威胁情报3.14

落花浮王杯 提交于 2020-11-21 04:26:31

  • [Fuzzing] How Janus Battled libFuzzer and Won (Alessandro Toppi) - webrtcHacks: 
    https://webrtchacks.com/fuzzing-janus/

     通过 libFuzzer 对 Janus 进行 fuzzing  – Kiwi


  • [IoT Device] How I hacked my Xiaomi MiBand 2 fitness tracker — a step-by-step Linux guide by Andrey Nikishaev - Hakin9 - IT Security Magazine: 
    https://hakin9.org/how-i-hacked-my-xiaomi-miband-2-fitness-tracker

     如何进行对 Xiaomi MiBand 2 的攻击 – Kiwi


  • [Vulnerability] GitHub - mpgn/CVE-2019-0192: RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl: 
    https://github.com/mpgn/CVE-2019-0192/

     Apache Solr RCE POC(CVE-2019-0192) – Kiwi


  • [Exploit, Browser] GitHub - Cryptogenic/PS4-6.20-WebKit-Code-Execution-Exploit: A WebKit exploit using CVE-2018-4441 to obtain RCE on PS4 6.20.: 
    https://github.com/Cryptogenic/PS4-6.20-WebKit-Code-Execution-Exploit

     在 PS4 6.20 上的 WebKit 远程代码执行漏洞(CVE-2018-4441)利用 – Kiwi


  • [Malware Analysis] InQuest | Analyzing Sophisticated PowerShell Targeting Japan: 
    http://blog.inquest.net/blog/2019/03/09/Analyzing-Sophisticated-PowerShell-Targeting-Japan/

     针对日本用户的复杂多阶段 PowerShell 恶意脚本分析 – Kiwi


  • [Vulnerability] Vimeo SSRF with code execution potential. – Harsh Jaiswal – Medium: 
    https://medium.com/@rootxharsh_90844/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e

     Vimeo 从 SSRF 到 SSH Key 泄漏 – Kiwi


  • [Windows, Mitigation] Tetrane - Automated Reverse Engineering Platform: 
    https://blog.tetrane.com/2019/Analysis-Windows-PatchGuard.html

     Microsoft Windows 10 RS4 上的 PatchGuard 分析 – Kiwi


  • [Attack] The Hitchhiker’s Guide To Initial Access – Posts By SpecterOps Team Members: 
    https://posts.specterops.io/the-hitchhikers-guide-to-initial-access-57b66aa80dd6

     通过社会工程学获取目标初始立足点指南 Part 2,滥用偏见 – Kiwi


  • [iOS] jelbrekLib/patchfinder64.m at master · jakeajames/jelbrekLib · GitHub: 
    https://github.com/jakeajames/jelbrekLib/blob/master/patchfinder64.m

     Patchfinders for offsets used in bazad's PAC bypass – Kiwi


  • [Windows] awesome-windows-kernel-security-development/README.md at master · ExpLife0011/awesome-windows-kernel-security-development · GitHub: 
    https://github.com/ExpLife0011/awesome-windows-kernel-security-development/blob/master/README.md

     优秀 Windows 内核漏洞利用方向资源收集 – Kiwi


  • [Tools] GitHub - trimstray/reload.sh: Reinstall, restore and wipe your system from the level and in the place of the running GNU/Linux distribution (without cd-rom, flash and other). Via SSH, without rebooting.: 
    https://github.com/trimstray/reload.sh

     reload.sh - 通过 SSH 实现重装、恢复以及擦除系统的脚本 – Kiwi


  • [Malware Analysis] 警惕:黑客利用“流浪地球票房红包”在微信中传播恶意诈骗广告: 
    https://paper.seebug.org/840/

     黑客利用“流浪地球票房红包”在微信中传播恶意诈骗广告 – Kiwi


  • [Vulnerability] Intel Driver & Support Assistant (DSA) LPE: 
    https://labs.mwrinfosecurity.com/advisories/intel-driver-and-support-assistant-dsa-lpe/

     Intel Driver & Support Assistant (DSA) 的本地特权提升漏洞披露(CVE-2018-12148、CVE-2018-12168) – Kiwi


  • [Pentest] API Penetration Testing with OWASP 2017 Test Cases - SecureLayer7: 
    http://blog.securelayer7.net/api-penetration-testing-with-owasp-2017-test-cases/

     API 渗透测试基础介绍 – Kiwi


  • [Tools] Burp Extension Python Tutorial - Generate a Forced Browsing Wordlist - Laconic Wolf: 
    https://laconicwolf.com/2019/03/09/burp-extension-python-tutorial-generate-a-forced-browsing-wordlist/

     Burp Python 扩展开发教程 - 生成目录字典 – Kiwi


  • [Tools] Automated monitoring of subdomains for fun and profit — Release of Sublert: 
    https://medium.com/@yassineaboukir/automated-monitoring-of-subdomains-for-fun-and-profit-release-of-sublert-634cfc5d7708

     自动化监控子域名变化的工具 Sublert 发布 – Kiwi


  • [Tools] NMAP Tips: RTFM?: 
    https://blog.zsec.uk/nmap-rtfm/

     Nmap 使用手册 – Kiwi


  • [IoT Device] Gone in six seconds? Exploiting car alarms: 
    https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/

     汽车智能警报器的安全问题分析 – Kiwi


  • NVIDIA GeForce Experience LPE: 
    https://labs.mwrinfosecurity.com/advisories/nvidia-geforce-experience-lpe/

     NVIDIA GeForce Experience 本地特权提升漏洞披露(CVE-2018-6261) – Kiwi


  • [Malware Analysis] Closing on credential theft. New phishing campaigns target real estate agents.: 
    https://medium.com/@mark_px/closing-on-credential-theft-new-phishing-campaigns-target-real-estate-agents-fab8c53cad59

     针对房地产经纪人的钓鱼攻击活动分析 – Kiwi


  • [Malware Analysis] “BankThief”- 针对波兰和捷克的新型银行钓鱼攻击: 
    https://paper.seebug.org/839/

     “BankThief”- 针对波兰和捷克的新型银行钓鱼攻击 – Kiwi


  • [Web Security] MyPapers/Bypassing-XSS-detection-mechanisms at master · s0md3v/MyPapers · GitHub: 
    https://github.com/s0md3v/MyPapers/tree/master/Bypassing-XSS-detection-mechanisms

     绕过 WAF 的 XSS 检测机制研究 – Kiwi


  • [Tools, Pentest] GitHub - shr3ddersec/Shr3dKit: Red Team Tool Kit: 
    https://github.com/shr3ddersec/Shr3dKit

     Shr3dKit - 红队工具包,收集了大量优秀的工具 – Kiwi


  • [Malware] Malware writing - Python Malware, part 3: Stealing credentials and cookies - Malware - 0x00sec - The Home of the Hacker: 
    https://0x00sec.org/t/malware-writing-python-malware-part-3-stealing-credentials-and-cookies/12099

     编写 Python 恶意软件 Part 3: 窃取凭据和 Cookie – Kiwi


  • [Programming, Language] Introduction to Computer Organization: 
    http://bob.cs.sonoma.edu/IntroCompOrg-RPi/intro-co-rpi.html

     理解计算机架构: 使用 Raspberry Pi 编写 ARM 汇编  – Kiwi


  • [Android] Nearby Threats: Reversing, Analyzing, and Attacking Google’s ‘Nearby Connections’ on Android | Daniele Antonioli: 
    https://francozappa.github.io/publication/rearby/

     针对 Google Nearby Connections 的逆向、分析及攻击 – Kiwi


本文分享自微信公众号 - 黑伞攻防实验室(hack_umbrella)。
如有侵权,请联系 support@oschina.cn 删除。
本文参与“OSC源创计划”,欢迎正在阅读的你也加入,一起分享。

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!