今日导读:Flash Exploit(CVE-2018-4878)被应用在大规模的Malspam运动中、虚拟的Steam桌面登录器窃取帐户详细信息、DEDECMS windows找后台目录方法、Adobe Flash从CVE-2015-5119到CVE-2018-4878的漏洞利用、逆向MS Office RTF分析器、我是如何删除Facebook社区问题论坛中的任意图片的($1500)、通过ClickJacking漏洞获取Instagram应用程序令牌等。

记得看昨天发的。

1、Flash Exploit, CVE-2018-4878, Spotted in The Wild as Part of Massive Malspam Campaign
https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign

2、Fake Steam Desktop Authenticator steals account details
https://bartblaze.blogspot.hk/2018/02/fake-steam-desktop-authenticator-steals.html

3、解决DEDECMS历史难题--找后台目录
https://xianzhi.aliyun.com/forum/topic/2064

4、Adobe Flash Exploitation, Then and Now: From CVE-2015-5119 to CVE-2018-4878
https://www.mdsec.co.uk/2018/02/adobe-flash-exploitation-then-and-now-from-cve-2015-5119-to-cve-2018-4878/

5、Disappearing bytes: Reverse engineering the MS Office RTF parser
https://securelist.com/disappearing-bytes/84017/

6、Unexported Windows kernel functions/structures finding method
https://secrary.com/Random/unexported/

7、Zero Day Zen Garden: Windows Exploit Development - Part 5(Return Oriented Programming Chains)
http://www.shogunlab.com/blog/2018/02/11/zdzg-windows-exploit-5.html

8、Fun with self-decryption
https://x64dbg.com/blog/2018/02/25/fun-with-self-decryption.html

9、About bam key(registry key)( used to execution trace?)
https://padawan-4n6.hatenablog.com/entry/2018/02/22/131110

10、How I was able to delete any image in Facebook community question forum($1500)
https://medium.com/@JubaBaghdad/how-i-was-able-to-delete-any-image-in-facebook-community-question-forum-a03ea516e327

11、Re-dressing Instagram – Leaking Application Tokens via Instagram ClickJacking Vulnerability!
https://www.seekurity.com/blog/general/redressing-instagram-leaking-application-tokens-via-instagram-clickjacking-vulnerability/

工具#virustream:A script to track malware IOCs with OSINT on Twitter.
https://github.com/ntddk/virustream

工具#xmrhunter.com:Search Monero wallet address in multiple pools, to get a quick insight into the operation scale.
https://www.xmrhunter.com/

工具#Altprobe is a component of the Alertflex project, it has functional of a collector according to SIEM/Log Management terminologies.
https://github.com/olegzhr/altprobe

工具#password_exposed:This PHP package provides an password_exposed helper function, that uses the haveibeenpwned.com API to check if a password has been exposed in a data breach.(No rate limited requests)
https://github.com/DivineOmega/password_exposed

工具#mitm-router: Man-in-the-middle wireless access point inside a docker container
https://github.com/brannondorsey/mitm-router

点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖