Taint mode is now in beta
r2c.dev

静态代码分析工具 Semgrep 支持污点分析了 Jett • 3 hours ago

1   

Using Kerberos for Authentication Relay Attacks
Project Zero • Windows

Using Kerberos for Authentication Relay Attacks Jett • 3 hours ago

0   

Blog
www.pixiepointsecurity.com

CVE-2020-17087: Exploiting the CNG.sys IOCTL 0x390400 Pool Overflow Vulnerability Jett • 3 hours ago

0   

Description
github.com

Oversecured Vulnerable iOS App,一款存在多个安全漏洞的 iOS App,可以用于漏洞安全研究或检测工具的基准测试 Jett • 3 hours ago

0   

Integers
github.com • Tools

Google 开源的一套用于安全地处理整型数据的 C/C++ 库 Jett • 3 hours ago

0   

Writing Disassemblers for VM-based Obfuscators
synthesis.to

Writing Disassemblers for VM-based Obfuscators Jett • 3 hours ago

0   

Introducing ATT&CK v10: More Objects, Parity, and Features
medium.com

MITRE ATT&CK 框架更新 v10 版本 Jett • 3 hours ago

0   

Session 2A-Software Security 1: Fuzzing and Bug Finding
www.sigsac.org • Conference

下个月中旬将举办的 ACM CCS 2021 会议的议题列表 Jett • 3 hours ago

0   

2213 - Windows: IKEEXT AuthIP Unvalidated GSS_ID EoP - project-zero
bugs.chromium.org • Windows

Issue 2213: Windows: IKEEXT AuthIP Unvalidated GSS_ID EoP Jett • 3 hours ago

0   

Servers are overrated – Bypassing corporate proxies (ab)using serverless for fun and profit.
redteamer.tips

滥用云平台的 Serverless functions 实现 C2 流量代理 Jett • 4 hours ago

0   

Adversarial Attacks on ML Defense Models Competition
arxiv.org • Machine Learning

Adversarial Attacks on ML Defense Models Competition. lanying37 • 17 hours ago

0   

【漏洞分析】Oracle MySQL JDBC XXE漏洞(CVE-2021-2471)
mp.weixin.qq.com

【漏洞分析】Oracle MySQL JDBC XXE漏洞(CVE-2021-2471) lanying37 • 17 hours ago

0   

SuDump: Exploiting suid binaries through the kernel
alephsecurity.com • Linux

SuDump: Exploiting suid binaries through the kernel Jett • 1 day ago

0   

CVE-2020-27304 – RCE via Directory Traversal in CivetWeb HTTP server
jfrog.com

开源 CivetWeb HTTP Server 被发现路径穿越 RCE 漏洞(CVE-2020-27304) Jett • 1 day ago

0   

CVE-2021-42299: TPM Carte Blanche
github.com • Windows

Surface Pro 3 TPM 安全启动环境验证相关实现存在漏洞(CVE-2021-42299) Jett • 1 day ago

0   

Modifying the Acorn CLE-215+ FPGA into a PCILeech DMA attack device
blog.frizk.net • Tools

基于 Acorn CLE-215+ FPGA 构建一个低成本的 PCILeech DMA 攻击设备 Jett • 1 day ago

0   

Android Exploits 101 Workshop - YouTube
www.youtube.com

Project Zero 研究员 maddiestone 录制了一个 ”Android Exploits 101 Workshop“ 的视频 Jett • 1 day ago

0   

WinRAR’s vulnerable trialware: when free software isn’t free
swarm.ptsecurity.com

WinRAR 被发现了一个中间人劫持漏洞,成功利用可以实现 RCE。不过被劫持的链接是个 HTTPS 链接,无效证书会弹框 Jett • 1 day ago

0   

Utilizing Programmatic Identifiers (ProgIDs) for UAC Bypasses
v3ded.github.io • Windows

利用 FodHelper.exe 访问注册表的操作实现 UAC Bypass Jett • 1 day ago

0   

GitHub - T-head-Semi/openc910: OpenXuantie - OpenC910 Core
github.com

阿里开源的 OpenXuantie OpenC910 Core 的代码 Jett • 1 day ago

0   

Loading