6
2月

Tittle: 2018.2.8

0 作者:admin

Targeted Attacks In The Middle East

Is the LuminosityLink RAT dead? Unit42 looks into details on LuminosityLink's prevalence and capabilities

More than malspam: Unit42 researches how attackers use fraudulent accounts and the compromised infrastructures of legitimate businesses to deliver Hancitor malware

Google Chrome Widget Universal XSS Vulnerability + exploit (CVE-2017-5006)

ImageMagick GIF coder vulnerability leading to memory disclosure(CVE-2017-15277)

Several buffer overflow vulnerabilities in InfoZip Unzip might lead to arbitrary code execution or DoS

Multiple vulnerabilities in GeoVision IP cameras, multiple exploitable command injections, several stack overflows without exploits (but likely to be possible to exploit)

Local File Disclosure in Marked2( CVE-2018-6806)

Asuswrt RT-AC68U 华硕路由器文件删除漏洞 && 栈溢出

从补丁到漏洞分析 --记一次joomla漏洞应急

VBULLETIN 论坛定向攻击脚本分析

Python http.server和web.py的URL跳转漏洞实践

Django的Secret Key泄漏导致的命令执行实践

SOP Bypass using rel="noreferrer"

a session fixation vulnerability previously in Tomcat (CVE-2015-5346)

Crash 符号化 1. 基本流程与相关命令

Crash 符号化 2. symbolicatecrash 源码浅析与优化

Crash 符号化 3. Mach-O 与 atos

Java反序列化漏洞-玄铁重剑之CommonsCollection(下)

JSONP与CORS漏洞挖掘

pwnhub年前最后一战——“血月归来”writeup

Nice introduction of modern XSS/CSRF attacks

是谁悄悄偷走了我的电:利用DNSMon批量发现被挂挖矿代码的域名

Decrypting C&C traffic with Hypervisor based Inspection

登录抓包逆向分析学习笔记

how to fuzz GUI/GTK+ application with American Fuzzy Lop (AFL)

Internals of AFL fuzzer - QEMU Instrumentation

2017年度安全报告––应用漏洞

Shopify:Ability to bypass partner email confirmation to take over any store given an employee email($15,250)

Taking over Facebook accounts using Free Basics partner portal(:latex $)

Reflected XSS To Account Takeover in Cozy Cloud

ReelPhish: a two-factor phishing tool.

tools A List of Open Source Verification and Investigation Tools and Methods

tools iBoot leaked source code

tools StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.


评论


当前没有评论,快来评论吧!





来说点什么吧