and I was finally able to talk about Zero Trust Theorem as much as I felt is needed.
- 🇵🇱 Part 1 covering web applications, external modules, interpreters, and compilers
- 🇵🇱 Part 2 covering operating systems, hypervisors, and hardware
- 🇵🇱 Part 3 in WIP stage - Q&A
Below you can find references to all research presented within the lecture. Enjoy! ✌️
- https://scarybeastsecurity.blogspot.co.uk/2017/05/proving-missing-aslr-on-dropboxcom-and.html
- https://scarybeastsecurity.blogspot.co.uk/2017/05/0day-proving-boxcom-fixed-aslr-via.html
- https://scarybeastsecurity.blogspot.co.uk/2017/05/bleed-more-powerful-dumping-yahoo.html
- https://scarybeastsecurity.blogspot.co.uk/2017/05/bleed-continues-18-byte-file-14k-bounty.html
- https://hackerone.com/reports/212696
- https://github.com/neex/gifoeb
- https://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html
- https://blog.sigsegv.pl/external-third-party-resources-and-your-web-application/
- https://onedrive.live.com/view.aspx?resid=2664E65DD698885E!120&ithint=file%2cpptx&app=PowerPoint&authkey=!AK39RoVxiJ5re8Y
- https://medium.com/@ilja.bv/yet-another-memory-leak-in-imagemagick-or-how-to-exploit-cve-2018-16323-a60f048a1e12
- https://en.wikipedia.org/wiki/Principle_of_least_privilege
- https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/
- https://www.evonide.com/fuzzing-unserialize/
- https://sean.heelan.io/2017/08/12/fuzzing-phps-unserialize-function/
- https://externals.io/message/100147
- https://bugs.php.net/bug.php?id=75006
- http://mruby.sh/201703261726.html
- https://www.blackhat.com/docs/eu-17/materials/eu-17-Arnaboldi-Exposing-Hidden-Exploitable-Behaviors-In-Programming-Languages-Using-Differential-Fuzzing-wp.pdf
- https://github.com/dyjakan/interpreter-bugs
- https://github.com/rust-fuzz
- https://hackernoon.com/python-sandbox-escape-via-a-memory-corruption-bug-19dde4d5fea5
- https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
- https://twitter.com/j00ru/status/985894472478265344
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1500
- https://dirtycow.ninja/
- http://seclists.org/fulldisclosure/2010/Jan/341
- https://www.cisecurity.org/cis-benchmarks/
- https://grsecurity.net/
- http://www.openwall.com/lkrg/
- https://support.microsoft.com/en-us/help/2458544/the-enhanced-mitigation-experience-toolkit
- https://docs.microsoft.com/en-us/powershell/module/processmitigations/?view=win10-ps
- https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard
- https://blog.xenproject.org/2012/06/13/the-intel-sysret-privilege-escalation/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897
- http://everdox.net/popss.pdf
- https://en.wikipedia.org/wiki/Virtual_machine_escape
- https://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-PAPER.pdf
- https://vimeo.com/6595148
- https://blogs.vmware.com/security/2017/03/security-landscape-pwn2own-2017.html
- https://www.blackhat.com/docs/eu-17/materials/eu-17-Mandal-The-Great-Escapes-Of-Vmware-A-Retrospective-Case-Study-Of-Vmware-G2H-Escape-Vulnerabilities.pdf
- https://keenlab.tencent.com/en/2018/04/23/A-bunch-of-Red-Pills-VMware-Escapes/
- http://scholar.harvard.edu/files/mickens/files/theslowwinter.pdf
- https://wiki.osdev.org/CPU_Bugs
- https://danluu.com/cpu-bugs/
- https://lists.debian.org/debian-security/2016/03/msg00084.html
- https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/
- https://meltdownattack.com/
- https://www.blackhat.com/docs/us-17/thursday/us-17-Domas-Breaking-The-x86-Instruction-Set-wp.pdf
- https://github.com/xoreaxeaxeax/sandsifter
- https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
- https://blog.rapid7.com/2017/11/21/intel-sa-00086-security-bulletin-for-intel-management-engine-me-and-advanced-management-technology-amt-vulnerabilities-what-you-need-to-know/
- https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf
- https://en.wikipedia.org/wiki/Row_hammer
- https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
- https://www.vusec.net/projects/flip-feng-shui/
- https://www.vusec.net/projects/glitch/
- https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf
- https://arxiv.org/abs/1805.04956