
4
9月
Struts2 S2-052 RCE分析与利用
Using QL to find a remote code execution vulnerability in Apache Struts (CVE-2017-9805)
poc
WiseGiga NAS Multiple Vulnerabilities
Graftor - But I Never Asked for This
Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 1) - Breaking Malware
DIY Spy Program: Abusing Apple’s Call Relay Protocol
Hunting AdwindRAT with SSL Heuristics
High Sierra's 'Secure Kernel Extension Loading' is Broken-a new 'security' feature in macOS 10.13, is trivial to bypass
Re-enjoying the ActiveX (and others) Fun in Chinese Customized Browsers
use APC only to inject code into remote process,no other API is used/required
Abusing A Writable Windows Service
DLL Injection with SetThreadContext
Analyzing Malicious Documents Cheat Sheet
Mastercard Internet Gateway Service: Hashing Design Flaw
Indistinguishable Predicates: A New Tool for Obfuscation
learn how to dump a flash chip
ToorCon 19 - 2017 会议视频
发现微博图片可以链接找到发图的人
从无到有通过ISO27001认证-建设篇
渗透测试学习笔记之案例四
The Grave Accent ` and XSS
tools Malware source code database
tools Cobra-源代码安全审计v2.0 Alpha版本发布
tools 一些Linux、Solaris、AIX、Oracle、MySQL等的漏洞利用脚本
tools RemoteRecon provides the ability to execute post-exploitation capabilities against a remote host, without having to expose your complete toolkit/agent.
tools LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry.