felixwilhelm / mario_baslrLinks
PoC for breaking hypervisor ASLR using branch target buffer collisions
☆166Updated 8 years ago
Alternatives and similar repositories for mario_baslr
Users that are interested in mario_baslr are comparing it to the libraries listed below
Sorting:
- Xenpwn is a toolkit for memory access tracing using hardware-assisted virtualization☆144Updated 9 years ago
- Slides and very basic examples☆112Updated 8 years ago
- An open source, multi-architecture ROP compiler written in python☆162Updated 8 years ago
- ☆105Updated 10 years ago
- A program to draw rectangles from heap traces.☆135Updated 5 years ago
- Library for creating CTF services.☆74Updated 8 years ago
- Symbolic Execution Tool in r2☆106Updated 3 years ago
- Synesthesia, implemented as Yices scripts☆94Updated 8 years ago
- Automated Return-Oriented Programming Chaining☆85Updated 8 years ago
- High-throughput fuzzer and emulator of DECREE binaries☆242Updated 5 years ago
- A tool dedicated to the research of vulnerabilities in hypervisors by creating unusual system configurations.☆185Updated 2 years ago
- Semantic Binary Code Analysis Framework☆124Updated 9 years ago
- Small tool for generating ropchains using unicorn and z3☆198Updated 7 years ago
- ☆49Updated 7 years ago
- aflpin enables afl to fuzz blackbox binaries using a pin tool to trace execution branches.☆171Updated 10 years ago
- Routines for hunting down kernel structs.☆41Updated 13 years ago
- Notes on various topics I'm interested in☆160Updated 10 years ago
- De Mysteriis Dom jemalloc☆64Updated 7 years ago
- ☆164Updated 8 years ago
- ropc-llvm is a PoC of a Turing complete ROP compiler with support for a subset of LLVM IR. It is an extension of ropc.☆69Updated 11 years ago
- Routines for hunting down kernel symbols.☆82Updated 14 years ago
- ☆28Updated 3 years ago
- ☆63Updated 9 years ago
- Programmatic disassembly and patching☆68Updated 8 years ago
- Python concolic execution framework for program analysis☆67Updated 10 years ago
- add symbols back into a stripped ELF binary (~strip)☆175Updated 8 years ago
- Short, unrelated helper scripts for users of AFL (the fuzzer)☆112Updated 9 years ago
- Old mitigation-bounty code that was applicable to edge before it use webkit/chrome☆87Updated 8 years ago
- A repo for various research☆102Updated 3 years ago
- Use ltrace with pwnlib.tubes.process instances, useful for heap exploitation. Pwntools rocks!☆53Updated 7 years ago