1、Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent
https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/

2、Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign
https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/

3、The King of traffic distribution
https://malware.dontneedcoffee.com/hosted/anonymous/kotd.html

4、Memcache UDP 反射放大攻击 II: 最近的数据分析
https://blog.netlab.360.com/memcache-ddos-ii-numbers-and-charts-by-ddosmon/

5、DJI Spark hijacking
https://embedi.com/blog/dji-spark-hijacking/

6、Default Stored XSS in laravelphp framework!
https://x1m.nl/poc/2018/03/07/Laravel-XSS-Vuln/

7、XML External Entity Injection in Jive-n (CVE-2018-5758)
https://rhinosecuritylabs.com/research/xml-external-entity-injection-xxe-cve-2018-5758/

8、the POC for the Oracle Hospitality Simphony exploit CVE-2018-2636
https://github.com/erpscanteam/CVE-2018-2636/blob/master/eGw.py

9、Advisory | ManageEngine Applications Manager Remote Code Execution and SQLi
https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/

10、How I fixed a very old GIL race condition in Python 3.7
https://vstinner.github.io/python37-gil-change.html

11、Unearthing Z͌̈́̾a͊̈́l͊̿g̏̉͆o̾̚̚S̝̬ͅc̬r̯̼͇ͅi̼͖̜̭͔p̲̘̘̹͖t̠͖̟̹͓͇ͅ with visual fuzzing
http://blog.portswigger.net/2018/03/unearthing-zalgoscript-with-visual.html

12、血族手游Lua脚本及资源文件解密
http://www.freebuf.com/articles/terminal/163765.html

13、Tales of a Threat Hunter 2-Following the trace of WMI Backdoors & other nastiness
https://www.eideon.com/2018-03-02-THL03-WMIBackdoors/

14、Flash Dumping - Part II
https://blog.quarkslab.com/flash-dumping-part-ii.html

15、危险的target —— 另一种攻击方式
https://xianzhi.aliyun.com/forum/topic/2123

16、Hack with rewrite
https://evi1cg.me/archives/hack_with_rewrite.html

17、区块链安全 - 以太坊短地址攻击
http://blog.csdn.net/u011721501/article/details/79476587

18、Basic iOS Security: Keychain and Hashing
https://www.raywenderlich.com/185370/basic-ios-security-keychain-hashing

19、DexLego: Reassembleable Bytecode Extraction for Aiding Static Analysis
https://arxiv.org/pdf/1803.02471.pdf

20、Stored XSS, and SSRF in Google using the Dataset Publishing Language($18,337)
https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html

工具#container-breakouts:Testing/collecting some container breakouts
https://github.com/singe/container-breakouts

工具#CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
https://github.com/duo-labs/cloudtracker

工具#publicwww.com:Source Code Search Engine
https://publicwww.com/

工具#portapack-havoc:Custom firmware for the HackRF SDR + PortaPack H1 addon
https://github.com/furrtek/portapack-havoc

点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖