20
12月

Tittle: 2017.12.21

0 作者:admin

Backdoor in Captcha Plugin Affects 300K WordPress Sites

North Korea Bitten by Bitcoin Bug-Financially motivated campaigns reveal new dimension of the Lazarus Group

Mining Insights: Infrastructure Analysis of Lazarus Group Attacks on the Cryptocurrency Industry

New version of mobile malware Catelites possibly linked to Cron cyber gang

CVE-2017-11882 Exploited to Deliver a Cracked Version of the Loki Infostealer

BrickerBot mod_plaintext Analysis

Malspam Distributing Ursnif (Gozi ISFB)

Windows Kernel ring-0 address leak via a double-write in NtQueryVirtualMemory(MemoryMappedFilenameInformation)

Popping a Cisco SDN controller with nothing but a static route! Here's the full story of CVE-2017-12262 in Cisco APIC-EM

invariantly exploitable input: an apple safari bug worth revisiting(CVE-2017-2354)

Google Chrome PDFium OpenJPEG Heap-based Buffer Overflow Vulnerability (CVE-2017-15408)

Reversing EVM bytecode with radare2

Kernel Hooking Basics

netstat without netstat - a few things learned while inside a restricted linux environment

Mac OS X and iOS Internals: To the Apple's Core (free book)

DOM XSS in Facebook Mobile Site(app-login)

tools DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel.

tools Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities.

tools ketshash:Script for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attacks, based on event viewer logs.

tools angrop - ROP gadget finder and chain builder. Based on angr.

tools WhatWaf is an advanced firewall detection tool who's goal is to give you the idea of "There's a WAF?".

tools Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level.

tools Samsung Internet Browser - SOP Bypass (Metasploit)


评论


当前没有评论,快来评论吧!





来说点什么吧