一些还不错的Slides和Blogs记录
- V8-blog
- Bucket Effect on JS Engine: Exploiting Chrome Browser through WASM Flaws
- 玄武实验室的佬关于浏览器安全的研究
- JIT Spray
- Attacking Client-Side JIT Compilers
- Samuel Groß大佬在2018年Black Hat USA的议题
- (Guided-)fuzzing for JavaScript engines 2019年
- The hunt for Chromium issue 1072171 2020年
- Fuzzing JavaScript Engines with Fuzzilli 2020年
- 论文:FuzzIL: Coverage Guided Fuzzing for JavaScript Engines 2018年
- How Fuzzilli Works
- Caught in the wild, past, present and future by Clem1
- Google TAG 分享抓野外 0day 的方法和故事
- What the hell is Windows's CLIP Service by Philippe Laulheret\
- 逆向 Client License Platform,包括微软用到的代码混淆 “Warbird” 的分析
- 0-click RCE on Tesla Model 3 through TPMS Sensors by David Berard & Thomas Imbert
- Pwn2Own 黑掉特斯拉 Model 3 的项目揭秘
- Compromising the Host Kernel from the VMware Guest by Junoh Lee & Gwangun Jung
- VMWare 虚拟机逃逸,并串联另一个 Windows 漏洞获取宿主机内核权限
- DMAKiller: DMA to Escape from QEMU/KVM by Yongkang Jia, Yiming Tao & Xiao Lei
- 关于逃逸 QEMU 虚拟机的研究。国内的议题,作者们来自@ZJU。值得一提的是他们在24年 GeekCon 新加坡站演示了相关的挑战项目
- Exploiting File Writes in Hardened Environments by Stefan Schiller
- 在文件系统几乎完全只读的环境上,将 nodejs 任意文件上传漏洞转化为控制流劫持漏洞和 ROP 利用。
- Defense through Offense by Andrew Calvano, Octavian Guzu & Ryan Hall
- Facebook 内部安全团队对 Messenger 的蓝军测试,并公开一个已修复的 1-click 远程代码执行细节
- Tales of a RCE in a video game by Thomas Dubier
- Systemization of Knowledge,总结各种游戏 hacking 的手法
- A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities
- Mickey 大佬关于 macOS App 沙箱的研究