12
10月
Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra
PDF Phishing Leads to Nanocore RAT, Targets French Nationals
新型IoT机顶盒恶意软件Rowdy网络分析报告
Disassembler and Runtime Analysis
Outlook Home Page – Another Ruler Vector(CVE-2017-11774 shell Outlook via the home page)
New Office 0day (CVE-2017-11826)样本
Who Watch BIOS Watchers?-about known bypasses of Intel Boot Guard + new UEFITool with IBB validation
Remote Code Execution on a Travel Router
Detecting BadBIOS, Evil Maids, Bootkits, and Other Firmware Malware
How to Uninstall Carrier/OEM Bloatware Without Root Access
The State of Kernel Self-Protection
IP Accounting and Access Lists with systemd
深度学习在安全领域的paper
A curated list of awesome adversarial machine learning resources
Bypassing CSRF tokens with Python’s CGIHTTPServer to exploit SQL injections
Typecho SSRF Analysis and Exploit
Yahoo Bug Bounty: Exploiting OAuth Misconfiguration To Takeover Flickr Accounts
tools gifoeb:exploit for ImageMagick's uninitialized memory disclosure in gif coder(CVE-2017-15277)
tools AppleTrace:Trace tool for iOS/macOS (similar to systrace for Android)
tools DependencyCheck OWASP出品,一款检查Java相关库缺陷的工具,用于查找依赖库中已存在的公开漏洞,支持Maven,gradle,jenkins,ant等打包方式
tools ThreatHunter-Playbook:A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
tools Autorize - Automatic authorization enforcement detection extension for burp suite
tools OnePlus OPDeviceManager application source code
tools clrinject:Injects C# EXE or DLL Assembly into every CLR runtime and AppDomain of another process.
tools Pause-Process:PowerShell script which allows pausing\unpausing Win32/64 exes
tools The Gluon API specification is an effort to improve speed, flexibility, and accessibility of deep learning technology for all developers, regardless of their deep learning framework of choice.