15
5月

Tittle: 2018.5.16

0 作者:admin

A tale of two zero-days:Double zero-day vulnerabilities fused into one. A mysterious sample enables attackers to execute arbitrary code with the highest privileges on intended targets

New Bip Dharma Ransomware Variant Released

全能型俄罗斯挖矿木马,简直是木马界的十项全能

Multiple Adobe Acrobat Reader DC Vulnerabilities

Google Chrome V8 AwaitedPromise Update Vulnerability(CVE-2018-6106)

Windows: Token Process Trust SID Access Check Bypass EOP(CVE-2018-8134)

Beware of the Magic SpEL(L) – Part 1 (RCE with Spring Data Commons-CVE-2018-1273)

Spring Data Redis <=2.1.0反序列化漏洞

a rather dangerous feature that has been hiding in plain view in VBScript: Class_terminate. Several code exec bugs are covered, including one recently used in the wild.

HSTS Bypass Vulnerability in IE Preview(fixed in 2015)

BCH客户端Bitcoin-ABC 分叉漏洞分析

Windows Updates Broke Your Networking? Free Micropatches To The Rescue (CVE-2018-8174)

Nethammer is another Rowhammer attack via network packets.

CVE-2018-1000156:GNU Patch任意代码执行漏洞分析

Beyond S3: Exposed Resources on AWS

ObjC的符号/名称混淆的坑以及如何手动破坏符号表

Lateral Movement – WinRM

Hacking with Git

Reviewing Android Webviews fileAccess attack vectors.

Nginx Lua WAF通用绕过方法

Masato Kinugawa的7年赏金旅途

#DefCon-Beijing#UAC 0day All Day

#DefCon-Beijing#General ways to find and exploit directory traversals on Android

awesome-blockchain:区块链白皮书、书籍、交易所、币种、自媒体等资源汇总

rapid7 Quarterly Threat Report: 2018 Q1

2017 年我国互联网网络安全态势综述

强网杯拟态防御精英赛 WEB WP(easy_upload+firewall)

tools EXP of Linux privilege escalation exploiting via 'waitid'(CVE-2017-5123)

tools EXP poc of the WhatsApp DoS bug

tools invoke_evasion.sh:Small script to bypass AV that triggers Invoke-Mimikatz with shitty rules

tools linux_screenshot_xwindows:Volatility plugin to extract X screenshots from a memory dump

tools Pazuzu: Reflective DLL to run binaries from memory


评论


当前没有评论,快来评论吧!





来说点什么吧