7
9月

Tittle: 历史文章保存

4 作者:admin

10.27-------------------------------------------------------------------

The Art of VoIP Hacking

XSS via XML POST

Exploit Win10Pcap Driver to enable some Privilege in our process token ( local Privilege escalation )

Powercat - Netcat: The Powershell Version

.NET COM Serviced Components (dllhost.exe execution) Bypass And Persistence

Beginner's Guide to Fuzzing (Part 1 - 3)

Modern Exploit Development (Part 1 - 14)

SEAndroid Analytics Library for live device analysis

Live Memory Forensics on Android devices

Fuzzing browsers for finding exploitable bugs

iOS 安全攻防系列

每日安全动态推送

内网穿透工具 XSS exploitation tool - access victims through HTTP proxy

情报威胁工具 ioc_parser

10.26-------------------------------------------------------------------

http://www.slideshare.net/SucuriSecurity/building-a-better-security-posture

Building a Better Security Posture

Rescuing a broken NTFS filesystem

TLS Fingerprinting

每日安全动态推送

HackPwn破解视频大公开

国内会议收集

Pentest-Report OpenKeychain 08.2015(cure53)

Timing attack vulnerability in most Zeus server-sides

Privilege Escalation Via Group Policy Preferences (GPP)

Weird New Tricks for Browser Fingerprinting

前端工具 Sniffing browser history using HSTS + CSP

获取真实ip工具 grabify.link

内存读取工具 memorpy : Python library using ctypes to search/edit windows programs memory

运维工具 Malicious traffic monitoring system

工控系统模拟工具 virtuaplanth

病毒分析工具 An Open Source Malware Analysis Pipeline System

10.25-------------------------------------------------------------------

how to kill ROP as a technique.

Presentation about the security features provided by the 3GPP specifications for LTE.

Skype Protocol Reverse Engineered (Video)

Hack Naked TV-NTP(视频)

Modifying Metasploit x64 template for AV evasion

Principles and Practices for Securing Software-Defined Networks(SDN)

[Another] Intercepting Proxy

Wadi Fuzzer

Deep Learning for Enterprise(视频)

Protecting Windows Networks – UAC

ARMv7 Disassembling with a twist

病毒工具 whatsapp-bot-seed:A small python framework to create a whatsapp bot, with regex-callback message routing.

fuzz工具 NodeFuzz is a fuzzer harness for web browsers and browser like applications.

10.24-------------------------------------------------------------------

finding UI crashes by fuzzing input events with american fuzzy lop

CSS based Attack: Abusing unicode-range of @font-face

国外会议资源大全

HTTP Evasions Explained - Part 6 - Attack of the White-Space

内网工具 PowerTools is a collection of PowerShell projects with a focus on offensive operations.

内网工具 Empire is a pure PowerShell post-exploitation agent.

病毒工具 Backsniffer:allows for an attacker to execute commands on a compromised system remotely

安卓工具 AndroidEagleEye : An Xposed + adbi module capable of hooking both Java & Native methods targeting Android OS

10.23-------------------------------------------------------------------

SQL Injection in Insert,Update and Delete Statements

Hacks in video games

google-sandbox-attacksurface-analysis-tools

【This is a small suite of tools to test various properties of sandboxes on Windows】

HTML Compiler - Remote Code Execution

威胁感知的方法论

Joomla 3.x Sql注入漏洞分析

Nice writeup on NTP CVE-2015-7871

每日安全动态推送

Add CVE-2015-7007, user-assisted Safari applescript:// RCE module

The World Browser 3.0 Final - Remote Code Execution

SWF Exploit CVE-2015-7645

Windows Privilege Escalation

Joomla SQL Injection Vulnerability Exploit Results in Full Administrative Access

移动APP安全测试要点

waf-bypass工具 python script to bypass cloudflare from command line

密码字典1工具

内网工具 Dump AD user password hashes on-the-fly to a file of chosen format (no need to export & extract NTDS.DIT)

病毒分析工具 unpack.py: Script using WinAppDbg to automatically unpack malware

10.22-------------------------------------------------------------------

Continuous Security Testing - DevSecCon

每日安全动态推送

Rootsh3ll Wi-Fi Security and Pentesting Series (RWSPS) – Preface

Attacking the Network Time Protocol

digging-for-groundhogs-holes-in-your-linux-server

Analysis of the DR7 OSX vulnerability using radare2

secure_coding_nodejs

RWSPS: Automated WiFi Cracking

Hijacking Arbitrary .NET Application Control Flow

HaaS: Hacking as a Service

Nice exploitation of a #VDI solution

Automating Forensic Artifact Collection with Splunk and GRR

编译器里有鬼:蒸米

注入工具 Fatcat:an automatic SQL Injection tool

内网穿透工具 Corkscrew:a tool for tunneling SSH through HTTP proxies

honeypot工具 a honeypot plugin for Wordpress to collect usrnames+pwds

信息收集工具 Massmine - Automated Intel Gathering

运维工具 Glances(An Eye on your system):a cross-platform curses-based system monitoring tool written in Python

病毒工具 Taipei Torrent:A(nother) Bittorrent client written in the go programming language

10.21-------------------------------------------------------------------

安全脉搏沙龙“脉搏涌动”

Draw me a Local Kernel Debugger

hacklu 2015

Steel Con 2015视频

How To Decrypt Ruby SSL Communications with Wireshark

decrypting XcodeGhost communication

Create a Self-Signed Executable - Without Makecert.exe

G DATA Malware Report - January – June 2015

DANGEROUS CLIPBOARD: ANALYSIS OF THE MS15-072 PATCH

Multi-stage exploit installing trojan

Attacking Ruby on Rails Applications

Linux Kernel Hacking - A crash course

2015 绿盟科技云安全解决方案

每日安全动态推送

审计工具 BTA:an open-source Active Directory security audit framework

工具 Local Kernel Debugger : perform local kernel debugging of a Windows kernel booted in DEBUG mode

10.20-------------------------------------------------------------------

每日安全动态推送

Malicious JavaScript

Win32 port of OpenSSH

10.19-------------------------------------------------------------------

Qcon 2015

每日安全动态推送

SYMANTEC INTELLIGENCE REPORT SEPTEMBER 2015

Chinese Backdoor Zegost delivered via Hacking Team exploit Introduction

FortiGuard Labs Discovers Use-After-Free Vulnerability In Microsoft Word 2007

Timers in the Linux kernel. Part 3.

Windows登陆认证攻击小结

域控权限持久化之DSRM

敞开的地狱之门:Kerberos协议的滥用

工具 openvpnScraper : Grab credentials from a running openvpn process in Linux

内网工具 Get-bADpasswords : Find enabled Active Directory users with bad passwords

安卓工具 Generic Android Deobfuscator

内网工具 spraywmi:an easy way to get mass shells on systems that support WMI

解密工具 new-javascript-deobfuscator-tool

10.18-------------------------------------------------------------------

Windows Privilege Escalation Fundamentals

AuditDroid, self-contained environment for learning about Android security

Android reverse engineering - Analyzing skype

practice-of-android-reverse-engineering

npwn, a 10.11 kernel exploit

Channel-Bound Cookies

Crowdsource Malware Triage Workshop

内网工具 windows-privesc-check

php审计工具 phptrace - is a low-overhead tracing tool for PHP by Qihoo 360

中间人工具 BETTERCAP:A complete, modular, portable and easily extensible MITM framework

解密工具 pemcracker : Tool to crack encrypted PEM files

工具 CryptBackdoor – Windows Crypt API hook to generate weak keys

10.16-------------------------------------------------------------------

Some Tips to Analyze PatchGuard

每日安全动态推送

Volume Shadow Copy NTDS.dit Domain Hashes Remotely - Part 1

New Methods in Automated XSS Detection & Dynamic Exploit Creation

Windows 10 Sandboxed Mount Reparse Point Creation Mitigation Bypass (MS15-111)

病毒分析工具 ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

恶意工具 Akamai Reflective DDoS Tool

10.15-------------------------------------------------------------------

P2P金融安全之来自运营商的恶意

SOME攻击

Advanced WiFi Attacks Using Commodity Hardware

NSA’s VPN decryption infrastructure

ICMP Tunnels – A Case Study

Hack In the Box GSEC

Current State of Android Privilege Escalation

list of Open Source Fuzzers

仅用三个弱口令入侵了全球2万台主机的蠕虫-TruSSH Worm

书安-第二期

Android Application Security Series

每日安全动态推送

"OS X Security: Defense in Depth" introduced System Integrity Protection(需要登录google).

Injection on Steroids: Codeless code injection and 0-day techniques

HTTP Evasions Explained (Part 5)- GZip Compression

Thwarting Memory Disclosure Attacks using Destructive Code Reads

OS X Security - Defense in depth

CVE-2015-2552:Windows 8+ - Trusted Boot Bypass

Linux System Account SSH Weak Password Detection Automatic By System API

工具 PSRecon

【PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally。】

安卓工具 Android Vulnerabilities Database

病毒工具 a more complex ransomware-like file crypter kit

密码工具 Pipal, THE password analyser

xss工具 the XSS filter regex for IE11

xss工具 the XSS filter regex for Edge

honeypot工具 A powershell script for creating a Windows honeyport.

搜索引擎工具 Censys

防火墙工具 VisualFirewall/IDS

CMS扫描工具 CMSFuzz

【1: Wordpress、2: Cold Fusion、3: Drupal、4: Joomla、5: PHP-Nuke、6: Magento、7: Sharepoint、8: Common PHP Files、9: Look for backup files、10: Apache Default Files、11: IIS Default Files、12: Miscellaneous Files (SVN, robots, etc).】

工具 SprayWMI – Mass WMI Pwnage

10.14-------------------------------------------------------------------

Windows Exploit Suggester – An Easy Way to Find and Exploit Windows Vulnerabilities

WMI Offense,defense & forensics

microsoft-edge-browser-forensics-exploring-project-spartan

On (OAuth) token hijacks for fun and profit part #2 (Microsoft/xxx integration)

《财经》专稿| 支付宝出现“幽灵账户”

每日安全动态推送

病毒分析工具 INetSim

【a software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behaviour of unknown malware samples.】

病毒分析工具 FakeNet

【 a tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware’s network activity from within a safe environment.】

工具 PowerLoaderEx - Advanced Code Injection Technique for x32 / x64

工具 capstone

【Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community.】

病毒分析工具 List of scripts used for malware analysis

病毒工具 Atheme IRC Services

10.13-------------------------------------------------------------------

Linux Forensics(for Non-Linux Folks)

a couple examples of backdoor delivery

Facebook XXE attack

CVE-2015-3036 - NetUSB Remote Code Execution exploit

ISC2015公开PPT

Trojan-LockScreen.OJ - Don't pay the ransom, just enable the "show hidden files" option

每日安全动态推送

2015第三季度云盾互联网DDoS状态和趋势报告

域渗透的金之钥匙

GrrCON 2015 Videos

Reverse engineering hardware for software reversers: Studying an encrypted external HDD

Automated Testing with go-fuzz

Abusing Apple's Continuity feature to dial from phone, send sms, create a covert audio record channel etc

内网工具 smbXplode : Bash alternative for Metasploit psexec module + automating credential harvesting

工具 NSA SHARKSEER Program Zero-Day Net Defense Presentation

【Detects and mitigates web-based malware Zero-Day and Advanced Persistent Threats using COTS technology by leveraging, dynamically producing, and enhancing global threat knowledge to rapidly protect the networks.】

fuzz工具 Automated Testing with go-fuzz

病毒分析工具 Malheur-A novel tool for malware analysis

10.12-------------------------------------------------------------------

Once upon a RAT: the story of Social RitB (RAT-in-the-Browser)

A Rat in the Browser

Now at the Sands Casino: An Iranian Hacker in Every Server

MySQL OOB injections

Hardware-Security议题

NUKE同学收集的国外开源威胁情报资源相关网站

HTML 5 APIs 是如何跟踪用户轨迹的

cobaltstrike视频

每日安全动态推送

Deep Learning II

Smashing the stack for fun and profit (Linux & Win*)

brucon 2015 视频

Comparison of Windows 10 Privacy tools

toolsmith: There Is No Privacy - Hook Analyser vs. Hacking Team

病毒工具 Linux Wifatch Malware Source code

工具 A regex based source code scanner.

钓鱼工具 gophish:Open-Source Phishing Toolkit

信息收集工具 theHarvester:E-mail, subdomain and people names harvester

Yara规则生成工具 A Yara Bulk Rule Generator

wifi工具 wifiphisher:Automated phishing attacks against WiFi networks

工具 artillery

【The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.】

信息收集工具 SpiderFoot:the open source footprinting and intelligence-gathering tool.

工具 VoIP pentesting framework written using Node powers.

信息收集工具 Tools for harvesting email addresses for phishing attacks

病毒工具 Generate-Macro:generate a malicious Microsoft Office document with a specified payload and persistence method

工具 crits:Collaborative Research Into Threats

【not only serves as a repository for attack data and malware, but also provides analysts with a powerful platform for conducting malware analyses, correlating malware, and for targeting data.】

取证工具 mig:Distributed & real time digital forensics at the speed of the cloud

内网工具 AD Password Auditing - Tools and Tutorial - NTDSutil, VSSAdmin, NTDSXtract, LibEseDb, John the Ripper

工具 Real netcat source code

工具 Collaborative Penetration Test and Vulnerability Management Platform

工具 Network Security Toolkit: NST

10.11-------------------------------------------------------------------

Creating a BitTorrent client in Haskell

JavaScript Redirecting to PUPs from WordPress

Instrumenting Android Applications with Frida

playing with facebook<->microsoft,youtube,nest,vimeo and parse oauth

when-elf-billgates-met-windows

Whitepaper: Writing Cisco IOS Rootkits

工具 Secure Socket Funneling (SSF) is a network tool and toolkit.

【It provides simple and efficient ways to forward data from multiple sockets (TCP or UDP) through a single secure TLS link to a remote computer.】

honeypot工具 TCP attack inquisitor and 0-day catcher

工具 Pentest Box: a Portable Penetration Testing Distribution for Windows Environments

XSS Payloads工具 XSS Payloads

病毒工具 A cross platform malware development framework

内网工具 dnsftp-Client/Server scripts to transfer files over DNS

10.10-------------------------------------------------------------------

Fitness Tracker: Hack In Progress

HTML5 ZERO CONFIGURATION COVERT CHANNELS: SECURITY RISKS AND CHALLENGES

webshell检测-日志分析

Detection of APT Malware through External and Internal Network Traffic Correlation

INDETECTABLES RAT

TOR BROWSER FORENSICS ON WINDOWS OS

Android Security Symposium

支付宝实名认证的惊天漏洞,还原整个事件过程,以及支付宝客服的处理手段,恳请各大媒体给予帮助

【登录支付宝 -> 账户管理 -> 账户设置 -> 实名账户,看看自己的账号和信息有被恶意利用没有】

poc Joomla! CMS 3.4.3 Cross Site Scripting Vulnerability

poc Drupal 8.0.0 Beta 14 Cross Site Scripting Vulnerability

每日安全动态推送

shell工具 NTP_Trojan

【Reverse NTP remote access trojan in python, for penetration testers】

shell工具 Reverse_HTTPS_Bot

【A python based https remote access trojan for penetration testing】

shell工具 Reverse_SSH_Shell

【A reverse ssh shell written in python, intended for penetration testers to use as a covert channel on windows】

shell工具 Reverse_DNS_Shell

【A python reverse shell that uses DNS as the c2 channel】

内网穿透工具 reGeorg

取证工具 Active Directory forensic framework

病毒工具 A framework for creating modular bots/backdoors

wifi工具 Inject code, jam wifi, and spy on wifi users


评论


回复内容内容丢失了好多。。。。。。。
来自啊啊啊啊(2015-10-27 11:46:23)
回复内容k4CfWe <a href="http://iafrbevwpsjv.com/">iafrbevwpsjv</a>, [url=http://rpojruccmuof.com/]rpojruccmuof[/url], [link=http://wowqrxhoowjb.com/]wowqrxhoowjb[/link], http://mhglgjvkozgl.com/
来自yphnxcldp(2017-09-19 11:13:10)
回复内容oOvgqh <a href="http://xnutpuenszzz.com/">xnutpuenszzz</a>, [url=http://gygswhispcyo.com/]gygswhispcyo[/url], [link=http://xuilhztifogm.com/]xuilhztifogm[/link], http://kpjlljkhlsio.com/
来自urmvxhf(2017-12-06 19:38:11)
回复内容yCWc1q <a href="http://gmcvobwgidtc.com/">gmcvobwgidtc</a>, [url=http://dalhbxomviur.com/]dalhbxomviur[/url], [link=http://bkuyvychseet.com/]bkuyvychseet[/link], http://bnsyjmipkuog.com/
来自ppdugc(2018-09-12 07:25:35)





来说点什么吧