22
2月

Tittle: 2018.2.25

0 作者:admin

Social engineering used to trick Facebook users into downloading Advanced Persistent Threat disguised as Kik Messenger app.

Avzhan DDoS bot dropped by Chinese drive-by attack

OMG: Mirai-based Bot Turns IoT Devices into Proxy Servers

OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan

Malicious RTF document leading to NetwiredRC and Quasar RAT

Cybercriminals exploited Telegram flaw to launch multipurpose attacks.

是谁悄悄偷走我的电(三):某在线广告网络公司案例分析

Google ChromeOS Printer Zeroconf Remote Code Execution Vulnerability (CVE-2017-15400)

pushing webkit's buttons with a mobile pwn2own exploit

mobile pwn2own 2017:A quick PoC for Google Chrome V8 Function Deoptimization Isolate Control Vulnerability

Trend Micro Email Encryption Gateway Multiple Vulnerabilities

宝贝和互联网的故事:当婴儿监控器不再安全

The Road to NoMachine privilege escalation or denial of service(CVE-2018-6947)

remote code execution (cve-2018-5767) walkthrough on tenda ac15 router

ASUS routers多个漏洞系列

New bypass and protection techniques for ASLR on Linux

Stealing data in a great style - how to use CSS to attack webapps

Scriptless Attacks - Stealing the Pie without touching the Sill(2012)

From heap to RIP: getting code execution from pure glibc heap mechanics

Hiding in plain sight: XXE Zeroday In HP Project and Portfolio Management Center Application

Remote Code Execution in IDA by double clicking string

Two Interesting Micropatches For 7-Zip (CVE-2017-17969 and CVE-2018-5996)

Mozilla Rhino 反序列化漏洞 POC 分析

使用x64dbg 分析 TIM2.0 QQ撤销功能

某租车系统JAVA代码审计

zzcms8.2 任意用户密码重置&del.php时间盲注

Finecms SQL注入漏洞 (CVE-2018-6893)

看我教你如何修改QQ安装包实现绕过QQ语音红包验证来领红包

linux一种无文件后门技巧

攻击LNMP架构Web应用的几个小Tricks

Logs injection or why is logs tailing unsafe

中间件安全-Tomcat安全测试概要

Java反序列化漏洞从入门到深入

The Windows 10 TH2 INT 2E mystery

.Net over .net – Breaking the Boundaries of the .Net Framework

LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE

APT事件收集分类

团队线下赛AWD writeup&Beescms_V4.0代码审计

H1-202 CTF - Writeup(Android Reverse Engineering & Web Exploitation)

How I Identified 93k Domain-Frontable CloudFront Domains

Persistent DOM-based XSS in help.twitter.com via localStorage

Hacking Tinder Accounts using Facebook Accountkit

Some nice Facebook write-ups

tools CSS-Keylogging:Chrome extension and Express server that exploits keylogging abilities of CSS.

tools EvilOSX:A pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX.

tools gitleaks:Searches full repo history for secrets and keys

tools FiOS - new iOS pentesting tool based on fridadotre

tools malware.one is a binary substring searchable malware catalog containing terabytes of malicious code.

tools UniByAv is a simple obfuscator that take raw shellcode and generate executable that are Anti-Virus friendly.

tools Stryker:It uses CPU-Z internal driver (version 1.41 as per CVE-2017-15303) to read/write into physical memory and read CPU control registers.

tools SubDomainSniper 1.1 中/英文版——企业资产查询工具子域名搜集


评论


当前没有评论,快来评论吧!





来说点什么吧