| 1 |
MacOS and iOS Internals, Volume III: Security & Insecurity |
http:// newosxbook.com /files/moxii3 /AppendixA.pdf |
rodster@ccav10.cn(727542262) everettjf@live.com(276751551) |
|
| 2 |
Analysis and exploitation of Pegasus kernel vulnerabilities (CVE-2016-4655 / CVE-2016-4656) |
http://jndok.github.io/2016/10/04/pegasus-writeup/ |
rodster@ccav10.cn(727542262) |
|
| 3 |
海马iOS应用商店助手各种恶意行为的研究 Helper for Haima iOS App Store Adds More Malicious Behavior |
http://blog.trendmicro.com/trendlabs-security-intelligence/helper-haima-malicious-behavior/ |
rodster@ccav10.cn(727542262) |
|
| 4 |
未越狱状态下的iOS插桩:iOS instrumentation without jailbreak |
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/october/ios-instrumentation-without-jailbreak/ |
rodster@ccav10.cn(727542262) |
|
| 5 |
iOS软件在运行时究竟做了什么:Introspy-iOS |
https://github.com/integrity-sa/Introspy-iOS |
try_fly:247498009 |
|
| 6 |
当我们在移动文件时,发生了什么?MacOS File Movements |
https://forensic4cast.com/2016/10/macos-file-movements/ |
舜生Ree:2035153354 |
|
| 7 |
macOS Chrome密码破解 Decrypting Google Chrome Passwords on macOS / OS X |
http://bufferovernoah.com/2016/10/17/chrome/ |
free:249099804 |
|
| 8 |
CVE-2016-6187: Exploiting Linux kernel heap off-by-one by Vitaly Nikolenko |
https://cyseclabs.com/blog/cve-2016-6187-heap-off-by-one-exploit |
rodster@ccav10.cn(727542262) |
|
| 9 |
LINUX SRP OVERWRITE AND ROP |
http://buffered.io/posts/linux-srp-overwrite-and-rop/ |
布兜儿:527626504 |
|
| 10 |
基于python的开源LLDB前端GUI Voltron简介 |
https://github.com/snare/voltron |
拟人:75345771 |
|
| 11 |
基于 Frida 框架的 Objective-C 插桩方法 Objective-C Instrumentation with Frida |
https://rotlogix.com/2016/03/20/objective-c-instrumentation-with-frida/ |
lockdown:527850864 |
|
| 12 |
FRIDA框架简介:Welcome introduction、quickstart guide、installation、basic usage |
http://www.frida.re/docs/home/ |
lockdown:527850864 |
|
| 13 |
FRIDA框架简介:Modes ofoperation、Functions、Messages、iOS、Android |
http://www.frida.re/docs/home/ |
lockdown:527850864 |
|
| 14 |
FRIDA框架推出8.1 released |
http://www.frida.re/news/2016/10/25/frida-8-1-released/ |
lockdown:527850864 |
|
| 15 |
OS X蓝牙IO系统UAF漏洞分析 OS X kernel use-after-free in IOBluetoothFamily.kext |
https://bugs.chromium.org/p/project-zero/issues/detail?id=830 附上Exploit:https://www.exploit-db.com/exploits/40652/ |
布兜儿:527626504 |
|
| 16 |
OS X/iOS磁盘镜像子系统UAF漏洞分析 OS X/iOS kernel use-after-free in IOHDIXController |
https://bugs.chromium.org/p/project-zero/issues/detail?id=832 |
布兜儿:527626504 |
|
| 17 |
OS X内核存储UAF漏洞分析 OS X kernel use-after-free in CoreStorage |
https://bugs.chromium.org/p/project-zero/issues/detail?id=833 |
布兜儿:527626504 |
|
| 18 |
OS X内核雷电IO系统UAF漏洞 OS X kernel use-after-free in IOThunderboltFamily |
https://bugs.chromium.org/p/project-zero/issues/detail?id=834 |
布兜儿:527626504 |
|
| 19 |
OS X/iOS图像共享IO的UAF漏洞分析 OS X/iOS kernel use-after-free in IOSurface |
https://bugs.chromium.org/p/project-zero/issues/detail?id=831 |
布兜儿:527626504 |
|
| 20 |
task_t指针重大风险预报 task_t considered harmful |
https://googleprojectzero.blogspot.kr/2016/10/taskt-considered-harmful.html |
看雪翻译小组 |
|
| 21 |
task_t指针重大风险预报——PoC task_t considered harmful - many XNU EoPs |
https://bugs.chromium.org/p/project-zero/issues/detail?id=837 |
看雪翻译小组 |
|
| 22 |
IOKit被动Fuzz框架 PassiveFuzzFrameworkOSX |
https://github.com/SilverMoonSecurity/PassiveFuzzFrameworkOSX |
看雪翻译小组 |
|
| 23 |
launchd中虚拟磁盘挂载尺寸分配问题导致UAF Controlled vm_deallocate size can lead to UaF in launchd |
https://bugs.chromium.org/p/project-zero/issues/detail?id=896 |
看雪翻译小组 |
|
| 24 |
launchd中消息队列逻辑问题导致内核message控制 Logic issue in launchd message requeuing allows arbitrary mach message control |
https://bugs.chromium.org/p/project-zero/issues/detail?id=893 |
看雪翻译小组 |
|
| 25 |
OSX/iOS中的内存端口注册中的内存安全问题 OS X/iOS multiple memory safety issues in mach_ports_register |
https://bugs.chromium.org/p/project-zero/issues/detail?id=882 |
看雪翻译小组 |
|
| 26 |
趋势科技研究员今年 7 月份在 HITCON 2016 会议的演讲《(P)FACE Into the Apple Core and Exploit to Root》 |
http://hitcon.org/2016/CMT/slide/day1-r2-c-1.pdf |
看雪翻译小组 |
|
| 27 |
通过 OS X 的邮件规则实现持久控制 Using email for persistence on OS X |
https://www.n00py.io/2016/10/using-email-for-persistence-on-os-x/ |
布兜 |
|
| 28 |
通过 IO Kit 驱动走进 Ring-0︰Strolling into Ring-0 via IO Kit Drivers |
https://ruxcon.org.au/assets/2016/slides/RuxCon_Wardle.pdf |
|
18 |
| 29 |
Nginx 搭建同时启用多个工具的 HTTP 代理环境,支持多个用户 |
https://www.swordshield.com/2016/10/multi-tool-multi-user-http-proxy/ |
|
5 |
| 30 |
提高iOS的健壮性及抗Fuzz技术 |
https://ruxcon.org.au/assets/2016/slides/Make_iOS_App_more_Robust_and_Security_through_Fuzzing-1476442078.pdf |
|
9 |
| 31 |
iOS的WebView自动拨号的bug iOS WebView auto dialer bug |
https://www.mulliner.org/blog/blosxom.cgi/security/ios_webview_auto_dialer.html |
赤 |
|
| 32 |
iOS.GuiInject广告木马库分析 Analysis of iOS.GuiInject Adware Library |
https://sentinelone.com/blogs/analysis-ios-guiinject-adware-library/ |
|
4 |
| 33 |
iOS软件安全全局方法论 iOS Application Security Review Methodology |
http://research.aurainfosec.io/ios-application-security-review-methodology/ |
|
6 |
| 34 |
解码苹果上所有的Tokens decrypts/extracts all authorization tokens on macOS / OS X / OSX |
https://github.com/manwhoami/MMeTokenDecrypt |
|
|
| 35 |
Lookout发布的iOS三叉戟漏洞的详细技术分析 Technical Analysis of the Pegasus Exploits on iOS |
https://info.lookout.com/rs/051-ESQ-475/images/pegasus-exploits-technical-details.pdf |
|
|
| 36 |
攻击safari的JS引擎CVE-2016-4622详细分析 |
http://phrack.org/papers/attacking_javascript_engines.html |
|
|
| 37 |
Mac平台上的广告蠕虫一览 |
https://blog.malwarebytes.com/threat-analysis/social-engineering-threat-analysis/2016/11/an-overview-of-malvertising-on-the-mac/ |
|
|
| 38 |
Mac 用户想防止被查水表? |
https://github.com/drduh/macOS-Security-and-Privacy-Guide |
|
|
| 39 |
Mac 上恶意软件的总览 |
https://blog.malwarebytes.com/threat-analysis/social-engineering-threat-analysis/2016/11/an-overview-of-malvertising-on-the-mac/ |
|
|
| 40 |
阻止 iCloud 日历上的垃圾邮件邀请 |
http://t.cn/RfjMbGy https://t.co/qOHXUYS6J3 https://t.co/PYGq7gNT4V |
|
|
| 41 |
绕过苹果系统的完整性保护 Bypassing Apple's System Integrity Protection |
https://objective-see.com/blog/blog_0x14.html |
|
|
| 42 |
在二进制代码中通过静态分析的方法检测 UAF 漏洞 |
https://t.co/ulcgwGkRI7 |
|
|
| 43 |
趋势科技的一篇 Blog,谈利用 Dirty Cow 漏洞攻击 Android |
http://blog.trendmicro.com/trendlabs-security-intelligence/new-flavor-dirty-cow-attack-discovered-patched/ |
|
|
| 44 |
以福昕阅读器为例实现高性能Fuzz Applied high-speed in-process fuzzing: the case of Foxit Reader |
https://t.co/6MwdamAHJ4 |
|
|
| 45 |
Nginx本地提权漏洞详细报告[ OpenSourceProject ] (CVE-2016-1247)Nginx Local Privilege Escalation Vulnerability Technical Analysis and Solution |
http://blog.nsfocus.net/nginx-local-privilege-escalation-vulnerability-technical-analysis-solution/ |
|
|
| 46 |
[Attack]机器的崛起︰ Dyn 攻击只是实践 (Mirai 也只是冰山一角)Rise of the Machines: The Dyn Attack Was Just a Practice Run (Mirai 'is just the tip of the iceberg')(1-15) |
http://t.cn/RI7q4v5 https://t.co/hnrKWDr8if |
|
|
| 47 |
[Attack]机器的崛起︰ Dyn 攻击只是实践 (Mirai 也只是冰山一角)Rise of the Machines: The Dyn Attack Was Just a Practice Run (Mirai 'is just the tip of the iceberg')(16-30) |
http://t.cn/RI7q4v5 https://t.co/hnrKWDr8if |
|
|
| 48 |
[Attack]机器的崛起︰ Dyn 攻击只是实践 (Mirai 也只是冰山一角)Rise of the Machines: The Dyn Attack Was Just a Practice Run (Mirai 'is just the tip of the iceberg')(31-45) |
http://t.cn/RI7q4v5 https://t.co/hnrKWDr8if |
|
|
| 49 |
[Attack]机器的崛起︰ Dyn 攻击只是实践 (Mirai 也只是冰山一角)Rise of the Machines: The Dyn Attack Was Just a Practice Run (Mirai 'is just the tip of the iceberg')(46-62) |
http://t.cn/RI7q4v5 https://t.co/hnrKWDr8if |
|
|
| 50 |
macOS 10.12.2本地提权以及XNU port堆风水by蒸米大神:【https://jaq.alibaba.com/community/art/show?articleid=781 提权的exp源码也可以在我的github下载到:【https://github.com/zhengmin1989/macOS-10.12.2-Exp-via-mach_voucher】 |
https://jaq.alibaba.com/community/art/show?articleid=781 |
|
|
| 51 |
逆向三星s6 sboot part 01 |
http://blog.quarkslab.com/reverse-engineering-samsung-s6-sboot-part-i.html |
|
|
| 52 |
10.2.1上重打包iOS应用的方法 |
http://www.vantagepoint.sg/blog/85-patching-and-re-signing-ios-apps |
|
|
| 53 |
iOS 10.3.1 Wifi芯片漏洞详解——by Project Zero Beniamini |
https://googleprojectzero.blogspot.jp/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html |
|
|
| 54 |
PayBreak - 针对加密型勒索软件的防御机制(paper) |
http://www0.cs.ucl.ac.uk/staff/G.Stringhini/papers/ransomware-ASIACCS2017.pdf |
|
|
| 55 |
针对 Dorkbot Botnet 新变种的分析 part 1 |
https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-fresh-variant-dorkbot-botnet/?utm_source=twitter&utm_campaign=Labs#sf66376233 |
|
|
| 56 |
针对 Dorkbot Botnet 新变种的分析 part 2 |
https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-fresh-variant-dorkbot-botnet/?utm_source=twitter&utm_campaign=Labs#sf66376233 |
|
|
| 57 |
ian beer 亲自讲解iOS 10越狱用的mach portal的教程 上 |
https://github.com/zhengmin1989/GreatiOSJailbreakMaterial/blob/master/iOS10_Mach_Portal.pdf |
|
|
| 58 |
ian beer 亲自讲解iOS 10越狱用的mach portal的教程 中 |
https://github.com/zhengmin1989/GreatiOSJailbreakMaterial/blob/master/iOS10_Mach_Portal.pdf |
|
|
| 59 |
ian beer 亲自讲解iOS 10越狱用的mach portal的教程 下 |
https://github.com/zhengmin1989/GreatiOSJailbreakMaterial/blob/master/iOS10_Mach_Portal.pdf |
|
|
| 60 |
iOS 9 开始引入的内核完整性保护(KPP)功能是如何实现的 |
https://xerub.github.io/ios/kpp/2017/04/13/tick-tock.html |
|
|
| 61 |
支持macOS!-"leviathan - 大型安全审计工具包,支持大范围的服务探测、暴力破解、SQL注入检测以及运行自定义漏洞利用模块 |
https://github.com/leviathan-framework/leviathan |
|
|
| 62 |
用于生成密码表的单词库,大约有 24GB,字库在手,天下我有! |
https://github.com/berzerk0/Probable-Wordlists |
|
|
| 63 |
[奇思妙想]有ID锁又如何,照样听音乐看视频,还能刷微博! |
https://pangujailbreak.com/bypass-icloud-free/ |
|
|
| 64 |
FlexiSpy 泄露的安卓间谍应用源码分析 第一部分 |
http://www.cybermerchantsofdeath.com/blog/2017/04/23/FlexiSpy.html |
|
|
| 65 |
FlexiSpy 泄露的安卓间谍应用源码分析 第二部分 |
http://www.cybermerchantsofdeath.com/blog/2017/04/23/FlexiSpy-pt2.html |
|
|
| 66 |
一个函数,两个bug part.1 |
https://www.synack.com/2017/03/27/two-bugs-one-func/ |
|
|
| 67 |
一个函数,两个bug(含poc) part.2 |
https://www.synack.com/2017/04/07/two-bugs-one-func-p2/ POC地址: https://pastebin.com/87fHLMQq |
|
|
| 68 |
APFS苹果文件系统逆向初探 |
https://blog.cugu.eu/post/apfs/ |
|
|
| 69 |
Safari Browser Array.concat 方法中越界的内存拷贝可导致内存破坏(CVE-2017-2464 |
https://bugs.chromium.org/p/project-zero/issues/detail?id=1095 |
|
|
| 70 |
在 HITB AMS 2017 会议上,独立安全研究员 malerisch 分享了他是如何在趋势科技产品中挖掘到 200 个 CVE 的 |
http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html |
|
|
| 71 |
昨天他又写了一篇 Blog 介绍了一个新发现的趋势科技 TDA 产品 Session 生成认证机制绕过的漏洞 |
http://conference.hitb.org/hitbsecconf2017ams/materials/D1T1 - Steven Seeley and Roberto Suggi Liverani - I Got 99 Trends and a # Is All Of Them.pdf" |
|
|
| 72 |
ZeroNights'2016会议首发的现代化C/C++ Fuzzer:从入门到精通(上) |
https://github.com/google/fuzzer-test-suite/blob/master/tutorial/libFuzzerTutorial.md (截取前半部分) |
|
|
| 73 |
ZeroNights'2016会议首发的现代化C/C++ Fuzzer:从入门到精通(下) |
https://github.com/google/fuzzer-test-suite/blob/master/tutorial/libFuzzerTutorial.md (截取后半部分) |
|
|
| 74 |
售价10美元的树莓派Zero W介绍以及安装Kali上手体验 |
https://null-byte.wonderhowto.com/how-to/set-up-kali-linux-new-10-raspberry-pi-zero-w-0176819/?utm_source=dlvr.it&utm_medium=twitter |
|
|
| 75 |
安卓下的对Frida的检测方法(问:如何移植到iOS) |
http://www.vantagepoint.sg/blog/90-the-jiu-jitsu-of-detecting-frida |
|
|
| 76 |
Pwn2Own 2017 Samuel Groß 攻击 Safari 所使用的 WebKit JSC::CachedCall UAF 漏洞的分析(CVE-2017-2491)(第一篇) |
https://phoenhex.re/2017-05-04/pwn2own17-cachedcall-uaf |
|
|
| 77 |
Fox-IT 的研究员发现 Snake 恶意软件框架首次出现了攻击 MacOS 操作系统的版本 |
https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/ Github: https://github.com/Neo23x0/signature-base/blob/master/yara/apt_snaketurla_osx.yar |
|
|
| 78 |
Mobile Pwn2Own 2012 -WebKit Array.sort() UAF 漏洞的分析和利用(CVE-2012-3748)(一) |
https://scarybeastsecurity.blogspot.jp/2017/05/ode-to-use-after-free-one-vulnerable.html |
|
|
| 79 |
Mobile Pwn2Own 2012 -WebKit Array.sort() UAF 漏洞的分析和利用(CVE-2012-3748)(二) |
https://scarybeastsecurity.blogspot.jp/2017/05/ode-to-use-after-free-one-vulnerable.html |
|
|
| 80 |
Mobile Pwn2Own 2012 -WebKit Array.sort() UAF 漏洞的分析和利用(CVE-2012-3748)(三) |
https://scarybeastsecurity.blogspot.jp/2017/05/ode-to-use-after-free-one-vulnerable.html |
|
|
| 81 |
用fuzzing来高速挖洞_High_Speed_Bug_Discovery_with_Fuzzing |
|
|
|
| 82 |
无痛入门Linux用户态堆和堆风水 |
https://sensepost.com/blog/2017/painless-intro-to-the-linux-userland-heap-and-heap-fengshui/ |
|
|
| 83 |
Flanker:CVE-2017–2448, 绕过OTR签名校验iCloud钥匙串秘密窃取 |
https://medium.com/@longtermsec/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605 |
|
|
| 84 |
Fuzz 工具 OSS-Fuzz 开源的 5 个月中,被用于测试了 47 个开源项目,发现了超过 1000 个 Bug(264 个潜在漏洞) |
https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html |
|
|
| 85 |
Project Zero 研究员 Felix 总结的 iOS APP 层面的常见漏洞案例 |
https://github.com/felixgr/secure-ios-app-dev |
|
|
| 86 |
CIA那个用NSUnarchiver过沙盒的0day被beer挖出来了,还随手挖了修了一堆 IPC 过沙盒的洞 |
https://bugs.chromium.org/p/project-zero/issues/detail?id=1168&can=1&q=owner%3Aianbeer%20modified-after%3A2017%2F5%2F22 |
|
|
| 87 |
近期几款色情 App 开始大量在 Android 和 iOS 平台上传播,他们甚至找到了上架 Apple App Store 的方式 |
http://blog.trendmicro.com/trendlabs-security-intelligence/pua-operation-spreads-thousands-explicit-apps-wild-legitimate-app-stores/ |
|
|
| 88 |
两款用来破解 MacOS Keychain 的工具: KeychainCracker,chainbreaker |
KeychainCracker: https://github.com/macmade/KeychainCracker chainbreaker: https://github.com/n0fate/chainbreaker |
|
|