18
3月

Tittle: 2018.3.19

0 作者:admin

Taking down Gooligan(Android OAuth stealing botnet): part 1 — overview

Somebody’s watching! When cameras are more than just ‘smart’

Squirrelmail directory traversal vulnerability allows exfiltrating files from server

The security footgun in etcd

Master password in Firefox or Thunderbird? Do not bother!

CVE-2017-0135漏洞分析:利用Edge浏览器的XSS过滤器绕过CSP

/sbin/dhclient Ubuntu AppArmor profile bypass

jfinal 急速开发框架分析与挖掘

Node.js postgres 从 SQL注入到代码执行(2017)

Exploiting Eternalblue for shell with Empire & Msfconsole

Forensic Acquisition Of Solid State Drives With Open Source Tools

the iPhone 7 10.0 / 10.1 KTRR bypass fully-atomic and thread-safe ROP chain

Active Directory as a C2 (Command & Control)

VHD to Domain Admin

判断浏览器控制台是否打开(Chrome 65 做了一次更新,之前的方法失效了,这次利用样式输出“%c”)

RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation(2017)

Cracking Aigo Chinese Encrypted External Hard Drive (Part 1)

Cracking Aigo Chinese Encrypted External Hard Drive (Part 2)

Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity(2017)

Advanced Incident Detection and Threat Hunting using Sysmon(and Splunk)(2016)

Attack & Detection:Hunting In-Memory Adversaries with Rekall and WinPmem(2015)

Investigating PowerShell Attacks(2014)

2017年百度安全技术精选

Cisco 2018 Annual Cybersecurity Report

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Stored XSSes in Facebook wall by embedding an external video with Open Graph.

Uncovering a Bug in Cloudflare's Minification Service

tools The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection.

tools Pyrate:Practice Web App written in python with some vulnerabilities.

tools Shellcode-Via-HTA:Execute Shellcode via HTA

tools deplug:Next generation packet analyzer (WIP) (formerly Dripcap)

tools SAP-Dissection-plug-in-for-Wireshark:This Wireshark plugin provides dissection on SAP's NI, Message Server, Router, Diag and Enqueue protocols.

tools s3-inspector:Tool to check AWS S3 bucket permissions

tools Tokenvator, A tool to elevate privilege with Windows Tokens

tools OCRs screenshots and makes them searchable from spotlight

tools firepwd.py, an open source tool to decrypt Mozilla protected passwords https://github.com/lclevy/firepwd

tools chinese-independent-developer:中国独立开发者项目列表 -- 分享大家都在做什么


评论


当前没有评论,快来评论吧!





来说点什么吧