漏洞 Vulnerability
CVE-2019-11484:Ubuntu Whoopsie整数溢出漏洞分析
https://securitylab.github.com/research/ubuntu-whoopsie-CVE-2019-11484
飛鴿傳書 – 紅隊演練中的數位擄鴿——DEVCORE
https://devco.re/blog/2019/12/23/how-binary-dog-survives-in-web-world/
Apache Log4j SocketServer反序列化漏洞(CVE-2019-17571)风险提示
https://mp.weixin.qq.com/s/HKF-7LhFYFztJvSLS03V-g
CVE-2019-19844:django通过密码重置表单进行帐户劫持漏洞PoC
https://github.com/ryu22e/django_cve_2019_19844_poc/
CVE-2019-13272:linux 内核PTRACE_TRACEME 本地提权Poc,适配aarch64平台
https://github.com/jiayy/android_vuln_poc-exp/tree/master/EXP-CVE-2019-13272-aarch64
安全工具 Security Tools
rebirth:iOS实用的越狱框架,支持iOS11 – 11.3.1版本
https://github.com/hackerhouse-opensource/rebirth
安全报告 Security Report
CTF赛事设计指南
https://docs.google.com/document/d/1QBhColOjT8vVeyQxM1qNE-pczqeNSJiWOEiZQF2SSh8/preview
趋势科技对2020年的安全行业预测
https://documents.trendmicro.com/assets/rpt/rpt-the-new-norm-trend-micro-security-predictions-for-2020.pdf
安全研究 Security Research
利用Cutter patch 二进制文件的五种方法——Writeup
https://www.megabeets.net/5-ways-to-patch-binaries-with-cutter/
分析如何在Abis HD6000+ SMART 投影机中找到WAN远程代码执行漏洞
https://labs.f-secure.com/blog/hackin-around-the-christmas-tree
逆向分析Windows 的Handles, Callbacks和ObjectTypes——Part 1
https://rayanfam.com/topics/reversing-windows-internals-part1/
Microsoft Edge (Chromium) 新标签页XSS 到 RCE 漏洞分析
https://leucosite.com/Edge-Chromium-EoP-RCE/
RWCTF 2018 VMWare逃逸Writeup——Part1
https://nafod.net/blog/2019/12/21/station-escape-vmware-pwn.html
利用Intel PT追踪SMM(ring-2)的代码
https://sysenter-eip.github.io/intel_pt_smm
自动探测堆漏洞利用技术——Paper
https://arxiv.org/pdf/1903.00503.pdf
Exploit Spring Boot Actuator 之 Spring Cloud Env 学习笔记
https://mp.weixin.qq.com/s/rGRHb5IteCDAO6IMCwst3A
恶意软件 Malware
穷源溯流:KONNI APT组织伪装韩国Android聊天应用的攻击活动剖析
https://ti.qianxin.com/blog/articles/analysis-of-konni-apt-organization-attack-activities-disguised-as-korean-android-chat-application/
阿联酋社交应用 ToTok 被曝监控用户
https://objective-see.com/blog/blog_0x52.html
Gafgyt家族物联网僵尸网络家族分析
https://www.freebuf.com/articles/others-articles/222677.html
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论