23
3月

Tittle: 2018.3.24

0 作者:admin

威胁快讯:一个Redis.Miner

GhostMiner: Cryptomining Malware Goes Fileless

Targeted Attacks on South Korean Organizations-Attacks Using Local Word Processor

OilRig is Back with Next-Generation Tools and Techniques

Watering Hole Attack on Leading Hong Kong Telecom Site Exploiting Flash Flaw (CVE-2018-4878)

Joomla SIGE(a Joomla CMS gallery plugin):Persistent XSS via image metadata

everytime you upload a malware-Online Sandboxing Services As a Data Exfiltration Intermediary

某内容管理系统的几点有趣问题

记一次腾讯SDK源代码审计后的CSRF攻击

Cure53's Chinese new Year XSS challenge 2018 shortest solution

Reverse Engineering Musical.y/Live.ly Android apps (part 1).

Vshadow: Abusing the Volume Shadow Service for Evasion, Persistence, and Active Directory Database Extraction

Deep Hooks : Monitoring Native Execution in WOw64 Applications (Part 1)

Deep Hooks : Monitoring Native Execution in WOw64 Applications (Part 2)

DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques

tools Invoke-DOSfuscation:Cmd.exe Command Obfuscation Generator & Detection Test Harness

VirtualBox hacking-a close look at desktop hypervisor

Attack Infrastructure Logging – Part 1: Logging Server Setup

A technique to evade Sandboxes by identifying real user behaviour in a short and reliable way.

Using Frida to Bypass Snapchat’s Certificate Pinning

Single Trace Attack Against RSA Key Generation in Intel SGX SSL

#blackhat asia-18#Synthetic Reality: Breaking macOS One Click at a Time

#blackhat asia-18#A New Method to Bypass 64-bit Linux ASLR

#blackhat asia-18#UbootKit: a Worm Attack for the Bootloader of IoT Devices

#blackhat asia-18#All Your Payment Tokens Are Mine: Vulnerabilities of Mobile Payment Systems

#blackhat asia-18#AES Wireless Keyboard- Template Attack for Eavesdropping

Docker安全实践探索

how to add a module in mimikatz?

KVA Shadow: Mitigating Meltdown on Windows

Ethereum VM (EVM) Opcodes and Instruction Reference

Ethereum smart contract vulnerability top 10

Visualizing Attack Trees

GoldHouse-for-iOS:iOS开发文档

0Research weekly report includes the latest publicly posted exploits, IP addresses of honeypot attackers, credit card dump statistics, and account dump statistics.

tools not-so-smart-contracts:This repository contains examples of common Ethereum smart contract vulnerabilities, including code from real smart contracts.

tools ethersplay:EVM(Ethereum VM) dissassembler and related analysis tools.

tools APT2 - An Automated Penetration Testing Toolkit

tools ida_kernelcache: An IDA Toolkit for analyzing iOS kernelcaches

tools iCloudBrutter is a simple python (3.x) script to perform basic bruteforce attack againts AppleID.

tools W64.Senshi.A - a direct action file infector of PE exe files, using a new EPO technique: hooking Control Flow Guard

tools qr-filetransfer:Transfer files over wifi from your computer to your mobile device by scanning a QR code without leaving the terminal.

tools Covnavi: Code coverage navigation & analysis

tools afl-pin:run AFL with pintool

tools rf-jam-replay:Jam and replay attack on vehicle keyless entry systems.


评论


当前没有评论,快来评论吧!





来说点什么吧