12
9月
疑似“海莲花”组织早期针对国内高校的攻击活动分析
OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
深入解析CVE-2018-5002漏洞利用技术
KRONOS/Osiris Banking Trojan Attack Report
LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company
首款集勒索、间谍、银行木马于一体的新型综合型 Android 病毒深度分析
利用ngrok传播样本挖矿
CVE-2018-5240: Symantec Management Agent (Altiris) Privilege Escalation
Comparing Our Micropatch With Microsoft's Official Patch For CVE-2018-8440
the security measures of the PS Vita, explain how I found the vulnerabilites, how I exploited them and how I bypassed the measures by using modern techniques.
Apple Safari & Microsoft Edge Browser Address Bar Spoofing - Writeup
Security Bugs in Practice: SSRF via Request Splitting(Node.js `http` module)
SVG Document ActiveX Alongside Microsoft Word Execution
Persistence using Universal Windows Platform apps (APPX)
The anatomy of a .NET malware dropper
XSS using quirky implementations of ACME http-01
How to use Google’s CSP Evaluator to bypass CSP
Office VBA + AMSI: Parting the veil on malicious macros
security issues related to storage and VMs for cloud services
Are BGPs security features working yet?
ISC会议PPT
Making the Facebook app more secure - $8500 bounty
tools POC for CVE-2018-8420(a remote code execution vulnerability in Microsoft XML Core Services MSXML)
tools another POC for CVE-2018-8420
tools POC for CVE-2018-4327
tools POC for Tor Browser 7.x NoScript bypass vulnerability
tools zeroday-powershell:A PowerShell example of the Windows zero day priv esc(Windows LPE exploit)
tools All open source projects from Google Project Zero
tools beebug is a tool that can be used to verify if a program crash could be exploitable.
tools textmate-yara:VSCode extension for the YARA pattern matching language