30
5月

Tittle: 2017.5.31

0 作者:admin

Windows MsMpEng remotely exploitable UaF due to design issue in GC engine (CVE-2017-8540)

Linux kernel: stack buffer overflow with controlled payload in get_options() function

(CVE-2017-1000367) Privilege escalation flaw in sudo's get_process_ttyname()

MsMpEng: UAF via saved callers

Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution

Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11

TerraMaster NAS TOS <= 3.0.30 Unauthenticated RCE as Root

GhostButt - CVE-2017-8291利用分析

How Dirty COW (CVE-2016-5195) works under the hood from the kernel’s perspective

Split Tunnel SMTP Exploit Allows an Attacker to Inject Payloads Into Email Servers

AppLocker Bypass – MSBuild

Starting with Windows Kernel Exploitation – part 1 – setting up the lab

Breaking Out of Citrix and other Restricted Desktop Environments

Analysis of a Ford Sync Gen 1 Module

a book on heap exploitation is a guide to understanding the internals of glibc's heap.

PowerPoint and Custom Actions

Using PIN DBI for XOR interception

únicode is hard

a website for a clearer view of what conferences are happening all around the world.

HTTP For the Good or the Bad

Cross-origin brute-forcing of Github SAML and 2FA recovery codes

Pivoting from blind SSRF to RCE with HashiCorp Consul

XSS on any Shopify shop via abuse of the HTML5 structured clone algorithm in postMessage listener

Tiki-Wiki, sysPass XSS Filter Bypass

How I took control of your Twitter account (tweeting, viewing/deleting photos and other media)

tools impacket:focused on providing low-level programmatic access to the packets and for some protocols (for instance NMB, SMB1-3 and MS-DCERPC) the protocol implementation itself.

tools bypass_uac.ps1:script to bypass UAC on Vista+ assuming there exists one elevated process on the same desktop

tools PortEx:Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness

tools Windows x64 kernel shellcode for eternalblue exploit

tools MSbuild.exe TLS Tampering POC - Injects Login Form Into All TLS pages.

tools Free tools for auditing the security of an AWS account


评论


当前没有评论,快来评论吧!





来说点什么吧