17
9月

Tittle: 2017.9.18

0 作者:admin

Deep Analysis of New Poison Ivy/PlugX Variant - Part II

UAC bypass via elevated .NET applications

a quick blog to give some background on the concept of full compromise without a shell

Cobalt Strike over external C2 – beacon home in the most obscure ways

Formal Approaches for Automatic Deobfuscation and Reverse-engineering of Protected Codes

AntiForensics techniques : Process hiding in Kernel Mode

Interesting Windows Messaging based evasion in DLL used in Targeted Attack on Belarus MOD

Enumerating process, thread, and image load notification callback routines in Windows

High-Level Approaches for Finding Vulnerabilities

Fuzzing the MSXML6 library with WinAFL

Xdebug: A Tiny Attack Surface

Firefox trusts PDF.JS so much, it disables the CSP. So find an XSS in PDF.JS and you get a CSP bypass for free

Android Hacking Event 2017 - All write-ups

HITB 2017 Writeup : SGX_Browser

Penetration Testing Flash Apps (aka "How to Cheat at Blackjack")

tools angularjs-csti-scanner:Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

tools Decoder-Improved:burp插件,扩展了burp的加密解密功能

tools pmacct is a small set of multi-purpose passive network monitoring tools

tools captive-browser:A dedicated Chrome instance to log into captive portals without messing with DNS settings.

tools Abrade is a coroutine-based web scraper suitable for querying the existence (a HEAD request) or the contents (a GET request) of a web resource with a sequential, numerical pattern.

tools Exploit toolkit CVE-2017-8759 - v1.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft .NET Framework RCE.

tools OS X Auditor is a free Mac OS X computer forensics tool

tools GayHub:一款强大的 GitHub 的 Chrome 扩展,优化 GitHub 的阅读体验。

tools hsp4:macOS kext for host_special_port(4) patch

tools yara-validator:Validates yara rules and tries to repair the broken ones.

tools JAADAS is a tool written in Java and Scala with the power of Soot to provide both interprocedure and intraprocedure static analysis for android applications.

tools macphish:Office for Mac Macro Payload Generator

tools o365recon(PowerShell) - use a single discovered cred to dump full o365 user list, group list, & group membership


评论


当前没有评论,快来评论吧!





来说点什么吧