Giter VIP home page Giter VIP logo

articles's Introduction

articles

个人博客。

本职工作从事恶意代码分析,时间有限,记录业余兴趣研究

Found Bugs

Open Source

heap-based out-of-bounds read when parsing otf file with undefined FontName in svg option (afdko)
heap-based out-of-bounds read when parsing otf file with undefined glyph name in svg option (afdko)
exiv2 parse url crash (exiv2)
pdf2jp2 use NULL pointer cause crash (openjpeg)
svg-native-viewer heap-buffer-overflow on SVGNative::SVGStringParser::SkipOptWsp
svg-native-viewer NULL pointer dereference in SVGDocumentImpl::TraverseSVGTree
svg-native-viewer Infinite loop in CreatePath
svg-native-viewer NULL pointer dereference in SVGNative::SVGDocument::Render
svg-native-viewer NULL pointer dereference in SVGDocument::Render(const ColorMap& colorMap) function
When parsing malformed pcap file, tcpflow crash with abort
When parsing malformed pcap file, tcpflow abort in frame_too_short
libwab heap-based out-of-bound read in write_ldif
libwab heap-based out-of-bound read in output_subrecord
shadowsocksr-native混淆验证auth.c存在基于堆的越界写漏洞

Close Source

Microsoft Font Subsetting DLL heap-based out-of-bounds read in CreateFontPackage(in fontsub!GetGlyphIdx)
Microsoft Font Subsetting DLL Stack Exhaustion at fontsub!GetComponentGlyphList
Microsoft Font Subsetting DLL heap-based out-of-bounds read in CreateFontPackage(CVE-2019-1468)
Microsoft Windows CVE-2019-1468
Microsoft Windows CVE-2020-0607
Microsoft Windows CVE-2020-0744
Microsoft Windows CVE-2020-0821
Microsoft Windows CVE-2020-0879
Microsoft Windows CVE-2020-1007
Microsoft Windows CVE-2020-1351
Windows 10帮助文件chm格式漏洞挖掘

二进制

漏洞分析

tcpdump 4.5.1 crash 深入分析
CoolPlayer bypass DEP(CVE-2008-3408)分析
IE11 CVE-2017-0037 Type Confusion分析
Code Blocks 17.12 Local Buffer Overflow分析
openssl 1.1.0a UAF(CVE-2016-6309)分析
Adobe Reader CVE-2010-2883分析
openssl CVE-2016-0799分析
CVE-2018-1270 RCE分析(web/java)
Linux off by one漏洞(基于栈)    
Stackoverflow + SEH的利用    
DWORD SHOOT + SEH的利用(基于堆)
Windows Heap Overflow(win2000)
FREE WMA MP3 CONVERTER 1.8缓冲区溢出漏洞复现
CrashesAnalysis_1 (afdko)
CrashesAnalysis_2 (afdko)

fuzz

opessl fuzzing测试学习过程
基于protobuf构建fuzzer(libpng)
fuzz CVE-2019-1117
fuzz CVE-2019-1118
fuzz CVE-2019-1127
cpython历史漏洞分析及其fuzzer编写
一个简单的多进程且易于使用的传统fuzzer

crackme

一道有趣的crackme
看雪腾讯ctf第二题
看雪腾讯ctf第三题
看雪腾讯ctf第五题(待完善)
Crackme160-003

MISC

IoDeleteSymbolicLink遇到的问题
DynELF leak函数导致堆栈不平衡
Linux x64 pwn 学习
记录一次恶心混淆之静态配置解密的处理
逆向初期简单随笔
逆向中的base64加解密
windbg 使用
ollyscript 大量实例及其说明文档
pwn初探
ASLR+NX绕过
Linux网络编程模型

网络安全

nodejs 反序列化
SSRF漏洞研究
XXE 漏洞研究
sopypy xxe问题思考

开发

渗透测试系统penework的设计及实现
总体文章

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.