[分享]国外最新安全推文整理（第20期）-外文翻译-看雪-安全社区|安全招聘|kanxue.com

[分享]国外最新安全推文整理（第20期）

发表于: 2018-3-4 20:01 3506

[分享]国外最新安全推文整理（第20期）

BDomne

2018-3-4 20:01

3506

有些可能需要VPN访问，安全性方面自己多留意。

Symbolic Unit Testing for C/C++

https://github.com/trailofbits/deepstate

Incident Response & Digital Forensics Debugging Extension

https://github.com/comaeio/SwishDbgExt

Based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic

https://github.com/malwareinfosec/EKFiddle

Betraying the BIOS: Where the Guardians of the BIOS are Failing

https://github.com/REhints/Publications/tree/master/Conferences/Betraying%20the%20BIOS

NDSS 2018 papers

https://www.ndss-symposium.org/ndss2018/programme/

SP18 papers

https://www.computer.org/csdl/proceedings/sp/2018/4353/00/index.html

REcon BRX 2018 slides

https://recon.cx/2018/brussels/slides/

INFILTRATE 2018 schedule

https://www.infiltratecon.com/schedule/

The Evolution of CFI Attacks and Defenses, slides

https://github.com/Microsoft/MSRC-Security-Research/tree/master/presentations/2018_02_OffensiveCon

Windows 10 RS2/RS3 GDI data-only exploitation tales

https://census-labs.com/news/2018/02/28/windows-10-rs2rs3-gdi-data-only-exploitation-tales-offensivecon-2018/

The Windows 10 TH2 INT 2E mystery

http://blog.amossys.fr/windows10_TH2_int2E_mystery.html

VMware Exploitation through Uninitialized Buffers

https://www.zerodayinitiative.com/blog/2018/3/1/vmware-exploitation-through-uninitialized-buffers

Reverse engineering the MS Office RTF parser

https://securelist.com/disappearing-bytes/84017/

SMBv3 Null Pointer Dereference vulnerability

http://krbtgt.pw/smbv3-null-pointer-dereference-vulnerability/

How Hackers Bypassed an Adobe Flash Protection Mechanism

https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/

FinFisher exposed: A researcher's tale of defeating traps, tricks, and complex virtual machines

https://cloudblogs.microsoft.com/microsoftsecure/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/

Analyzing the nasty .NET protection of the Ploutus.D malware

http://antonioparata.blogspot.it/2018/02/analyzing-nasty-net-protection-of.html

Detection and analysis of Uroburos's kernel backdoor

https://exatrack.com/public/Uroburos_EN.pdf

APT Stages 101

https://azeria-labs.com/advanced-persistent-threat/

JavaScript AntiDebugging Tricks

https://x-c3ll.github.io/posts/javascript-antidebugging/

Remote Code Execution in IDA by double clicking a string

http://riscy.business/2018/02/ida-remote-execution/

Getting code execution from pure glibc heap mechanics

http://blog.frizn.fr/glibc/glibc-heap-to-rip

Pentest Tips and Tricks

https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/

Two small notes on the "malicious use of AI" report

http://addxorrol.blogspot.fr/2018/02/two-small-notes-on-malicious-use-of-ai.html

Toyota and Unintended Acceleration

https://embeddedgurus.com/barr-code/2013/10/an-update-on-toyota-and-unintended-acceleration/

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！

收藏・6

免费・0

支持