Tittle: 2018.9.21

0 作者:admin


Increased Use of a Delphi Packer to Evade Malware Classification

The latest APT campaign, Operation Ghost Puppet(in Korean)

Vai Malandra: A Look Into The Lifecycle Of Brazilian Financial Malware: Part One

On the Trail of OSX.FairyTale | Adware Playing at Malware

Mass WordPress compromises redirect to tech support scams

Fake finance apps on Google Play target users from around the world

ASUSTOR NAS Devices Authentication Bypass

Write-up on HashWick vulnerability in V8 JavaScript engine (the one used by Chrome). Bug causes DoS.

Hunting mobile devices endpoints - the RF and the Hard way

Security and Protocol Exploit Analysis of the 5G Specifications

Java Bugs with and without Fuzzing - Using Kelinci and JQF AFL-based fuzzers to find several bugs in various Apache libraries

Why You Shouldn’t Store Sensitive Data in JavaScript Files

Local file inclusion at IKEA.com

Another XSS in Google Colaboratory

tools The CLIP OS project aims to build a secure, multi-level operating system, based on the Linux kernel and a lot of free and open source software.

tools SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.

tools libelfmaster:Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools

tools Malwoverview.py is a simple tool to perform an initial and quick triage on either a directory containing malware samples or a specific malware sample.

tools CAT(Central Application Tracking)是一个实时和接近全量的监控系统,它侧重于对Java应用的监控

tools Erays - Ethereum smart contract reverse engineering tool.