Decoding Cobalt Strike Traffic
isc.sans.edu • Tools

使用Wireshark分析Cobalt Strike软件的攻击数据流量研究。 lanying37 • 4 hours ago

1   

Breaking ABUS Secvest internet-connected alarm systems (CVE-2020-28973)
eye.security

CVE-2020-28973:ABUS Secvest 无线报警系统的未鉴权漏洞。 potato • 7 hours ago

0   

Intezer - HabitsRAT Used to Target Linux and Windows Servers
www.intezer.com

HabitsRAT:Go 语言开发的 Windows Server 和 Linux 的后门软件。 potato • 7 hours ago

0   

CVE-2021-30481: Source engine remote code execution via game invites
secret.club

CVE-2021-30481:利用 Steamworks API 和 Source Engine,通过 Steam 邀请实现 RCE。 potato • 7 hours ago

0   

Hacking 3,000,000 apps at once through CocoaPods
justi.cz

CocoaPods Trunk 存在远程命令执行漏洞。 potato • 7 hours ago

0   

[PDF] https://arxiv.org/pdf/2003.05503.pdf
arxiv.org

Bypassing memory safety mechanisms through speculative control flow hijacks potato • 7 hours ago

0   

Analysis of Chromium issue 1196683, 1195777
iamelli0t.github.io • Browser

分析 Chromium issue 1196683 和 1195777,两个有关 v8 引擎的漏洞修复的 issue。 potato • 7 hours ago

0   

Thread and Process State Change
windows-internals.com

通过未公开的 API 挂起和恢复进程和线程绕过 EDR Hook 。 potato • 7 hours ago

0   

tmp.0ut
tmpout.sh

ELF 二进制文件的学习参考指南。 potato • 7 hours ago

0   

CVE-2020-9900 & CVE-2021-1786 - Abusing macOS Crash Reporter
theevilbit.github.io

探讨 CVE-2020-9900(本地提权) 和 CVE-2021-1786(任意文件删除)符号链接攻击的漏洞。 potato • 7 hours ago

0   

Tenet: A Trace Explorer for Reverse Engineers
RET2 Systems Blog • Tools

Tenet:IDA Pro 的插件,用于清晰的展示和探索被分析的程序执行状态。 potato • 7 hours ago

0   

Uncovering and Disclosing a Signature Spoofing Vulnerability in Windows Installer: CVE-2021-26413
sec.okta.com • Windows

CVE-2021-26413:Windows Installer 签名欺骗漏洞 potato • 7 hours ago

0   

Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day
www.fireeye.com

研究发现 APT 攻击者通过 0day 绕过 Pulse Secure VPN 身份验证。 potato • 7 hours ago

0   

itm4n/Perfusion
github.com • Tools

Perfusion:Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012 上的本地提权工具。 potato • 7 hours ago

0   

NAT 原理以及 UDP 穿透
paper - Last paper

NAT 原理以及 UDP 穿透实现。 lanying37 • 20 hours ago

0   

List of Metasploit Windows Exploits (Detailed Spreadsheet)
www.infosecmatter.com • Pentest

Metasploit Windows最全的漏洞利用列表。 lanying37 • 20 hours ago

1   

Bash Uploader Security Update
about.codecov.io • Tools

Codecov Bash Uploader 工具被黑客修改,可能将用户的 CI(持续集成)的密钥、代码等机密信息发送到了第三方服务器上。 potato • 1 day ago

0   

Named Pipe Pass-the-Hash
s3cur3th1ssh1t.github.io

Pass-the-Hash (PTH): a PoC code to use Pass-the-Hash for authentication on a local Named Pipe user Impersonation. potato • 1 day ago

0   

Information Leak via Compromised Sandboxed Browser - CTFするぞ
ptr-yudai.hatenablog.com

在 Chrome 沙箱中利用 1Day 和 渲染器重定向实现信息泄漏。 potato • 1 day ago

0   

SSD Advisory – OverlayFS PE
ssd-disclosure.com

CVE-2021-3493:Ubuntu 下利用 overlayfs 提权。 potato • 1 day ago

0   

Tags

Tools Malware Windows Browser Vulnerability Android Web Attack iOS Linux Pentest Conference macOS Network IoT Wireless Defend Fuzzing Reverse Engineering CTF Virtualization Crypto Data Breach Programming Machine Learning Firmware Report Forensics PoC Mitigation SCADA Backdoor Side Channel Threat Intelligence Hardware Blockchain Exploit Supply Chain Bug Bounty Privacy Power Analysis
Loading