18
12月

Tittle: 2017.12.20

0 作者:admin

ESTsecurity posted about the new activity of the Lazarus group. (Operation Coin Manager&韩语)

Travle aka PYLOT backdoor hits Russian-speaking targets

Simple type confusion bug in an Intel GPU COM service which is accessible from Edge LPAC + Chrome GPU. Shows how a type confused SAFEARRAY leads to arbitrary code execution.

VMware VNC Dynamic Resolution Request Code Execution Vulnerability(CVE-2017-4933)

VMware VNC Pointer Decode Code Execution Vulnerability(CVE-2017-4941)

Ruby NET::Ftp allows command injection in filenames(CVE-2017-17405)

Ichano AtHome(掌上看家) IP Cameras Multiple Vulnerabilities

a critical vulnerability that allows for a complete, silent man-in-the-middle of PGP traffic in Enigmail(Pentest-Report Enigmail by Cure53)

QNAP QTS未经认证的远程代码执行漏洞

Apache Groovy Deserialization: A Cunning Exploit Chain to Bypass a Patch

Apache Synapse远程命令执行漏洞分析(CVE-2017-15708)

A deep dive into the Internet Explorer COM object for attackers

Android Accessibility点击劫持攻防

Advanced SQL Server Man-in-the-Middle Attacks

Kernel debugging for newbies

InsecurePowerShell - PowerShell without System.Management.Automation.dll

The Invoke-Obfuscation Usage Guide :: Part 2

WIKI:Privilege Escalation

SecWiki周刊(2017/12/11-2017/12/17)

FIT 2018 PPT(q8ao)

the NetSPI SQL Injection Wiki

P4 to P2 - The story of one blind SSRF

Account Takeover Due to Misconfigured Login with Facebook/Google

tools Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

tools ropa - a GUI tool to craft ROP chains as easily as possible

tools Fuzzotron is a simple network fuzzer supporting TCP, UDP and multithreading.

tools alerting-detection-strategy-framework(ADS):A framework for developing alerting and detection strategies for incident response.

tools game-hacking:Tutorials, tools, and more as related to reverse engineering video games.

tools Joplin is an open-source, cross-platform Evernote replacement for Windows, MacOS, Linux, Android, iOS, and the command line.


评论


当前没有评论,快来评论吧!





来说点什么吧