This shouldn't have happened: A vulnerability postmortem tag:blogger.com,1999:blog-4838136820032157985.comments2021-12-01T03:01:28.305-08:00Project Zerotavis... 2021-12-02 04:24:08 | 阅读: 17 | 收藏 | googleprojectzero.blogspot.com 01t03

This shouldn't have happened: A vulnerability postmortem Posted by Tavis Ormandy, Project Zero This is an unusual blog post. I normally write posts to... 2021-12-1 18:38:0 | 阅读: 21 | 收藏 | googleprojectzero.blogspot.com nss mozilla fuzzer bigsig pss

Windows Exploitation Tricks: Relaying DCOM Authentication tag:blogger.com,1999:blog-4838136820032157985.comments2021-10-21T08:53:50.451-07:00Project Zerotavis... 2021-10-21 01:38:00 | 阅读: 17 | 收藏 | googleprojectzero.blogspot.com 21t08

Using Kerberos for Authentication Relay Attacks tag:blogger.com,1999:blog-4838136820032157985.comments2021-10-21T08:53:50.451-07:00Project Zerotavis... 2021-10-21 01:26:00 | 阅读: 9 | 收藏 | googleprojectzero.blogspot.com

Windows Exploitation Tricks: Relaying DCOM Authentication Posted by James Forshaw, Project Zero In my previous blog post I discussed the possibility of... 2021-10-20 16:38:0 | 阅读: 8 | 收藏 | googleprojectzero.blogspot.com objref client oxid rpcss

Using Kerberos for Authentication Relay Attacks Posted by James Forshaw, Project Zero This blog post is a summary of some research I've been d... 2021-10-20 16:26:0 | 阅读: 7 | 收藏 | googleprojectzero.blogspot.com client attacker network windows

How a simple Linux kernel memory corruption bug can lead to complete system compromise tag:blogger.com,1999:blog-4838136820032157985.comments2021-10-19T04:17:46.455-07:00Project Zerotavis... 2021-10-20 01:08:00 | 阅读: 14 | 收藏 | googleprojectzero.blogspot.com

How a simple Linux kernel memory corruption bug can lead to complete system compromise An analysis of current and potential kernel security mitigations Posted by Jann Horn, Project Z... 2021-10-19 16:8:0 | 阅读: 7 | 收藏 | googleprojectzero.blogspot.com memory slub allocator slab userspace

Fuzzing Closed-Source JavaScript Engines with Coverage Feedback tag:blogger.com,1999:blog-4838136820032157985.comments2021-09-14T07:29:48.983-07:00Project Zerotavis... 2021-09-15 02:14:00 | 阅读: 37 | 收藏 | googleprojectzero.blogspot.com 983 00project

Fuzzing Closed-Source JavaScript Engines with Coverage Feedback Posted by Ivan Fratric, Project Zero tl;dr I combined Fuzzilli (an open-source JavaScript engi... 2021-9-14 17:14:0 | 阅读: 15 | 收藏 | googleprojectzero.blogspot.com grammar tinyinst fuzzilli windows jackalope

Understanding Network Access in Windows AppContainers tag:blogger.com,1999:blog-4838136820032157985.comments2021-08-19T09:29:17.862-07:00Project Zerotavis... 2021-08-20 00:47:31 | 阅读: 34 | 收藏 | googleprojectzero.blogspot.com 19t09

Understanding Network Access in Windows AppContainers Posted by James Forshaw, Project ZeroRecently I've been delving into the inner workings of the Wi... 2021-8-19 16:37:0 | 阅读: 12 | 收藏 | googleprojectzero.blogspot.com fwpm network ale sublayer outbound

An EPYC escape: Case-study of a KVM breakout tag:blogger.com,1999:blog-4838136820032157985.comments2021-06-29T08:11:19.529-07:00Project Zerotavis... 2021-06-30 00:58:00 | 阅读: 123 | 收藏 | googleprojectzero.blogspot.com 29t08 529 00project

An EPYC escape: Case-study of a KVM breakout Posted by Felix Wilhelm, Project ZeroIntroduction KVM (for Kernel-based Virtual Machine) is the... 2021-6-29 15:58:0 | 阅读: 12 | 收藏 | googleprojectzero.blogspot.com svm vmcb hsave vcpu ibs

Fuzzing iOS code on macOS at native speed tag:blogger.com,1999:blog-4838136820032157985.comments2021-05-20T08:54:38.154-07:00Project Zerotavis... 2021-05-21 02:07:00 | 阅读: 137 | 收藏 | googleprojectzero.blogspot.com 20t08

Fuzzing iOS code on macOS at native speed Or how iOS apps on macOS work under the hood Posted by Samuel Groß, Project Zero This short p... 2021-5-20 17:7:0 | 阅读: 7 | 收藏 | googleprojectzero.blogspot.com dyld posix xpc spawnattr security

Designing sockfuzzer, a network syscall fuzzer for XNU tag:blogger.com,1999:blog-4838136820032157985.comments2021-04-22T09:14:21.055-07:00Project Zerotavis... 2021-04-23 03:05:00 | 阅读: 141 | 收藏 | googleprojectzero.blogspot.com 22t09 055

Designing sockfuzzer, a network syscall fuzzer for XNU Posted by Ned Williamson, Project Zero Introduction When I started my 20% project – an initiati... 2021-4-22 18:5:0 | 阅读: 7 | 收藏 | googleprojectzero.blogspot.com 377 fuzzer 025 bsd xnu

Policy and Disclosure: 2021 Edition tag:blogger.com,1999:blog-4838136820032157985.comments2021-04-15T05:28:29.372-07:00Project Zerotavis... 2021-04-16 01:02:00 | 阅读: 156 | 收藏 | googleprojectzero.blogspot.com 15t05 372 00project

Policy and Disclosure: 2021 Edition Posted by Tim Willis, Project Zero At Project Zero, we spend a lot of time discussing and eval... 2021-4-15 16:2:0 | 阅读: 4 | 收藏 | googleprojectzero.blogspot.com grace adoption deadline trial development