漏洞 Vulnerability
iOS上默认的Mail应用程序MobileMail / Maild 0-click漏洞分析
https://blog.zecops.com/vulnerabilities/youve-got-0-click-mail/
Microsoft Teams中的帐户接管漏洞,利用恶意的GIF可导致子域接管
https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/
Open-AudIT v3.3.1 远程命令执行漏洞分析 (CVE-2020-12078)
https://shells.systems/open-audit-v3-3-1-remote-command-execution-cve-2020-12078/
CVE-2019-2215:android内核binder漏洞利用exp,绕过 DAC + SELinux + Knox/RKP
https://github.com/chompie1337/s8_2019_2215_poc/
安全工具 Security Tools
fs-fuzzer:文件系统fuzz框架
https://github.com/0xricksanchez/fs-fuzzer
LARRYCHATTER:模仿APT-29制作的通过Twitter隐藏C2的工具
https://github.com/slaeryan/LARRYCHATTER
安全资讯 Security Information
之前Github公开的L33terman6000/CVE-2020–0796 假利用脚本,作者声称为蜜罐实验,并做了解释
https://medium.com/@curtbraz/exploiting-the-exploiters-46fd0d620fd8
安全研究 Security Research
HITB 会议演讲议题线上视频Day1~2——Youtube
https://www.youtube.com/results?search_query=HITB+Lockdown+Livestream+Day
nmap 常用命令top32
https://www.cyberciti.biz/networking/nmap-command-examples-tutorials/
hitb 会议公开部分议题的Slide
https://conference.hitb.org/hitblockdown/materials/
Patchguard 对虚拟机环境检测分析 Part1-2
https://revers.engineering/patchguard-detection-of-hypervisor-based-instrospection-p1/
Windows 10 x64上的内存分页介绍
https://connormcgarr.github.io/paging/
CVE-2018-8611:Windows 内核事务管理器(KTM)条件竞争漏洞提权分析 Part 1/5
https://research.nccgroup.com/2020/04/27/cve-2018-8611-exploiting-windows-ktm-part-1-5-introduction/
VirtualBox USB 模块堆越界读写,或可造成虚拟机逃逸
https://paper.seebug.org/1188/
Java反序列化系列 ysoserial Hibernate1
https://mp.weixin.qq.com/s/O1ay4BHiyPBkotNIgDQ6Kg
恶意软件 Malware
Nazar APT 分析,内附演讲视频
https://www.epicturla.com/blog/the-lost-nazar
MMCore针对南亚地区的攻击活动分析
https://www.freebuf.com/articles/network/234483.html
LeetHozer Botnet分析报告
https://blog.netlab.360.com/the-leethozer-botnet/
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论