7
1月
Malicious Document Targets Pyeongchang Olympics
The Emotet Grinch Is Back – with Triple PowerShell Gift Wrap
Concrete5 CMS SSRF漏洞
Escaping the edge sandbox
I’m harvesting credit card numbers and passwords from your site. Here’s how.(第三方恶意NPM模块的危害)
Improving the BMC RSCD RCE Exploit
Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts
一步一步PWN路由器系列文章
Apache Log4j 反序列化分析(CVE-2017-5645)
Database Reverse Engineering, Part 1: Introduction
Database Reverse Engineering, Part 2: Main Approaches
The journey of exploiting a Sharepoint vulnerability.
Setting up a DNS Firewall on steroids
OWASP Mobile Security Testing Guide
tools spec_poc_arm:Dump privileged ARM system registers from usermode using variant 3a of Meltdown
tools spectre-meltdown-poc:A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities
tools subdoc_inject.py: Tool to generate documents with a subdoc payload
tools sha1_gpu_nearcollisionattacks:the GPU CUDA code for the two SHA-1 freestart collision attacks and the SHAttered SHA-1 collision
tools sJET allows an easy exploitation of insecure configured JMX services.
tools SIPHijack.ps1:Bypasses digital signature verification checking.
tools reposcanner:Python script to scan Git repos for interesting strings
tools fuxploider:File upload vulnerability scanner and exploitation tool.
tools SwitchIDAProLoader:Nintendo Switch Binary loader for IDA Pro 7.0 (NRO, MOD, NSO)