威脅情報:
1.2016年中國網站安全漏洞形勢分析報告 by 360安全衛士
PT姿勢:
1.Collection of CSP bypasses by Sebastian Lekies
2.多跳板滲透內部核心網絡 by Mucahit Karadag;翻譯:pwn_361
3.自助終端機的常見入侵方式 by gogata
4.Data Retrieval over DNS in SQL Injection Attacks by Miroslav Štampar
漏洞分析:
1.Windows / * nix下DNS傳出注入數據的背後 by LonelyRain
2.Bluetooth Attacks on Commercial-Grade Electronic Locks by Somerset Recon
3.Extracting Saved Credentials From a Pwn3d Nessus System by TRAVIS LEE
4.Windows exploitation in 2016 by ARTEM BARANOV
5.SRC漏洞挖掘小見解 by Blood_Zer0
6.dedeCMS友情鏈接getshell漏洞分析 by 沒穿底褲
7.SSRF漏洞的挖掘經驗 by he1renyagao
惡意軟體分析:
1.Tech support scam page triggers denial-of-service attack on Macs by Jérôme Segura
POC:
1.Microsoft Edge (Windows 10) - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution by Brian Pak
工具:
1.智能模糊測試工具Winafl 的使用與分析 by 椒圖科技
2.RUPTURE - A COMPRESSION SIDE-CHANNEL ATTACK FRAMEWORK by Angelo Prado、Neal Harris、Yoel Gluck
3.OPEN SOURCE MALWARE LAB by Robert Simmons
4.HexInject - Hexadecimal and raw packet injector and sniffer by Emanuele Acri
5.Control your Mac with an iPhone app – An analysis of HippoRemote by n00py
6.2017年最好用的Android滲透工具合集 by Alpha_h4ck
7.Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 Introduction by STEPHEN BRADSHAW
8.SQLMap Tamper Scripts Update by JAKE ROGERS
沒有留言:
張貼留言