22
10月

Tittle: 2017.10.24

0 作者:admin

ZTE ZXR10 Router Multiple Vulnerabilities

The DUHK (Don't Use Hard-coded Keys) Attack is a vulnerability that affects devices using the ANSI X9.31 Random Number Generator (RNG) in conjunction with a hard-coded seed key.

LokiBot - the first hybrid Android malware targeting 119 (banking) apps

Fake cryptocurrency trading apps on Google Play

Analysis of Linux.Helios(a new malware variant for Linux and IoT architectures)

窃私病毒染指社交软件,安天移动安全与猎豹联合披露

正则表达式基础库源码审计与漏洞分析

MSWord script injection using DDE

MSWord - Obfuscation with Field Codes

无线网络(WI-FI)保护协议标准WPA2漏洞综合分析报告

A curious case of broken DNS responses

How to use MS17-010 in MSF and grab the DA without blue screening the target

SharpHound: Technical Details

Malicious use of Microsoft LAPS:“Local Administrator Password Solution”

Combining S2E and Kaitai Struct for "targeted" symbolic execution of file parsers

SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits

Defending Against PowerShell Attacks: Building the ultimate attacker honeypot

Secure Mobile Development Best Practices

SecWiki周刊(2017/10/16-2017/10/22)

Reverse Engineering an Integrated Circuit for Pwn2Win 2017 CTF

tools docker-onion-nmap:Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

tools Mobile X-Ray:Free online service to audit iOS or Android apps for OWASP Mobile Top 10 and other vulnerabilities

tools OSXFuzz:macOS 10.13 kernel fuzzer using multiple different methods.

tools r2-ggpack:Suite of radare2 plugins to read and manipulate the ggpack data files

tools reflector:Burp plugin able to find reflected XSS on page in real-time while browsing on site


评论


当前没有评论,快来评论吧!





来说点什么吧