首页
社区
课程
招聘
[分享]国外最新安全推文整理(第11期)
发表于: 2017-6-4 19:57 12255

[分享]国外最新安全推文整理(第11期)

2017-6-4 19:57
12255

有些可能需要VPN访问,安全性方面自己多留意:P


Colourful visualization tool for binary files

https://github.com/FireyFly/pixd


Porting Windows Dynamic Link Libraries to Linux

https://github.com/taviso/loadlibrary


Defeating Windows User Account Control

https://github.com/hfiref0x/UACME


An opensource API hooking framework

https://github.com/PassingTheKnowledge/Ganxo


WinDbg docs

https://github.com/MicrosoftDocs/windows-driver-docs/tree/staging/windows-driver-docs-pr/debugger


Windows Internals Book 7th edition Tools

https://github.com/zodiacon/windowsinternals


Intel Engine Firmware Analysis Tool

https://github.com/platomav/MEAnalyzer


UEFI firmware training materials

https://github.com/advanced-threat-research/firmware-security-training


SimpleVisor is a simple, portable, Intel VT-x hypervisor

https://github.com/ionescu007/SimpleVisor


Z3 is a theorem prover from Microsoft Research

https://github.com/Z3Prover/z3


Quick introduction into SAT/SMT solvers and symbolic execution

https://yurichev.com/writings/SAT_SMT_draft-EN.pdf


Analysis of the Attack Surface of Microsoft Office from a User's Perspective (Slides)

https://sites.google.com/site/zerodayresearch/Analysis_of_the_Attack_Surface_of_Microsoft_Office_from_User_Perspective_final.pdf


Improving Coverage Guided Fuzzing, Using Static Analysis

https://repret.wordpress.com/2017/05/01/improving-coverage-guided-fuzzing-using-static-analysis/


Windows Kernel Exploitation Part 4: Introduction to Windows Kernel Pool Exploitation

https://samdb.xyz/windows-kernel-exploitation-part-4/


Are we doing memory corruption mitigations wrong

https://scarybeastsecurity.blogspot.com/2017/05/are-we-doing-memory-corruption.html


Reading Your Way Around UAC (Part 3)

https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html


A Dissection of the "EsteemAudit" Windows Remote Desktop Exploit

https://researchcenter.paloaltonetworks.com/2017/05/unit42-dissection-esteemaudit-windows-remote-desktop-exploit/


Exploitation of CVE-2017-2491 (WebKit)

https://phoenhex.re/2017-05-04/pwn2own17-cachedcall-uaf


MS Edge TypedArray.sort Use-After-Free (CVE-2016-7288)

https://blog.quarkslab.com/exploiting-ms16-145-ms-edge-typedarraysort-use-after-free-cve-2016-7288.html


Exploiting a V8 OOB write

https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/


Exploiting a Cross-mmap Overflow in Firefox

https://saelo.github.io/posts/firefox-script-loader-overflow.html


Dynamic Binary Analysis with Intel Pin

https://blog.netspi.com/dynamic-binary-analysis-intel-pin/


Reverse engineer 200 binaries with the mechanical efficiency of symbolic execution

http://blog.trailofbits.com/2017/05/15/magic-with-manticore/


KONNI: A Malware Under The Radar For Years

http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html


Analysis of Emotet v4

https://www.cert.pl/en/news/single/analysis-of-emotet-v4/


Wicked malware persistence methods (Slides)

https://drive.google.com/file/d/0Bzb5kQFOXkiSVEVMTy12dlhJcW8/view


Exploit Course (Slides)

https://exploit.courses/files/bfh2017/content.html


Convolutional Neural Networks for Visual Recognition (Slides)

http://cs231n.stanford.edu/slides/2017/


CoreNLP – Core natural language software

https://stanfordnlp.github.io/CoreNLP/


A highly visual ARM emulator

https://salmanarif.bitbucket.io/visual/


Tutorial series on ARM assembly basics

https://azeria-labs.com/writing-arm-assembly-part-1/


Industrial Robots Security

http://robosec.org/


SeaGlass is a system to measure IMSI-catcher use across a city

https://seaglass.cs.washington.edu/


Exploiting Network Printers

https://www.ieee-security.org/TC/SP2017/papers/64.pdf


Researchers Hack Accelerometers with Sound Waves

https://spqr.eecs.umich.edu/papers/trippel-IEEE-oaklawn-walnut-2017.pdf


CAN bus reverse-engineering with Arduino and iOS

https://medium.com/@alexandreblin/can-bus-reverse-engineering-with-arduino-and-ios-5627f2b1709a


RFID Hacking with The Proxmark 3

https://blog.kchung.co/rfid-hacking-with-the-proxmark-3/



[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 0
支持
分享
打赏 + 5.00雪花
打赏次数 1 雪花 + 5.00
 
赞赏  orz1ruo   +5.00 2017/06/04
最新回复 (1)
雪    币: 6112
活跃值: (1212)
能力值: (RANK:30 )
在线值:
发帖
回帖
粉丝
2
感谢分享!
2017-6-5 10:03
0
游客
登录 | 注册 方可回帖
返回
//