24
5月

Tittle: 2017.5.25

0 作者:admin

Samba远程代码执行漏洞(CVE-2017-7494)分析

Operation Cobalt Kitty: A large-scale APT in Asia carried out by the OceanLotus Group

Exploiting a V8 OOB write.

Analyzing Rig Exploit Kit vol.3

Analysis of Emotet v4

Spotlight on Malware DGA Communication Technique

Reliable discovery and exploitation of Java deserialization vulnerabilities

Cryptographic Function Detection in Obfuscated Binaries via Bit-precise Symbolic Loop Mapping

Large Scale Crash Dump Analysis with SuperDump

Windows Kernel Pool Spraying

Understanding Pacemaker Systems Cybersecurity

ieee sp2017会议ppt

【 清单: 101.pdf How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles 106.pdf SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices 110.pdf SoK: Cryptographically Protected Database Search 117.pdf Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop 120.pdf XHOUND: Quantifying the Fingerprintability of Browser Extensions 121.pdf Cryptographic Function Detection in Obfuscated Binaries via Bit-precise Symbolic Loop Mapping 13.pdf IoT Goes Nuclear:Creating a ZigBee Chain Reaction 134.pdf One TPM to Bind Them All: Fixing TPM 2.0 for Provably Secure Anonymous Attestation 137.pdf Hijacking Bitcoin: Routing Attacks on Cryptocurrencies 142.pdf How to Learn Klingon Without a Dictionary:Detection and Measurement of Black Keywords Used by the Underground Economy 16.pdf Finding and Preventing Bugs in JavaScript Bindings 161.pdf Comparing the Usability of Cryptographic APIs 165.pdf SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit 166.pdf Under the Shadow of Sunshine: Understanding and Detecting Bulletproof Hosting on Legitimate Service Provider Networks 183.pdf Pyramid: Enhancing Selectivity in Big Data Protection with Count Featurization 191.pdf Implementing and Proving the TLS 1.3 Record Layer 20.pdf An Experimental Security Analysis of an Industrial Robot Controller 201.pdf CoSMeDis: A Distributed Social Media Platform with Formally Verified Confidentiality Guarantees 207.pdf The Password Reset MitM Attack 214.pdf Catena: Efficient Non-equivocation via Bitcoin 220.pdf Backward-Bounded DSE:Targeting Infeasibility Questions on Obfuscated Codes? 226.pdf SysPal: System-guided Pattern Locks for Android 228.pdf Multi-touch Authentication Using Hand Geometry and Behavioral Information 231.pdf SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations 234.pdf Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate 258.pdf From trash to treasure: timing-sensitive garbage collection 278.pdf The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences 290.pdf IKP: Turning a PKI Around with Decentralized Automated Incentives 313.pdf Membership Inference Attacks Against Machine Learning Models 324.pdf A Framework for Universally Composable Diffie-Hellman Key Exchange 349.pdf Identifying Personal DNA Methylation Profiles by Genotype Inference 373.pdf Is Interaction Necessary for Distributed Private Learning? 380.pdf To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild 390.pdf NEZHA: Efficient Domain-Independent Differential Testing 401.pdf Machine-Checked Proofs of Privacy for Electronic Voting Protocols 408.pdf Verifying and Synthesizing Constant-Resource Implementations with Types 409.pdf A Lustrum of Malware Network Communication: Evolution and Insights 413.pdf Scalable Bias-Resistant Distributed Randomness 414.pdf HVLearn: Automated Black-box Analysis of Hostname Verification in SSL/TLS Implementations 42.pdf Skyfire: Data-Driven Seed Generation for Fuzzing 429.pdf Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts 433.pdf Leakage-Abuse Attacks against Order-Revealing Encryption 449.pdf Side-Channel Attacks on Shared Search Indexes 466.pdf SecureML: A System for Scalable Privacy-Preserving Machine Learning 518.pdf Towards Evaluating the Robustness of Neural Networks 533.pdf Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks 536.pdf NORAX: Enabling Execute-Only Memory for COTS Binaries on AArch64 539.pdf Protecting Bare-metal Embedded Systems With Privilege Overlays 541.pdf Securing Augmented Reality Output 567.pdf CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers 579.pdf Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits 581.pdf vSQL: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases 586.pdf Augur: Internet-Wide Detection of Connectivity Disruptions 63.pdf IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks 64.pdf SoK: Exploiting Network Printers 7.pdf Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security 71.pdf VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery 84.pdf Obstacles to the Adoption of Secure Communication Tools 90.pdf Hardening Java’s Access Control by Abolishing Implicit Privilege Elevation 96.pdf Optimized Honest-Majority MPC for Malicious Adversaries - Breaking the 1 Billion-Gate Per Second Barrier 】

PDF - FDF UXSS via trusted document (spoiler - requires a click :/ )

tools AutoHookSpider:将自动爬虫的结果判断是否属于hooks,并不断抓取url爬啊爬。

tools backslash-powered-scanner:burp插件 JSON injection, server-side HPP, improved evidence clarity

tools KeychainCracker:macOS keychain cracking tool

fuzz工具 nezha: an evolutionary-based efficient and domain-independent differential fuzzing framework

蜜罐工具 honeytrap:a low-interaction honeypot

tools ForensicPosters:取证工具


评论


当前没有评论,快来评论吧!





来说点什么吧