20
11月

Tittle: 2017.11.21

0 作者:admin

SunOrcal Adds GitHub and Steganography to its Repertoire, Expands to Vietnam and Myanmar

Operation Blockbuster goes mobile: unit42 identifies cluster of malware samples targeting Samsung devices and Korean language speakers

Tracking Emotet payload: IcedID

Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks

New campaigns spread banking malware through Google Play

Analyzing KaiXin Exploit Kit

Shortcodes Ultimate <= 5.0.0 - Authenticated Contributor Code Execution

A bug abusing a TOCTOU in caching signing levels to run arbitrary executables with UMCI enabled

#1#Google Chrome: The details of the RCE vulnerabilities

#2#Google Chrome: The details of the RCE vulnerabilities

Mozilla Firefox: The details of the RCE vulnerability

A Sheep in Wolf’s Clothing – Finding RCE in HP’s Printer Fleet

Did Microsoft Just Manually Patch Their Equation Editor Executable? Why Yes, Yes They Did. (CVE-2017-11882)

Hunting for Credentials Dumping in Windows Environment

Application Whitelisting Bypass: mshta.exe

Command and Control - WMI

Fully undetectable backdooring PE files

using a scf file to gather hashes

Windows oneliners to download remote payload and execute arbitrary code

Alternative methods of becoming SYSTEM

Infrastructure PenTest Series : Part 2 - Vulnerability Analysis

MITM Attacks on HTTPS: Another Perspective

KernelMode Rootkits: Part 2, IRP hooks

iOS CTF for beginners

A big list of Android Hackerone disclosed reports and other resources.

SecWiki周刊(2017/11/13-2017/11/19)

Leading the Blind to Light! - A Chain to RCE

HackerOne H1-212 Capture the Flag Solution

tools CVE-2017-11882 stable PoC with calculator example.

tools poc of CVE-2017-8890(a dobule free vulnerability on android phone)

tools UAC bypasses using Windows access tokens

tools SocialEngineeringPayloads:This is a collection of social engineering tricks and payloads being used for credential theft and spear phishing attacks.

tools Tiny SHell - An open-source UNIX backdoor

tools DDEtector is a simple DDE object detector written in python

tools reverse-engineering:List of awesome reverse engineering resources

tools Excalibur is an Eternalblue exploit payload based "Powershell" for the Bashbunny project.

tools burp-molly-scanner:Turn your Burp suite into headless active web application vulnerability scanner

tools SG1 is a wanna be swiss army knife for data encryption, exfiltration and covert communication.


评论


当前没有评论,快来评论吧!





来说点什么吧