Chen Qin hellok
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://www.codeproject.com/Articles/11643/Exploiting-MD5-collisions-in-C |
hellok
/ syscan2013.txt
Last active
December 17, 2015 01:48
awesome!
1.Bochspwn: Exploiting Kernel Race Conditions Found via Memory Access Patterns
2.fuzzing on arm
3.mxss
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://syscan.org/index.php/download/get/ddb4560bbc9413c5f10a65da68a49c8a/SyScan2013_DAY2_SPEAKER09_j00ru_Coldwind_Exploiting_Kernel_Race_Conditions_Found_via_Memory_Access_Patterns.zip | |
| http://syscan.org/index.php/download/get/58c49d4dc30f29bb144d5f48459c193d/SyScan2013_DAY2_SPEAKER11_Miaubiz_Coaching_A_Squad_of_Allwinners.zip | |
| http://syscan.org/index.php/download/get/05ed4f38660638e775f8e291bfc4e970/SyScan2013_DAY1_SPEAKER04_Mario_Heiderich_innerhtml_apocalypse.zip |
hellok
/ dongda_4-15.html
Created
April 16, 2013 11:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <script type="text/javascript" src="./deployJava.js"></script> | |
| <script type="text/javascript" src="./swfobject.js"></script> | |
| </head> | |
| <body></body> | |
| <script type="text/javascript"> | |
| function Get() { | |
| var Then = new Date() ; |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1796 | |
| https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=c300aa64ddf57d9c5d9c898a64b36877345dd4a9 | |
| KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://cansecwest.com/csw13archive.html | |
| article: | |
| 1.An Android Hacker's Journey | |
| //Ecosystem | |
| //Attack Surface:Like an ocean… | |
| //for book:Android Hacker’s Handbook | |
| 2.Reflecting on Reflection - Exploiting Reflection Vulnerabilities in Managed Languages | |
| //.net&&java exploit |
hellok
/ gist:5202679
Last active
December 15, 2015 04:38
#half-day bug#incredible excellent #SVM##cool#
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://immunityinc.com/downloads/infiltrate_miaubiz.pdf |
hellok
/ CVE-2013-1427
Last active
December 15, 2015 03:39
#Insecure Temporary File Creation Vulnerability# lighttpd CVE-2013-1427
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://cwe.mitre.org/data/definitions/377.html | |
| http://book.douban.com/subject/3030910/ | |
| http://book.douban.com/subject/1775982/ | |
| http://seclists.org/fulldisclosure/2013/Mar/153 | |
| lighttpd is prone to an insecure temporary-file-creation vulnerability. | |
| Local attackers may be able to perform symbolic-link attacks to overwrite arbitrary files in the context of the affected application. Other attacks may also be possible. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://blog.chromium.org/2013/03/pwnium-3-and-pwn2own-results.html | |
| https://sites.google.com/a/chromium.org/dev/Home/chromium-security | |
| use three bugs | |
| two: | |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0913 | |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0915 | |
| http://git.chromium.org/gitweb/?p=chromiumos/third_party/kernel.git;a=commit;h=c79efdf2b7f68f985922a8272d64269ecd490477 | |
| also: | |
| http://googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.html |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://stealth.openwall.net/xSports/clown-newuser.c | |
| http://www.openwall.com/lists/oss-security/2013/03/13/8 | |
| Seems like CLONE_NEWUSER|CLONE_FS might be a forbidden | |
| combination. | |
| During evaluating the new user namespace thingie, it turned out | |
| that its trivially exploitable to get a (real) uid 0, | |
| as demonstrated here: | |
| The trick is to setup a chroot in your CLONE_NEWUSER, | |
| but also affecting the parent, which is running |