In-the-Wild Series: October 2020 0-day discovery
https://googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html

In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via "watering hole" attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android, Windows, and iOS devices. These attacks appear to be the next iteration of the campaign discovered in February 2020 and documented in below blog posts:

Part1: Introducing the In-the-Wild Series
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html

Part2: Chrome Infinity Bug
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html

Part3: Chrome Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html

Part4: Android Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html

Part5: Android Post-Exploitation
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html

Part6: Windows Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-windows-exploits.html

#reverse #expdev #rce #lpe #sandbox #escape #android #ios #windows #chrome #browser #darw1n

Heappy is an editor based on gdb/gef that helps you to handle the heap during your exploitation development.
The project should be considered a didactic tool useful to understand the evolution of the heap during the process life cycle.

https://github.com/gand3lf/heappy

#reverse #expdev #tools #heap #debug

iOS 14.5 WebKit/Safari based Jailbreak Made by RPwnage & the Manticore team

https://github.com/RPwnage/pwn-my

#reverse #expdev #ios #mobile #jailbreak #heckysome

iOS Wi-Fi Demon: From iOS Format String to Zero-Click RCE

https://ictexpertsluxembourg.lu/technical-corner/ios-wi-fi-demon-from-ios-format-string-to-zero-click-rce/

#reverse #expdev #mobile #ios #rce #formatstring #darw1n

GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI

https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/

#expdev #tar #cli #darw1n

Roppeer is a tool to find gadgets and build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64)

https://forum.reverse4you.org/t/roppeer-is-a-tool-to-find-gadgets-and-build-rop-chains-for-different-architectures-x86-x86-64-arm-arm64-mips-powerpc-sparc64/17064

#tools #expdev #ropchain #rop #python #diablo

Analyzing a Patch of a Virtual Machine Escape on VMware

https://forum.reverse4you.org/t/analyzing-a-patch-of-a-virtual-machine-escape-on-vmware/17110

#reverse #windows #expdev #patchanalysis #patch #analysis #vmware #darw1n

CVE-2021-40444 Analysis / Exploit

https://forum.reverse4you.org/t/cve-2021-40444-analysis-exploit/17118

#expdev #windows #cve #office #rce #exploit #hottabych

CVE-2021-30632 Chrome V8 RCE Exploit for Windows

https://forum.reverse4you.org/t/cve-2021-30632-chrome-v8-rce-exploit-for-windows/17286

#expdev #windows #browser #chrome #v8 #rce #hottabych

Phrack 2021, Issue 0x46

* Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622
* Cyber Grand Shellphish
* VM escape - QEMU Case Study
* .NET Instrumentation via MSIL bytecode injection
* Twenty years of Escaping the Java Sandbox
* Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability
* Exploiting Logic Bugs in JavaScript JIT Engines
* Hypervisor Necromancy; Reanimating Kernel Protectors
* Tale of two hypervisor bugs - Escaping from FreeBSD
* The Bear in the Arena
* Exploiting a Format String Bug in Solaris CDE
* Segfault[.]net eulogy

http://phrack.org/issues/70/1.html

#magazine #expdev #net #msil #java #vm #javascript #hypervisor #darw1n