23
4月

Tittle: 2018.4.24

0 作者:admin

New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia

Energetic Bear/Crouching Yeti(APT): attacks on servers

Monero-Mining RETADUP Worm Goes Polymorphic, Gets an AutoHotKey Variant

a new mining campaign affecting systems in India, Indonesia, Vietnam and several other countries that was tied to Bitvote

“top urgent//: request for quotaion” malspam leads to cve-2017-11882/possible remcos infection

双枪2木马驱动分析报告

吃鸡辅助远控木马分析

Exploiting CVE-2018-1038 - Total Meltdown

tools Working, real exploit for TotalMeltdown which spawns cmd.exe as SYSTEM from non-admin user

Fusée Gelée, a coldboot vulnerability that allows full, unauthenticated arbitrary code execution from an early bootROM context via Tegra Recovery Mode (RCM) on NVIDIA's Tegra line of embedded processors.

tools fusee-launcher:ReSwitched's work-in-progress launcher for one of the Tegra X1 bootROM exploits

HooToo TripMate Routers are Cute But Insecure

new Unlaunch.dsi bootcode exploit

ShofEL2, a Tegra X1 and Nintendo Switch exploit

Go语言任意代码执行漏洞分析(CVE-2018-6574)

利用一个竞态漏洞root三星s8的方法

A bunch of Red Pills: VMware Escapes(Pwn2Own 2017)

从 CVE-2016-0165 说起:分析、利用和检测(上)

从 CVE-2016-0165 说起:分析、利用和检测(中)

从 CVE-2016-0165 说起:分析、利用和检测(下)

Running system commands through Nvidia signed binaries

Loading Kernel Shellcode(It uses a custom kernel driver to load and execute Windows kernel shellcode)

tools flare-kscldr:FLARE Shellcode Loader

Reversing Ethereum Smart Contracts: Part 2

静态分析一款锁首的RootKit样本

Spoofing Cell Networks with a USB to VGA Adapter

Abusing MySQL LOCAL INFILE to read client files

JWT common pitfalls, attacks, and mitigations

基于Service Worker 的XSS攻击面拓展

SecWiki周刊(2018/04/16-2018/04/22)

DOM Based Cross-Site Scripting in Google VRView library

Postmessage vulnerability in LinkedIn

DDCTF 2018 Android WriteUp

tools WHP - Microsoft Windows Hacking Pack

tools credgrap_ie_edge:Extract stored credentials from Internet Explorer and Edge

nx-hbexploit300-obf:Homebrew exploit for 3.0.0 (source code, historical purposes)

tools instant-gnuradio:A customizable, programmatically generated VM and live environment for GNU Radio.

tools pico.js: a face-detection library in 200 lines of JavaScript


评论


当前没有评论,快来评论吧!





来说点什么吧