| 1 |
MacOS and iOS Internals, Volume III: Security & Insecurity |
http:// newosxbook.com /files/moxii3 /AppendixA.pdf |
rodster@ccav10.cn(727542262) everettjf@live.com(276751551) |
|
| 2 |
Analysis and exploitation of Pegasus kernel vulnerabilities (CVE-2016-4655 / CVE-2016-4656) |
http://jndok.github.io/2016/10/04/pegasus-writeup/ |
rodster@ccav10.cn(727542262) |
|
| 3 |
海马iOS应用商店助手各种恶意行为的研究 Helper for Haima iOS App Store Adds More Malicious Behavior |
http://blog.trendmicro.com/trendlabs-security-intelligence/helper-haima-malicious-behavior/ |
rodster@ccav10.cn(727542262) |
|
| 4 |
未越狱状态下的iOS插桩:iOS instrumentation without jailbreak |
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/october/ios-instrumentation-without-jailbreak/ |
rodster@ccav10.cn(727542262) |
|
| 5 |
iOS软件在运行时究竟做了什么:Introspy-iOS |
https://github.com/integrity-sa/Introspy-iOS |
try_fly:247498009 |
|
| 6 |
当我们在移动文件时,发生了什么?MacOS File Movements |
https://forensic4cast.com/2016/10/macos-file-movements/ |
舜生Ree:2035153354 |
|
| 7 |
macOS Chrome密码破解 Decrypting Google Chrome Passwords on macOS / OS X |
http://bufferovernoah.com/2016/10/17/chrome/ |
free:249099804 |
|
| 8 |
CVE-2016-6187: Exploiting Linux kernel heap off-by-one by Vitaly Nikolenko |
https://cyseclabs.com/blog/cve-2016-6187-heap-off-by-one-exploit |
rodster@ccav10.cn(727542262) |
|
| 9 |
LINUX SRP OVERWRITE AND ROP |
http://buffered.io/posts/linux-srp-overwrite-and-rop/ |
布兜儿:527626504 |
|
| 10 |
基于python的开源LLDB前端GUI Voltron简介 |
https://github.com/snare/voltron |
拟人:75345771 |
|
| 11 |
基于 Frida 框架的 Objective-C 插桩方法 Objective-C Instrumentation with Frida |
https://rotlogix.com/2016/03/20/objective-c-instrumentation-with-frida/ |
lockdown:527850864 |
|
| 12 |
FRIDA框架简介:Welcome introduction、quickstart guide、installation、basic usage |
http://www.frida.re/docs/home/ |
lockdown:527850864 |
|
| 13 |
FRIDA框架简介:Modes ofoperation、Functions、Messages、iOS、Android |
http://www.frida.re/docs/home/ |
lockdown:527850864 |
|
| 14 |
FRIDA框架推出8.1 released |
http://www.frida.re/news/2016/10/25/frida-8-1-released/ |
lockdown:527850864 |
|
| 15 |
OS X蓝牙IO系统UAF漏洞分析 OS X kernel use-after-free in IOBluetoothFamily.kext |
https://bugs.chromium.org/p/project-zero/issues/detail?id=830 附上Exploit:https://www.exploit-db.com/exploits/40652/ |
布兜儿:527626504 |
|
| 16 |
OS X/iOS磁盘镜像子系统UAF漏洞分析 OS X/iOS kernel use-after-free in IOHDIXController |
https://bugs.chromium.org/p/project-zero/issues/detail?id=832 |
布兜儿:527626504 |
|
| 17 |
OS X内核存储UAF漏洞分析 OS X kernel use-after-free in CoreStorage |
https://bugs.chromium.org/p/project-zero/issues/detail?id=833 |
布兜儿:527626504 |
|
| 18 |
OS X内核雷电IO系统UAF漏洞 OS X kernel use-after-free in IOThunderboltFamily |
https://bugs.chromium.org/p/project-zero/issues/detail?id=834 |
布兜儿:527626504 |
|
| 19 |
OS X/iOS图像共享IO的UAF漏洞分析 OS X/iOS kernel use-after-free in IOSurface |
https://bugs.chromium.org/p/project-zero/issues/detail?id=831 |
布兜儿:527626504 |
|
| 20 |
task_t指针重大风险预报 task_t considered harmful |
https://googleprojectzero.blogspot.kr/2016/10/taskt-considered-harmful.html |
看雪翻译小组 |
|
| 21 |
task_t指针重大风险预报——PoC task_t considered harmful - many XNU EoPs |
https://bugs.chromium.org/p/project-zero/issues/detail?id=837 |
看雪翻译小组 |
|
| 22 |
IOKit被动Fuzz框架 PassiveFuzzFrameworkOSX |
https://github.com/SilverMoonSecurity/PassiveFuzzFrameworkOSX |
看雪翻译小组 |
|
| 23 |
launchd中虚拟磁盘挂载尺寸分配问题导致UAF Controlled vm_deallocate size can lead to UaF in launchd |
https://bugs.chromium.org/p/project-zero/issues/detail?id=896 |
看雪翻译小组 |
|
| 24 |
launchd中消息队列逻辑问题导致内核message控制 Logic issue in launchd message requeuing allows arbitrary mach message control |
https://bugs.chromium.org/p/project-zero/issues/detail?id=893 |
看雪翻译小组 |
|
| 25 |
OSX/iOS中的内存端口注册中的内存安全问题 OS X/iOS multiple memory safety issues in mach_ports_register |
https://bugs.chromium.org/p/project-zero/issues/detail?id=882 |
看雪翻译小组 |
|
| 26 |
趋势科技研究员今年 7 月份在 HITCON 2016 会议的演讲《(P)FACE Into the Apple Core and Exploit to Root》 |
http://hitcon.org/2016/CMT/slide/day1-r2-c-1.pdf |
看雪翻译小组 |
|
| 27 |
通过 OS X 的邮件规则实现持久控制 Using email for persistence on OS X |
https://www.n00py.io/2016/10/using-email-for-persistence-on-os-x/ |
布兜 |
|
| 28 |
通过 IO Kit 驱动走进 Ring-0︰Strolling into Ring-0 via IO Kit Drivers |
https://ruxcon.org.au/assets/2016/slides/RuxCon_Wardle.pdf |
|
18 |
| 29 |
Nginx 搭建同时启用多个工具的 HTTP 代理环境,支持多个用户 |
https://www.swordshield.com/2016/10/multi-tool-multi-user-http-proxy/ |
|
5 |
| 30 |
提高iOS的健壮性及抗Fuzz技术 |
https://ruxcon.org.au/assets/2016/slides/Make_iOS_App_more_Robust_and_Security_through_Fuzzing-1476442078.pdf |
|
9 |
| 31 |
iOS的WebView自动拨号的bug iOS WebView auto dialer bug |
https://www.mulliner.org/blog/blosxom.cgi/security/ios_webview_auto_dialer.html |
赤 |
|
| 32 |
iOS.GuiInject广告木马库分析 Analysis of iOS.GuiInject Adware Library |
https://sentinelone.com/blogs/analysis-ios-guiinject-adware-library/ |
|
4 |
| 33 |
iOS软件安全全局方法论 iOS Application Security Review Methodology |
http://research.aurainfosec.io/ios-application-security-review-methodology/ |
|
6 |
| 34 |
解码苹果上所有的Tokens decrypts/extracts all authorization tokens on macOS / OS X / OSX |
https://github.com/manwhoami/MMeTokenDecrypt |
|
|
| 35 |
Lookout发布的iOS三叉戟漏洞的详细技术分析 Technical Analysis of the Pegasus Exploits on iOS |
https://info.lookout.com/rs/051-ESQ-475/images/pegasus-exploits-technical-details.pdf |
|
|
| 36 |
攻击safari的JS引擎CVE-2016-4622详细分析 |
http://phrack.org/papers/attacking_javascript_engines.html |
|
|
| 37 |
Mac平台上的广告蠕虫一览 |
https://blog.malwarebytes.com/threat-analysis/social-engineering-threat-analysis/2016/11/an-overview-of-malvertising-on-the-mac/ |
|
|
| 38 |
Mac 用户想防止被查水表? |
https://github.com/drduh/macOS-Security-and-Privacy-Guide |
|
|
| 39 |
Mac 上恶意软件的总览 |
https://blog.malwarebytes.com/threat-analysis/social-engineering-threat-analysis/2016/11/an-overview-of-malvertising-on-the-mac/ |
|
|
| 40 |
阻止 iCloud 日历上的垃圾邮件邀请 |
http://t.cn/RfjMbGy https://t.co/qOHXUYS6J3 https://t.co/PYGq7gNT4V |
|
|
| 41 |
绕过苹果系统的完整性保护 Bypassing Apple's System Integrity Protection |
https://objective-see.com/blog/blog_0x14.html |
|
|
| 42 |
在二进制代码中通过静态分析的方法检测 UAF 漏洞 |
https://t.co/ulcgwGkRI7 |
|
|
| 43 |
趋势科技的一篇 Blog,谈利用 Dirty Cow 漏洞攻击 Android |
http://blog.trendmicro.com/trendlabs-security-intelligence/new-flavor-dirty-cow-attack-discovered-patched/ |
|
|
| 44 |
以福昕阅读器为例实现高性能Fuzz Applied high-speed in-process fuzzing: the case of Foxit Reader |
https://t.co/6MwdamAHJ4 |
|
|
| 45 |
ARM汇编语言极速入门part 1~5 |
https://azeria-labs.com/writing-arm-assembly-part-1/ |
|
|
| 46 |
苹果FSEvent深层文件系统调用记录取证 |
http://nicoleibrahim.com/apple-fsevents-forensics/ |
|
|
| 47 |
二进制grep工具、还能高亮! |
https://github.com/m4b/bingrep/ |
|
|
| 48 |
MacRansom,Mac上的勒索软件分析(带反调试、反虚拟机) |
https://objective-see.com/blog/blog_0x1E.html |
|
|
| 49 |
IDA反汇编的一些小技巧 |
https://qmemcpy.github.io/post/ida-series-1-hex-rays |
|
|
| 50 |
macOS 10.12.2本地提权以及XNU port堆风水by蒸米大神:【https://jaq.alibaba.com/community/art/show?articleid=781 提权的exp源码也可以在我的github下载到:【https://github.com/zhengmin1989/macOS-10.12.2-Exp-via-mach_voucher】 |
https://jaq.alibaba.com/community/art/show?articleid=781 |
|
|
| 51 |
反病毒Yara规则生成器、病毒特征提取工具 |
https://github.com/Neo23x0/yarGen |
|
|
| 52 |
10.2.1上重打包iOS应用的方法 |
http://www.vantagepoint.sg/blog/85-patching-and-re-signing-ios-apps |
|
|
| 53 |
iOS 10.3.1 Wifi芯片漏洞详解——by Project Zero Beniamini |
https://googleprojectzero.blogspot.jp/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html |
|
|
| 54 |
从iOS程序运行时的堆中提取敏感信息 |
https://blog.netspi.com/ios-tutorial-dumping-the-application-heap-from-memory/ |
|
|
| 55 |
如何在 macOS 上安装 Powershell 6.0 |
http://www.techrepublic.com/article/how-to-install-microsoft-powershell-6-0-on-macos/ |
|
|
| 56 |
Google ssl_logger - 可以解密并记录进程的SSL流量 |
https://github.com/google/ssl_logger |
|
|
| 57 |
ian beer 亲自讲解iOS 10越狱用的mach portal的教程 上 |
https://github.com/zhengmin1989/GreatiOSJailbreakMaterial/blob/master/iOS10_Mach_Portal.pdf |
|
|
| 58 |
ian beer 亲自讲解iOS 10越狱用的mach portal的教程 中 |
https://github.com/zhengmin1989/GreatiOSJailbreakMaterial/blob/master/iOS10_Mach_Portal.pdf |
|
|
| 59 |
ian beer 亲自讲解iOS 10越狱用的mach portal的教程 下 |
https://github.com/zhengmin1989/GreatiOSJailbreakMaterial/blob/master/iOS10_Mach_Portal.pdf |
|
|
| 60 |
iOS 9 开始引入的内核完整性保护(KPP)功能是如何实现的 |
https://xerub.github.io/ios/kpp/2017/04/13/tick-tock.html |
|
|
| 61 |
支持macOS!-"leviathan - 大型安全审计工具包,支持大范围的服务探测、暴力破解、SQL注入检测以及运行自定义漏洞利用模块 |
https://github.com/leviathan-framework/leviathan |
|
|
| 62 |
[CODE REVIEW]TWEAK系列-respring之后弹自定义消息-PopUpOnStart |
https://github.com/LacertosusRepo/Open-Source-Tweaks |
|
|
| 63 |
[CODE REVIEW]TWEAK系列-给调音量增加震动反馈-Volbrate |
https://github.com/LacertosusRepo/Open-Source-Tweaks |
|
|
| 64 |
[CODE REVIEW]TWEAK系列-给控制中心增加震动反馈-HaptikCenter |
https://github.com/LacertosusRepo/Open-Source-Tweaks |
|
|
| 65 |
[CODE REVIEW]TWEAK系列-每次respring之后给你播放一段音乐-SoundSpring |
https://github.com/LacertosusRepo/Open-Source-Tweaks |
|
|
| 66 |
一个函数,两个bug part.1 |
https://www.synack.com/2017/03/27/two-bugs-one-func/ |
|
|
| 67 |
一个函数,两个bug(含poc) part.2 |
https://www.synack.com/2017/04/07/two-bugs-one-func-p2/ POC地址: https://pastebin.com/87fHLMQq |
|
|
| 68 |
APFS苹果文件系统逆向初探 |
https://blog.cugu.eu/post/apfs/ |
|
|
| 69 |
Safari Browser Array.concat 方法中越界的内存拷贝可导致内存破坏(CVE-2017-2464 |
https://bugs.chromium.org/p/project-zero/issues/detail?id=1095 |
|
|
| 70 |
在 HITB AMS 2017 会议上,独立安全研究员 malerisch 分享了他是如何在趋势科技产品中挖掘到 200 个 CVE 的 |
http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html |
|
|
| 71 |
昨天他又写了一篇 Blog 介绍了一个新发现的趋势科技 TDA 产品 Session 生成认证机制绕过的漏洞 |
http://conference.hitb.org/hitbsecconf2017ams/materials/D1T1 - Steven Seeley and Roberto Suggi Liverani - I Got 99 Trends and a # Is All Of Them.pdf" |
|
|
| 72 |
【Frida系列】Frida的基本功能 |
http://2015.zeronights.org/assets/files/23-Ravnas.pdf |
|
|
| 73 |
【Frida系列】通过案例入门Frida - learn by example |
http://www.ninoishere.com/frida-learn-by-example/ |
|
|
| 74 |
【Frida系列】逆向iOS过程中一些有用的Frida脚本 some useful frida script for iOS Reversing |
https://github.com/as0ler/frida-scripts |
|
|
| 75 |
安卓下的对Frida的检测方法(问:如何移植到iOS) |
http://www.vantagepoint.sg/blog/90-the-jiu-jitsu-of-detecting-frida |
|
|
| 76 |
Pwn2Own 2017 Samuel Groß 攻击 Safari 所使用的 WebKit JSC::CachedCall UAF 漏洞的分析(CVE-2017-2491)(第一篇) |
https://phoenhex.re/2017-05-04/pwn2own17-cachedcall-uaf |
|
|
| 77 |
Fox-IT 的研究员发现 Snake 恶意软件框架首次出现了攻击 MacOS 操作系统的版本 |
https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/ Github: https://github.com/Neo23x0/signature-base/blob/master/yara/apt_snaketurla_osx.yar |
|
|
| 78 |
Mobile Pwn2Own 2012 -WebKit Array.sort() UAF 漏洞的分析和利用(CVE-2012-3748)(一) |
https://scarybeastsecurity.blogspot.jp/2017/05/ode-to-use-after-free-one-vulnerable.html |
|
|
| 79 |
Mobile Pwn2Own 2012 -WebKit Array.sort() UAF 漏洞的分析和利用(CVE-2012-3748)(二) |
https://scarybeastsecurity.blogspot.jp/2017/05/ode-to-use-after-free-one-vulnerable.html |
|
|
| 80 |
Mobile Pwn2Own 2012 -WebKit Array.sort() UAF 漏洞的分析和利用(CVE-2012-3748)(三) |
https://scarybeastsecurity.blogspot.jp/2017/05/ode-to-use-after-free-one-vulnerable.html |
|
|
| 81 |
用fuzzing来高速挖洞_High_Speed_Bug_Discovery_with_Fuzzing |
|
|
|
| 82 |
无痛入门Linux用户态堆和堆风水 |
https://sensepost.com/blog/2017/painless-intro-to-the-linux-userland-heap// |
|
|
| 83 |
Flanker:CVE-2017–2448, 绕过OTR签名校验iCloud钥匙串秘密窃取 |
https://medium.com/@longtermsec/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605 |
|
|
| 84 |
Fuzz 工具 OSS-Fuzz 开源的 5 个月中,被用于测试了 47 个开源项目,发现了超过 1000 个 Bug(264 个潜在漏洞) |
https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html |
|
|
| 85 |
Project Zero 研究员 Felix 总结的 iOS APP 层面的常见漏洞案例 |
https://github.com/felixgr/secure-ios-app-dev |
|
|
| 86 |
CIA那个用NSUnarchiver过沙盒的0day被beer挖出来了,还随手挖了修了一堆 IPC 过沙盒的洞 |
https://bugs.chromium.org/p/project-zero/issues/detail?id=1168&can=1&q=owner%3Aianbeer%20modified-after%3A2017%2F5%2F22 |
|
|
| 87 |
近期几款色情 App 开始大量在 Android 和 iOS 平台上传播,他们甚至找到了上架 Apple App Store 的方式 |
http://blog.trendmicro.com/trendlabs-security-intelligence/pua-operation-spreads-thousands-explicit-apps-wild-legitimate-app-stores/ |
|
|
| 88 |
两款用来破解 MacOS Keychain 的工具: KeychainCracker,chainbreaker |
KeychainCracker: https://github.com/macmade/KeychainCracker chainbreaker: https://github.com/n0fate/chainbreaker |
|
|
| 89 |
joker:使用joker抽取iOS 11的kernelcache |
http://newosxbook.com/tools/joker.html |
|
|
| 90 |
“捡到一个亿”系列:盘古Janus原型:云舒幻盾原型:伸缩性规模化分布式全自动蠕虫木马代码定位检测系统暨入侵预警与防御系统原型机白皮书 |
http://lockheedmartin.com/content/dam/lockheed/data/isgs/documents/LaikaBOSS%20Whitepaper.pdf Github地址:https://github.com/lmco/laikaboss |
|
|
| 91 |
安全从业者的瑞士军刀——样本模块匹配搜索引擎 |
https://virustotal.github.io/yara/ |
|
|
| 92 |
libimobiledevice,用来操纵iOS设备的跨平台本地协议库和工具库 |
http://www.libimobiledevice.org/ |
|
|
| 93 |
【大数据】工具分享:全自动YARA规则生成器:如何从病毒木马大数据样本中批量提取字符串指纹 |
https://github.com/Neo23x0/yarGen 范例:https://www.bsk-consulting.de/2015/02/16/write-simple-sound-yara-rules/ 、https://www.bsk-consulting.de/2015/10/17/how-to-write-simple-but-sound-yara-rules-part-2/、https://www.bsk-consulting.de/2016/04/15/how-to-write-simple-but-sound-yara-rules-part-3/ |
|
|
| 94 |
macOS内核调试指南:Introduction to macOS Kernel Debugging |
http://lightbulbone.com/2016/10/04/intro-to-macos-kernel-debugging.html |
|
|
| 95 |
逆向macOS内核扩展模块“DSMOS”:Reversing a macOS Kernel Extension |
http://lightbulbone.com/2016/10/11/dsmos-kext.html |
|
|
| 96 |
栈反转技术简介和示例:Stack Pivoting |
http://neilscomputerblog.blogspot.tw/2012/06/stack-pivoting.html |
|
|
| 97 |
APT团队海莲花出新品啦——全新设计的高级macOS后门软体套件!The New and Improved macOS Backdoor from OceanLotus |
https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-backdoor-oceanlotus/ |
|
|
| 98 |
如何在 macOS 中监控指定应用的 HTTPS 流量 |
Monitoring HTTPS Traffic of a Single App on OSX/ |
|
|
| 99 |
macOS软件沙盒工具,监控所有文件和进程 |
filewatcher-a simple auditing utility for macOS/ |
|
|
| 100 |
谷歌推出的ssl流量记录器:解密并且记录进程的所有SSL流量信息 |
ssl_logger_byGoogle_Github |
|
|
| 101 |
iOS_App二进制文件逆向指南 |
ObjC篇:Reading iOS app binary files
Swift篇:Reading iOS app binary files. Part 2: Swift |
|
|
| 102 |
【Frida系列】Frida全局方法论和入门实例 |
Unlocking secrets of proprietary software using Frida备用链接 |
|
|
| 103 |
macOS和iOS的位置信息数据库dump下来 |
Dump the contents of the location database files on iOS and macOS. |
|
|
| 104 |
【Frida系列】使用Frida从TeamViewer的内存中提取出密码 |
Extract password from TeamViewer memory using Frida |
|
|
| 105 |
【IDA系列】IDA 6.95最新进展:使用UTF-8从头开始构建并支持iOS源码级调试及直接调试dyld_shared_cache中的dylib |
News about the x64 edition |
|
|
| 106 |
【iOS内核漏洞讲解系列】树人哥讲解影响iOS5、6、7、8三年之久的setattrlist()漏洞 |
setattrlist() iOS Kernel Vulnerability Explained |
|
|
| 107 |
【IDA系列】IDA Pro 6.8 for mac破解版上手指南 |
文件在雪花群群文件里下载 |
|
|
| 108 |
【IDA系列】IDA伴侣——FRIEND |
Flexible Register/Instruction Extender aNd Documentation |
|
|
| 109 |
【IDA系列】使用IDA Python插件加速分析集成系统固件镜像 |
the life-changing magic of ida python embedded device edition
IDAPython Embedded Toolkit |
|
|
| 110 |
【iOS App安全】App逆向研究的方法 |
RECON-BRX-2017-Analysing_ios_Apps |
|
|
| 111 |
【radare2系列】给r2加上可视化支持 |
Bubble Struggle - Call Graph Visualization with Radare2 |
|
|
| 112 |
【IDA系列】导出IDA的调试信息 |
Exporting IDA Debug Information - Adam Schwalm |
|
|
| 113 |
开源的macOS系统进程信息查看工具 |
Proc Info is a open-source, user-mode, library for macOS |
|
|
| 114 |
【Git进阶】Git天梯图 |
Git Cheat Sheet: Useful Commands, Tips and Tricks |
|
|
| 115 |
从keychain为犯罪者进行“画像” |
Breaking into the iCloud Keychain |
|
|
| 116 |
macOS High Sierra的'Secure Kernel Extension Loading'瓦特了 |
High Sierra's 'Secure Kernel Extension Loading' is Broken |
|
|
| 117 |
“盲”逆向:iOS 应用 Blind 寻踪 |
"BLIND" Reversing - A Look At The Blind iOS App 、https://paper.seebug.org/440/ |
|
|
| 118 |
给iOS添加根证书太简单了! |
Too Easy – Adding Root CA’s to iOS Devices |
|
|
| 119 |
在10.12 macOS Sierra上编译XNU内核 |
Building the XNU kernel on Mac OS X Sierra (10.12.X) |
|
|
| 120 |
一步一步编译iOS的内核——arm64版本的XNU |
steps to build arm64 version of xnu-4570.1.46 |
|
|
| 121 |
CVE-2017-5123爆破指南writeup |
Exploiting CVE-2017-5123 视频地址 |
|
|
| 122 |
为什么root和空密码可以进系统? |
Why Gets You Root |
|
|
| 123 |
iOS11安全与隐私保护完整指南 |
iOS 11: A Complete Guide to iOS Security and Privacy](https://www.intego.com/mac-security-blog/ios-11-a-complete-guide-to-ios-security-and-privacy/) |
|
|
| 124 |
【IDA插件体验】IDALazy! |
Make your IDA Lazy! |
|
|
| 125 |
【IDA插件体验】IDA代码覆盖率测试工具 |
Lighthouse - Code Coverage Explorer for IDA Pro |
|
|