3
12月

Tittle: 2017.12.4

0 作者:admin

Notes on Linux/BillGates(Xor.DDoS, an interesting type of Linux malware)

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

CVE-2017-17053: Linux kernel LDT use after free

Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation

Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability

Exploiting Untrusted Objects through Deserialization: Analyzing 1 of 100+ HPE Bug Submissions

Fileless Code Injection in Word without macros (CVE-2017-11882)

Changing Phishing Tactics Require Closer User and Defender Attention

Reverse engineering the Intel FSP (A primer guide)

Understanding/Detecting Inline Hooks/ WinAPI Hooks (Ring3)

Data exfiltration with Metasploit: meterpreter DNS tunnel

Improving Function Coverage with Munch: A Hybrid Fuzzing and Directed Symbolic Execution Approach

VB2017 paper: Peering into spam botnets

How to Extract Content from VMDK Files

More than 40+ security incidents have been recorded in the Blockchain industry

terror of xml(日语)

XML External Entity – Beyond /etc/passwd (For Fun & Profit)

Obfuscating JavaScript(日语)

PHP Security Advent Calendar 2017 with 24 challenges

XXE OOB extracting via HTTP+FTP using single opened port

OS Command Injection; The Pain, The Gain

LFI to Command Execution: Deutche Telekom Bug Bounty

Tricky CORS Bypass in Yahoo! View

Yet Another Google Caja bypasses hat-trick

tools BurpUnlimited version 1.7.26 release 1.0

tools MesaLock Linux 是一个通用 Linux 发行版本,其目标是用 Rust、Go 等内存安全语言重写用户空间应用(user space applications),以在用户空间中逐步消除高危的内存安全漏洞

tools Spray:A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf)

tools LogonTracer:Investigate malicious Windows logon by visualizing and analyzing Windows event log

tools Tiredful API - An intentionally designed broken web application based on REST API

tools java-asm-obfuscator (jasmo):Obfuscates compiled java code to make it harder to reverse engineer.

tools gowitness - a golang, web screenshot utility using Chrome Headless

tools bucket-stream:Find interesting Amazon S3 Buckets by watching certificate transparency logs.

tools CALDERA is useful for defenders who want to generate real data that represents how an adversary would typically behave within their networks.

tools SCUTUM:Linux Automatic ARP (TCP / UDP / ICMP) Firewall

tools difuze:Fuzzer for Linux Kernel Drivers

tools apfs:Mount, dump and analyze APFS volumes and containers

tools TINFOLEAK:The most complete open-source tool for Twitter intelligence analysis

tools KernelExplorer:Memory Map Viewer including protected processes and actual data

tools M3UAScan:A Scanner for M3UA(MTP Level 3 (MTP3) User Adaptation Layer) protocol to detect Sigtran supporting nodes

tools findcrypt-yara:IDA pro plugin to find crypto constants (and more)

tools iSniff-GPS:Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices


评论


当前没有评论,快来评论吧!





来说点什么吧