資安年會:
1.33C3
漏洞分析:
1.PHP escapeshellarg()+escapeshellcmd() 之殤 by 知道創宇404安全實驗室_Hcamael、p0wd3r
2.Pegasus Internals by Max Bazaliy
3.基於Chakra JIT的CFG繞過技術 by Theori;翻譯:shan66
PT姿勢:
1.Hack With XSLT by Evi1cg
2.Execute Remote Scripts Via regsvr32.exe by Casey Smith
3.How to bypass CSP nonces with DOM XSS by Eduardo Vela
惡意軟體分析:
1.UEFI Firmware Rootkits: Myths and Reality by Alex Matrosov、Eugene Rodionov
基礎概念:
1.Let’s talk about CFI: Microsoft Edition by Trail of Bits
POC:
1.Android get_user/put_user Exploit by fi01、cubeundcube、timwr
2.Arbitrary file deletion vulnerability in Image Slider allows authenticated users to delete files by Tom Adams
3.Deterministic_LFH by saaramar
工具:
1.brut3k1t : Brute-force attack that supports multiple protocols and services by ex0dus-0x
2.Fern Wifi Cracker – Wireless Security Auditing Tool by savio-code
3.Fluxion - WPA/WPA2 Security Hacked Without Brute Force by deltaxflux
4.pyJenkinsToolkit - A jenkins penetration test Toolkit by n0ix
沒有留言:
張貼留言