I'm in your cloud... reading everyone's email. Hacking Azure AD via A…
www.slideshare.net • Attack

关于 Azure AD 的介绍以及如何从活动目录攻击 Azure AD Kiwi • 1 day ago

0

.NET高级代码审计(第四课) JavaScriptSerializer 反序列化漏洞
paper - Last paper • Vulnerability

.NET高级代码审计(第四课) JavaScriptSerializer 反序列化漏洞 Kiwi • 1 day ago

0

Bypassing AV (Windows Defender) ... the tedious way. - CyberGuider Information Technology Services Inc.
www.cyberguider.com • Windows Security Product

免杀绕过 Windows Defender 杀毒软件的技巧 Kiwi • 1 day ago

0

Kerberos (I): How does Kerberos work? - Theory - Tarlogic Security - Cyber Security and Ethical hacking
www.tarlogic.com • Protocol

Kerberos 协议工作原理介绍 Kiwi • 1 day ago

0

Windows Shellcoding x86 - Hunting Kernel32.dll - Part 1 - ScriptDotSh
scriptdotsh.com • Windows

Windows x86 Shellcode 开发 Part 1 - 寻找 kernel32.dll 地址 Kiwi • 1 day ago

0

From Workstation to Domain Admin: Why Secure Administration Isn't Secure and How to Fix It
www.troopers.de • Defend Pentest

从工作站到域管 - 活动目录安全管理中的攻与防 Kiwi • 1 day ago

0

There’s Something About Service Accounts
Active Directory Security • Defend

关于活动目录中的服务账户安全配置介绍 Kiwi • 1 day ago

0

Provadys Offensive Security Blog
offsec.provadys.com • Windows

对滥用 Windows 特权文件操作的研究 Kiwi • 1 day ago

0

Faction
www.factionc2.com • Tools

新型 C2 框架 Faction 介绍 Kiwi • 1 day ago

0

Remote command injection through an endpoint security product
Pen Test Partners • Security Product

终端安全防护产品 Heimdal Thor 远程命令注入漏洞详情披露 Kiwi • 1 day ago

0

Hacking microcontroller firmware through a USB
Securelist • Firmware

通过 USB 攻击 Cortex M0 微控制器固件 Kiwi • 1 day ago

0

Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability
tools.cisco.com • Vulnerability

Cisco IP 电话 7800 系列和 8800 系列存在 RCE 漏洞(CVE-2019-1716) Kiwi • 1 day ago

0

Part 1: Digging deep into LoadLibrary :: Up is Down and Black is White — n4r1b
n4r1b.netlify.com • Windows

深入分析 Windows API - LoadLibrary 的内部实现 Part 1 Kiwi • 1 day ago

0

Karta – Matching Open Sources in Binaries - Check Point Research
research.checkpoint.com • Tools

一款可以在二进制文件中匹配开源库的 IDA 插件。编辑点评:方法比较传统,结果分析上没有仔细验证误报问题。亮点是工程实现扎实,且有一些很好的技巧,部分缓解了方法本身的局限。从原理上说,传统方法的天花板在于无法很好地解决复杂编译优化的问题。近年来,学术界逐渐关注这个领域,引入了 Struc2Vec, Asm2Vec 等方法,取得了不错的进展。 Potato • 1 day ago

1

Zero-Day Stored XSS in Social Warfare
blog.sucuri.net • Web Security Popular Software

WordPress 插件 Social Warfare 被发现存储型 XSS 漏洞,7 万站点受影响 Kiwi • 1 day ago

0

CVE-2019-5786 Chrome 远程代码执行漏洞分析
paper - Last paper • Vulnerability

CVE-2019-5786 Chrome 远程代码执行漏洞分析 Kiwi • 2 days ago

0

Zero Day Initiative — Pwn2Own Vancouver 2019 - The Schedule and Live Results
www.zerodayinitiative.com • Challenges

Pwn2Own Vancouver 2019 前两日现场结果 Kiwi • 2 days ago

Pwn2Own 2019 比赛第一天的结果出来了,Richard Zhu 所在的 Fluoroacetate 团队成功攻破了 Safari 沙箱逃逸、Oracle VirtualBox 虚拟机逃逸、VMware Workstation 虚拟机逃逸,他们参加了所有的比赛项目,第三天还将有针对 Tesla Model 3 汽车的攻击,期待 Jett • 2 days ago

0

1747 - Microsoft Edge: Flash click2play bypass with CObjectElement::FinalCreateObject - project-zero - Monorail
bugs.chromium.org • Browser Vulnerability

Microsoft Edge 中的利用 CObjectElement::FinalCreateObject 绕过 Flash click2play 漏洞披露 Kiwi • 2 days ago

0

1754 - Chrome: UAF in MidiManagerWin - project-zero - Monorail
bugs.chromium.org • Browser

Chrome MidiManagerWin 中的 UAF 漏洞披露(CVE-2019-5789) Kiwi • 2 days ago

0

Development of a new Windows 10 KASLR Bypass (in One WinDBG Command)
www.offensive-security.com • Windows

寻找新的 Windows 10 KASLR 绕过(一行 WinDBG 命令实现) Kiwi • 2 days ago

0

Loading