Taint mode is now in beta
r2c.dev

静态代码分析工具 Semgrep 支持污点分析了 Jett • 3 hours ago

1   

Using Kerberos for Authentication Relay Attacks
Project Zero • Windows

Using Kerberos for Authentication Relay Attacks Jett • 3 hours ago

0   

Blog
www.pixiepointsecurity.com

CVE-2020-17087: Exploiting the CNG.sys IOCTL 0x390400 Pool Overflow Vulnerability Jett • 3 hours ago

0   

Description
github.com

Oversecured Vulnerable iOS App,一款存在多个安全漏洞的 iOS App,可以用于漏洞安全研究或检测工具的基准测试 Jett • 3 hours ago

0   

Integers
github.com • Tools

Google 开源的一套用于安全地处理整型数据的 C/C++ 库 Jett • 3 hours ago

0   

Writing Disassemblers for VM-based Obfuscators
synthesis.to

Writing Disassemblers for VM-based Obfuscators Jett • 3 hours ago

0   

Introducing ATT&CK v10: More Objects, Parity, and Features
medium.com

MITRE ATT&CK 框架更新 v10 版本 Jett • 3 hours ago

0   

Session 2A-Software Security 1: Fuzzing and Bug Finding
www.sigsac.org • Conference

下个月中旬将举办的 ACM CCS 2021 会议的议题列表 Jett • 3 hours ago

0   

2213 - Windows: IKEEXT AuthIP Unvalidated GSS_ID EoP - project-zero
bugs.chromium.org • Windows

Issue 2213: Windows: IKEEXT AuthIP Unvalidated GSS_ID EoP Jett • 3 hours ago

0   

Servers are overrated – Bypassing corporate proxies (ab)using serverless for fun and profit.
redteamer.tips

滥用云平台的 Serverless functions 实现 C2 流量代理 Jett • 4 hours ago

0   

Adversarial Attacks on ML Defense Models Competition
arxiv.org • Machine Learning

Adversarial Attacks on ML Defense Models Competition. lanying37 • 17 hours ago

0   

【漏洞分析】Oracle MySQL JDBC XXE漏洞(CVE-2021-2471)
mp.weixin.qq.com

【漏洞分析】Oracle MySQL JDBC XXE漏洞(CVE-2021-2471) lanying37 • 17 hours ago

0   

SuDump: Exploiting suid binaries through the kernel
alephsecurity.com • Linux

SuDump: Exploiting suid binaries through the kernel Jett • 1 day ago

0   

CVE-2020-27304 – RCE via Directory Traversal in CivetWeb HTTP server
jfrog.com

开源 CivetWeb HTTP Server 被发现路径穿越 RCE 漏洞(CVE-2020-27304) Jett • 1 day ago

0   

CVE-2021-42299: TPM Carte Blanche
github.com • Windows

Surface Pro 3 TPM 安全启动环境验证相关实现存在漏洞(CVE-2021-42299) Jett • 1 day ago

0   

Modifying the Acorn CLE-215+ FPGA into a PCILeech DMA attack device
blog.frizk.net • Tools

基于 Acorn CLE-215+ FPGA 构建一个低成本的 PCILeech DMA 攻击设备 Jett • 1 day ago

0   

Android Exploits 101 Workshop - YouTube
www.youtube.com

Project Zero 研究员 maddiestone 录制了一个 ”Android Exploits 101 Workshop“ 的视频 Jett • 1 day ago

0   

WinRAR’s vulnerable trialware: when free software isn’t free
swarm.ptsecurity.com

WinRAR 被发现了一个中间人劫持漏洞,成功利用可以实现 RCE。不过被劫持的链接是个 HTTPS 链接,无效证书会弹框 Jett • 1 day ago

0   

Utilizing Programmatic Identifiers (ProgIDs) for UAC Bypasses
v3ded.github.io • Windows

利用 FodHelper.exe 访问注册表的操作实现 UAC Bypass Jett • 1 day ago

0   

GitHub - T-head-Semi/openc910: OpenXuantie - OpenC910 Core
github.com

阿里开源的 OpenXuantie OpenC910 Core 的代码 Jett • 1 day ago

0   

Tags

Tools Malware Windows Browser Vulnerability Web Android Attack iOS Linux Pentest Conference macOS Network IoT Wireless Fuzzing Defend Reverse Engineering CTF Virtualization Crypto Data Breach Programming Machine Learning Firmware Report Forensics PoC Mitigation SCADA Backdoor Side Channel Threat Intelligence Hardware Blockchain Exploit Supply Chain Bug Bounty Privacy Power Analysis
Loading