【行业资讯】【国内外技术分享-2017.6.20】
致谢
- @Todaro
- @Avfisher
- @章鱼小团子
The Stack Clash: vulnerability in memory management of Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 & amd64
https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Multiple Foscam C1 Vulnerabilities
http://blog.talosintelligence.com/2017/06/foscam-vuln-details.html
Sophos XG Firewall Path Traversal
https://blogs.securiteam.com/index.php/archives/3253
A Quick Analysis of Microsoft's ESTEEMAUDIT Patch-And why CVE-2017-0176 and CVE-2017-9073 are probably not the same thing
https://0patch.blogspot.hk/2017/06/a-quick-analysis-of-microsofts.html
Bug Hunting - Drilling Into the Internet of Things (IoT)
https://duo.com/assets/ebooks/Duo-Labs-Bug-Hunting-Drilling-Into-the-Internet-of-Things-IoT.pdf
reversing the Huawei Balong M3/MCU Console
VBScript Functions Hooking with Frida(西班牙文)
https://www.securityartwork.es/2017/06/19/hooking-de-funciones-vbscript-con-frida/
a look at Delphi attacks targeting Palestine LE
http://blog.talosintelligence.com/2017/06/palestine-delphi.html
Reckless Exploit: Mexican Journalists, Lawyers, and a Child Targeted with NSO Spyware
https://citizenlab.org/2017/06/reckless-exploit-mexico-nso/
The RNC Files: Inside the Largest US Voter Data Leak
https://www.upguard.com/breaches/the-rnc-files
How i hacked 23.900.000 tumblr domains at once :)
https://medium.com/@know.0nix/how-i-hack-23-900-000-tumblr-domains-at-once-341edad6e7cc
Shodan + Jenkins to get RCEs on Servers
https://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2
Everything about the CSV Excel Macro Injection
http://blog.securelayer7.net/how-to-perform-csv-excel-macro-injection/
Solution for "assignment" of GoogleCTF 2017
https://gist.github.com/saelo/ec59db829fa78758cf589e171c913ee2
GoogleCTF Web: Joe, The X Sanitizer, Geokitties v2 writeup
https://www.linkedin.com/pulse/googlectf-web-roman-x-shafigullin
GoogleCTF Joe challenge writeup
http://robinverton.de/ctf/googlectf-2017-joe-web/
GoogleCTF Back to the past writeup
https://ctftime.org/writeup/6815
GoogleCTF Quals 2017 - The X Sanitizer writeup
https://kitctf.de/writeups/googlectf/x-sanitizer
GoogleCTF the moon reversing writeup
https://github.com/AlexAltea/blog/blob/master/posts/2017-07-19-googlectf-2017-moon/index.md
GoogleCTF 2017 Quals - BLT (Bleichenbacher's Lattice Task - Insanity Check) writeup
http://mslc.ctf.su/wp/gctf2017quals-insanity-check/
Googlectf reverse engineering category writeup
https://blog.trich.im/hello-2017-re-with-googlectf/
GoogleCTF 2017: Mindreader writeup
https://medium.com/@forwardsecrecy/google-ctf-2017-mindreader-570e8acf53b7
GoogleCTF InstProf writeup
https://develbranch.com/ctf/google-ctf-2017-inst-prof-writeup.html
NSA has joined GitHub
https://github.com/nationalsecurityagency
工具#MS17-010 detail, analysis, pocs, exploits (new one works against win2016)
https://github.com/worawit/MS17-010
工具#PSAttack:A portable console aimed at making pentesting with PowerShell a little easier.
https://github.com/jaredhaight/PSAttack
工具#Pafish Macro is a Macro enabled Office Document to detect malware analysis systems and sandboxes.
https://github.com/joesecurity/pafishmacro
工具#iOS Kernel utilities
https://github.com/Siguza/ios-kern-utils
工具#Netcat client and server modules written in pure Javascript for Node.js.
https://github.com/roccomuso/netcat
工具#Bluewall is a firewall framework designed for offensive and defensive cyber professionals.
https://github.com/austin-taylor/bluewall
工具#Cignosecret is a Open Source Intelligence, Forensics and crypto wargame.
https://github.com/Cignoraptor-ita/cignosecret
工具#RITA(Real Intelligence Threat Analytics) is an open source framework for network traffic analysis.
https://github.com/ocmdev/rita
工具#Free Idea: a QEMU Facedancer fuzzer
https://blog.flameeyes.eu/2017/06/free-idea-a-qemu-facedancer-fuzzer/
工具#awesome-frida:A curated list of Frida resources
技术交流QQ群: 397745473
来自:https://xianzhi.aliyun.com/forum/read/1749.html
评论
发表评论