3rdparty lists
- nccgroup/exploit_mitigations - Knowledge base of exploit mitigations available across numerous operating systems, architectures and applications and versions - 非常全面,各种操作系统、类库、软件的缓解措施都有
- HenryHoggard/awesome-arm-exploitation - A collection of awesome videos, articles, books and resources about ARM exploitation
- tunz/js-vuln-db - A collection of JavaScript engine CVEs with PoCs
- malicious0x01/Awesome-Vulnerability-Research - A curated list of the awesome resources about the Vulnerability Research
- Awesome Windows Exploitation Resources
- CHYbeta/Software-Security-Learning - 在学习二进制安全的过程中整合的一些资料
- SCUBSRGroup/Automatic-Exploit-Generation - 软件漏洞自动利用研究进展
- readthedocs: security vulnerabilities in Python and the versions including the fix
- cloudfuzz.github.io/android-kernel-exploitation - Android Kernel Exploitation by Ashfaq Ansari
- FULLSHADE/WindowsExploitationResources - Some random resources I have enjoyed for certain topics of Windows exploit development and semi-related topics
- Vulnserver Exploit vs Windows Defender Exploit Guard - defender几个防EXP的能力测试
- grsec: 10 Years of Linux Security
- rrbranco/grsecurity-pax-history - GrSecurity and PaX Patches Before End of Public Release
Debugger
- DynamoRIO/dynamorio - Dynamic Instrumentation Tool Platform
- DynamoRIO/drmemory - Memory Debugger for Windows, Linux, Mac, and Android
- googleprojectzero/DrSancov - DynamoRIO plugin to get ASAN and SanitizerCoverage compatible output for closed-source executables
Porting
MacOS
Linux
- david942j/one_gadget - The best tool for finding one gadget RCE in libc.so.6 - 1.4K star
- jollheef/out-of-tree - out-of-tree kernel {module, exploit} development tool - 基于QEMU
- PaoloMonti42/salt - SLUB ALlocator Tracer for the Linux kernel
- niklasb/libc-database - Build a database of libc offsets to simplify exploitation
- vnik5287/kaslr_tsx_bypass - Linux kASLR (Intel TSX/RTM) bypass static library
- cryptolok/ASLRay - Linux ELF x32/x64 ASLR DEP/NX bypass exploit with stack-spraying
- bcoles/kasld - Kernel Address Space Layout Derandomization - A collection of various techniques to bypass KASLR and retrieve the Linux kernel base virtual address on x86 / x86_64 architectures as an unprivileged user
- ChrisTheCoolHut/angry_gadget - A tool for finding the one gadget RCE in libc
- CENSUS/shadow - jemalloc heap exploitation framework
- farazsth98/hypervisor_exploit_templates - Some notes + templates that you can use in your hypervisor research, either for full exploits, or to verify / falsify any assumptions you may make while auditing code
Windows
- waleedassar/RestrictedKernelLeaks - List of KASLR bypass techniques in Windows 10 kernel
- The Windows Binaries Index - Win10文件的各种版本查询,支持下载
- cbayet/PoolSprayer - Simple library to spray the Windows Kernel Pool
- ntdiff.github.io - 可以对比不同版本的 Windows 头文件的变化
- yardenshafir/KernelDataStructureFinder
- sam-b/windows_kernel_address_leaks - Examples of leaking Kernel Mode information from User Mode on Windows
- zodiacon/KernelObjectView - View handles and object for each object type
- tandasat/GuardMon - Hypervisor based tool for monitoring system register accesses
- trailofbits/winchecksec - Checksec, but for Windows
- theevilbit/kex
- akayn/demos - Windows Kernel Exploitation. Static & dynamic analysis, exploits & vuln research. Mitigations bypass's, genric bug-class's.
- ufrisk/kaslrfinder - Kernel Address Space Layout Randomization (KASLR) Recovery Software
- rwfpl/rewolf-gogogadget - kernel exploitation helper class
- Exploit mitigation bypass
- Internals
File system
- googleprojectzero/symboliclink-testing-tools - This is a small suite of tools to test various symbolic link types of Windows
- FuzzySecurity/PowerShell-Suite - Native-HardLink.ps1
Uncategorized
- SQLab/CRAXplusplus - The exploit generator CRAX++ is CRAX with x86_64 ROP techniques, s2e 2.0 upgrade, code selection, I/O states, dynamic ROP, and more!
- palantir/exploitguard - Documentation and supporting script sample for Windows Exploit Guard
- advanced-threat-research/xbypass - A tool to facilitate ROP Chain Development for XML Character Sanitization
- ucsb-seclab/BootStomp - a bootloader vulnerability finder
- Gallopsled/pwntools - CTF framework and exploit development library
- WinHeapExplorer/WinHeap-Explorer - WinHeap Explorer repository
- Arinerron/heaptrace - helps visualize heap operations for pwn and debugging
- fireeye/flare-kscldr - FLARE Shellcode Loader
- Dynatrace/superdump - A service for automated crash-dump analysis
- joxeankoret/membugtool - A DBI tool to discover heap memory related bugs
- intel/xom-switch - the eXecutable-Only-Memory (XOM) enabling tool for x86 Linux system
- XNU虚拟内存安全往事
- windows-internals.com: An Exercise in Dynamic Analysis - PayloadRestrictions.dll分析,主要是EAF的逻辑,通过设置PAGE_GUARD来监听对Export Table的访问,然后检查调用来源是否合法
- flankerhqd/mediacodecoob - Hey your parcel looks bad - 2016年的,KCON 2021有提到
- googleprojectzero: Adventures in Video Conferencing - 2018年的,KCON 2021有提到
- googleprojectzero: MMS Exploit Series - 2020年的,KCON 2021有提到
- vp777/Windows-Non-Paged-Pool-Overflow-Exploitation - Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions demonstrated on CVE-2020-17087 and an off-by-one overflow
- yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References - List of Awesome Advanced Windows Exploitation References