14
1月

Tittle: 2018.1.16

0 作者:admin

运营商劫持加入挖矿大军 波及十余省辽宁重灾区

New KillDisk Variant Hits Financial Organizations in Latin America

malicious chrome extensions enable criminals to impact over half a million users and global businesses

Deep Dive: Investigating a Foothold & Uncovering the Payload

GitStack Unauthenticated Remote Code Execution

Shibboleth authentication bypass(CVE-2018-0486)

Slui File Handler Hijack UAC bypass (fileless) works from Windows 8 up to Windows 10 RS4 17074

CVE-2017-8890漏洞分析与利用(Root Android 7.x)

手把手教你复现office公式编辑器内的第三个漏洞

Abusing ADS (Alternate data streams) to bypass AppLocker

how to exploit a kernel NULL pointer dereference vulnerability on Windows 7 x64 and Windows 10 x32.

一次浏览器挖矿分析的意外发现

Meltdown and Spectre, explained

Debugger Data Model, Javascript & X64 Exception Handling(what is now possible with the Windbg&the time travel debugging tools)

2017 年度安全报告——勒索软件威胁

2017年度网络黑产威胁源研究报告

Apple官方文档-iOS 11安全性

SecWiki周刊(2018/01/08-2018/01/14)

挖洞技巧:信息泄露之总结

Hacking Facebook accounts using CSRF in Oculus-Facebook integration

Authentication Bypass on help.baaz.com

ユーザ入力を使った正規表現から生じるDOM based XSS

How I Was Able To See The Bounty Balance Of Any Bug Bounty Program In HackerOne

tools POC-Synology Photo Station <= 6.8.2-3461 (latest) SYNOPHOTO_Flickr_MultiUpload Race Condition File Write Remote Code Execution Vulnerability

tools POC-Oracle PeopleSoft 8.5x - Remote Code Execution

tools ShodanVulncheck:bash script to enumerate vulnerabilities on specific year through Shodan API

tools JByteMod:Java Bytecode Editor with control flow visualisation and inbuilt decompiler

tools icebreaker:Gets plaintext Active Directory credentials if you're on the internal network.

tools LLVM混淆器Hikari

tools censys-subdomain-finder:Perform subdomain enumeration using the certificate transparency logs from Censys.

tools security-code-scan:Static code analyzer for .NET


评论


当前没有评论,快来评论吧!





来说点什么吧