1、Monero Miners Continue to Plague Users via Russian BitTorrent Site
https://researchcenter.paloaltonetworks.com/2018/03/unit42-monero-miners-continue-plague-users-via-russian-bittorrent-site/

2、Blast from the past: stowaway Virut delivered with Chinese DDoS bot
https://blog.malwarebytes.com/threat-analysis/2018/03/blast-from-the-past-stowaway-virut-delivered-with-chinese-ddos-bot/

3、Threat Intercept: Fake IonCube Malware Found in the Wild
https://blog.sitelock.com/2018/02/fake-ioncube-malware/

4、Sofacy(AKA APT28, Fancy Bear, STRONTIUM, Sednit, Tsar Team, Pawn Storm) Attacks Multiple Government Entities
https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/

5、CannibalRAT targets Brazil
http://blog.talosintelligence.com/2018/02/cannibalrat-targets-brazil.html

6、Ayatollah BBC – An Iranian disinformation operation against western media outlets
http://www.clearskysec.com/bbc/

7、A Quick Dip into MuddyWater's Recent Activity
https://sec0wn.blogspot.hk/2018/03/a-quick-dip-into-muddywaters-recent.html

8、Google Chrome "String.prototype.replace" Type Confusion Vulnerability (CVE-2017-15428)
https://bugs.chromium.org/p/chromium/issues/detail?id=782145

9、MS Word (wwlib.dll) Protected-View Invalid-Pointer-Dereference(Wont fix)
https://gitlab.com/yongchuank/wontfix-msword-protected-view-0B1100-invalid-ptr-dereference

10、vmware exploitation through uninitialized buffers
https://www.thezdi.com/blog/2018/3/1/vmware-exploitation-through-uninitialized-buffers

11、PS4:the 4.55 WebKit exploit write-up for the "setAttributeNodeNS()" bug
https://github.com/Cryptogenic/Exploit-Writeups/blob/master/WebKit/setAttributeNodeNS%20UAF%20Write-up.md

12、CVE-2017-8987: HPE iLO3 Unauthenticated Remote DoS (FIXED)
https://blog.rapid7.com/2018/03/01/r7-2017-27-cve-2017-8987-hpe-ilo3-unauthenticated-remote-dos-fixed/

13、Windows 10 RS2/RS3 GDI data-only exploitation tales (OffensiveCon 2018)
https://census-labs.com/news/2018/02/28/windows-10-rs2rs3-gdi-data-only-exploitation-tales-offensivecon-2018/

14、FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines
https://cloudblogs.microsoft.com/microsoftsecure/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/

15、基于Memcached分布式系统DRDoS拒绝服务攻击技术研究
https://xianzhi.aliyun.com/forum/topic/2084

16、某CMS一个比较有趣的二次注入
https://xianzhi.aliyun.com/forum/topic/2086

17、Cobalt Strike中DNS隐蔽隧道的利用,以及使用DLP进行检测
https://www.anquanke.com/post/id/99408

18、林林总总的Host Header Attack
https://mp.weixin.qq.com/s?__biz=MzI2NjUwNjU4OA==&mid=2247483858&idx=1&sn=2170052e99a41de3f98a6f1729dba764&chksm=ea8c59e1ddfbd0f7267095ae6da027661993b9d98b06a7d3d1f4c5e11a42cfa741ed7b21826b&scene=0

19、威胁猎人:2017年度中国互联网黑产报告
https://mp.weixin.qq.com/s?__biz=MzI3NDY3NDUxNg==&mid=2247483970&idx=1&sn=af9944a3ad358ee463af1bdf1000e9e5&chksm=eb112479dc66ad6f40f6d274b7914156eee4e3f287582687d42b4a27a505f748bed30bd0ed7d&mpshare=1&scene=1&srcid=0228g9B4kAJvziL85ZTsk6WW

20、2017年Android恶意软件专题报告
https://www.anquanke.com/post/id/99535

21、阿里巴巴Android开发手册
https://yq.aliyun.com/articles/499254

22、谷歌官方机器学习速成课程
https://developers.google.cn/machine-learning/crash-course/

工具#doubleH3lix:Jailbreak for iOS 10.x 64bit devices without KTRR
https://github.com/tihmstar/doubleH3lix

工具#gandcrab ransomware decryption tool
https://www.nomoreransom.org/uploads/GANDCRAB%20RANSOMWARE%20DECRYPTION%20TOOL.pdf

工具#ESD:枚举子域名
https://github.com/FeeiCN/ESD

工具#NtlmSocks:一个工作在网络层的跨平台哈希传递工具
https://github.com/360-A-Team/NtlmSocks

工具#Passhunt - a simple tool for searching of default credentials for network devices, web applications and more.
https://github.com/Viralmaniar/Passhunt

点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖