PPT | Don't Trust the PID!

Stories of a simple logic bug and where to find it

七天前

工具

漏洞分析 | CVE-2018-11235 git RCE漏洞分析

我遇到了子模块系统中的一个漏洞,当子模块被初始化时,这导致git中的远程代码执行(RCE)。这可以可靠地利用克隆我的恶意存储库的主机,并最终为GitHub Pages和CVE-2018-11235提供了Git的 RCE 。

七天前

工具

应用安全 | Waze remote vulnerabilities (Advisory)

During our regular App auditing, we noticed that, Waze, a community-based traffic and navigation App ranking Top 2 in the navigation category on the App Store, has multiple security issues and poses a significant attack surface for Waze users on iOS platforms. We tried to contact Waze via email and twitter many times but got no response.

七天前

工具

技术分享 | 利用PATH变量进行Linux提权操作

PATH is an environmental variable in Linux and Unix-like operating systems which specifies all bin and sbin directories where executable programs are stored.

七天前

工具

漏洞分析 | Analysis of an Out-0f-Bounds Webkit JIT bug in the Safari Browser (CVE-2017-2547)

This blog post will focus on the basics of JIT Bugs and why they are critical using CVE-2017-2547,a winning Pwn2Own safari bug, as a case study. This specific bug is very interesting since it can be used to achieve both an info-leak and act as a write primitive.

七天前

工具

威胁情报 | Rig Exploit Kit正在利用CVE-2018-8174分发门罗币矿工

An exploit kit such as Rig usually starts off with a threat actor compromising a website to inject a malicious script/code that eventually redirects would-be victims to the exploit kit’s landing page.

七天前

工具

技术分享 | EOS bp nodes security checklist(EOS超级节点安全执行指南)

EOS bp nodes security checklist(EOS超级节点安全执行指南)

七天前

工具

威胁情报 | 360发现区块链史诗级漏洞 可完全控制虚拟货币交易!

近日,360公司Vulcan(伏尔甘)团队发现了区块链平台EOS的一系列高危安全漏洞。经验证,其中部分漏洞可以在EOS节点上远程执行任意代码,即可以通过远程攻击,直接控制和接管EOS上运行的所有节点。

七天前

工具

PPT | Getting Saucy with APFS! — The State of Apple's New File System

Getting Saucy with APFS! — The State of Apple's New File System

七天前

工具

恶意软件 | 安卓手机被预装恶意软件,包括中兴、爱可视、myPhone等手机厂商

Avast Threat Labs 分析了该恶意软件,发现其在全球范围内影响成千上万用户。

七天前

工具

漏洞分析 | Electron桌面应用开发平台远程代码执行漏洞CVE-2018-1000006分析

As part of an engagement for one of our clients, we analyzed the patch for the recent Electron Windows Protocol handler RCE bug (CVE-2018-1000006) and identified a bypass.

七天前

工具

漏洞分析 | CVE-2018-5175:Universal CSP strict-dynamic bypass in Firefox

In this blogpost, I'd like to write about a CSP strict-dynamic bypass vulnerability which is fixed in Firefox 60.

七天前

工具

漏洞分析 | ZipperDown漏洞细节披露,盘古实验室教你快速检测

ZipperDown漏洞公布已经过去一周,快手、微博等应用已经修改该漏洞并上线新版本应用。国家监管部门和部分安全厂商也相继发布了ZipperDown漏洞分析报告。盘古实验室在确认受影响厂商已修复应用漏洞后,决定公布ZipperDown漏洞报告。

七天前

工具

威胁情报 | Linux Redis自动化挖矿感染蠕虫分析及安全建议

自从Redis未授权问题获取Linux系统root权限的攻击方法的披露后,由于其易用性,利用该问题入侵Linux服务进行挖矿、扫描等的黑客行为一直层出不穷;而在众多利用该问题入侵服务器进行黑产行为的案例中,其中就存在一类利用该问题进行挖矿并且会利用pnscan自动扫描感染其他机器;该类攻击一直存在,不过在近期又呈现数量增加的趋势,在最近捕获到多次,我们针对其做下具体的分析。

七天前

工具

PPT | Bypassing Mitigations by Attacking JIT Srever in Microsoft Edge

Bypassing Mitigations by Attacking JIT Srever in Microsoft Edge

七天前

工具

技术分享 | Arbitrary Code Guard vs. Kernel Code Injections

在这篇博客文章中,我们将展示Arbitrary Code Guard如何工作并测试其对内核代码注入的有效性。

七天前

工具

漏洞利用 | CVE-2018-8174 - VBScript 内存破坏漏洞exp

This is a metasploit module which creates a malicious word document to exploit CVE-2018-8174 - VBScript memory corruption vulnerability.

七天前

工具

漏洞分析 | Adobe, Me and an Arbitrary Free :: Analyzing the CVE-2018-4990 Zero-Day Exploit

It’s uncommon to see Acrobat Reader exploits in the wild these days so I decided to take a look at this one. All testing was done AcroRd32.exe (c4c6f8680efeedafa4bb7a71d1a6f0cd37529ffc) v2018.011.20035. Other versions are also affected, please see Adobe’s bulletin apsb18-09 for more details.

七天前

工具

汽车安全 | 腾讯科恩实验室最新汽车安全研究成果:宝马多款车型的安全研究综述

宝马网联汽车研究是一项遵循白帽黑客准则的安全研究项目。在这个研究过程中,腾讯科恩实验室对多款宝马汽车的车载信息娱乐系统(Head Unit)、车载通讯模块(T-Box)和车载中心网关(Central Gateway)的硬件以及软件做了深入和全面的分析,并遵循“负责任的漏洞披露”的流程,向宝马报告了漏洞和攻击链的详细细节,并提供技术分析及相关修复建议。

七天前

工具

PPT | Hacking the PS4 — From zero to ring zero in two easy steps

From zero to ring zero in two easy steps.

七天前

工具
1 2 3 4 5 6 7 8 9 10 58