8
1月

Tittle: 2018.1.9

0 作者:admin

A North Korean Monero Cryptocurrency Miner

Word add-in persistence Sample uses the CVE-2017-11882 %temp% dropper method to %APPDATA%\Microsoft\word\startup\w.wll in the wild

Android: Inter-process munmap due to race condition in ashmem(CVE-2017-0412)

Google Chrome "CFFL_InteractiveFormFiller::OnBeforeKeyStroke()" Use-After-Free Vulnerability (CVE-2017-5127)

Windows: Local XPS Print Spooler Sandbox Escape(WontFix)

Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access(CVE-2017-18014)

Prevalent Threats Targeting Cuckoo Sandbox Detection and Our Mitigation

an excellent research on how to defeat AV self defense and use AV for privesc

Finding a CPU Design Bug in the Xbox 360

总结几种DDE攻击向量的生成方法

Detecting Spectre And Meltdown Using Hardware Performance Counters

Important information about Microsoft Meltdown CPU security fixes, antivirus vendors and you

A quirk of the x86 architecture allows userland processes to observe when they've been interrupted by an interrupt handler

KernelMode Rootkits: Part 3, kernel filters

Exploiting CVE-2016-4655 - Create Your Own iOS Jailbreak (Part 1) | Kernel Info-leak & KASLR Defeat(视频)

Android逆向之旅—Android中分析某短视频的数据请求加密协议(IDA静态分析SO)第三篇

Database Reverse Engineering, Part 3: Code Reuse, Conclusion

服务器端包含注入SSI分析总结

SecWiki周刊( 2018/01/01-2018/01/07)

facebook bug could have let advertisers get your phone number(5000$)

tools 玄武实验室推出在线检测浏览器CPU漏洞(Spectre)

tools meltdown-poc:A PoC implementation of the meltdown attack described in meltdownattack.com

tools Invoke-CradleCrafter is a remote download cradle generator and obfuscation framework

tools BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website.

tools JFS (JIT Fuzzing Solver) is an experimental constraint solver designed to investigate using coverage guided fuzzing as an incomplete strategy for solving boolean, BitVector, and floating-point constraints.

tools HELK:A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.

tools poc of Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution


评论


当前没有评论,快来评论吧!





来说点什么吧