20
11月

Tittle: 2017.11.22

0 作者:admin

Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps

Here is a CVE-2017-11882 POC sample & report demonstrating the Equation Editor exploit to trigger a remote connection

Here is a fresh RTF sample using CVE 2017-11882,1 of 59 AV hits!

Android Malware Appears Linked to Lazarus Cybercrime Group

Analysis of the Linux/AES.DDoS malware targeting ARM devices (IoT, small routers)

Office 365 Advanced Threat Protection defense for corporate networks against recent Office exploit attacks

DblTek(深圳市得伯乐网关) Multiple Vulnerabilities

CVE-2017-11853: Windows Kernel stack memory disclosure in win32k!xxxSendMenuSelect (bypass kernel ASLR)

Linux内核漏洞可能导致特权升级分析(CVE-2017-1000112)

Android蓝牙远程命令执行漏洞利用实践: Exploit优化

Java 反序列化 Payload 之 JRE8u20

Lua程序逆向之Luajit文件格式

Security Implications of DTD Attacks Against a Wide Range of XML Parsers(2015)

"The Art of Fuzzing" with the demos (workflow with AFL&WinAFL, Taint Analysis, Reversing Tricks for Fuzzing, in-memory fuzzing, DynamoRio and much more!)

Examining the value of SafetyNet Attestation as an Application Integrity Security Control

OWASP Top 10 2017 final version

From Markdown to RCE in Atom

tools awvs_script_decode:解密好的AWVS10.5 data/script/目录下的脚本

tools 查询DNS解析记录

tools OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.


评论


当前没有评论,快来评论吧!





来说点什么吧