首页
社区
课程
招聘
[分享]国外最新安全推文整理(第24期)
发表于: 2018-7-1 09:26 5753

[分享]国外最新安全推文整理(第24期)

2018-7-1 09:26
5753

Memoro: A Detailed Heap Profiler(堆内存查看)

https://github.com/epfl-vlsc/memoro


LAVA: Large-scale Automated Vulnerability Addition(人造 bug)

https://github.com/panda-re/lava


Python scriptable Reverse Engineering sandbox(基于 QEMU 的逆向框架)

https://github.com/Cisco-Talos/pyrebox


The exploit samples for windows(最近几个漏洞的 PoC)

https://github.com/smgorelik/Windows-RCE-exploits


Useful resources for iOS hacking(iOS hacking 学习资料)

https://github.com/Siguza/ios-resources


Recon Montreal 2018 Slides(slides 见议题描述)

https://recon.cx/2018/montreal/schedule/schedule.html


Defcon 26 Schedule(议题介绍)

https://defcon.org/html/defcon-26/dc-26-speakers.html


Looking back at the last 20 years of RE and looking ahead at the next few, slides(逆向之路)

https://docs.google.com/presentation/d/1ljVUiXVi2PfEdolGXr7Wpepj0x2RxaOo9rzMKWXebG4/


Detecting Kernel Memory Disclosure – Whitepaper(内存信息泄露)

https://googleprojectzero.blogspot.com/2018/06/detecting-kernel-memory-disclosure.html


Intel LazyFP vulnerability: Exploiting lazy FPU state switching(Intel LazyFP 漏洞)

https://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html


Foxit Reader Vulnerability Discovery and Exploitation(Foxit PDF 漏洞)

https://srcincite.io/blog/2018/06/22/foxes-among-us-foxit-reader-vulnerability-discovery-and-exploitation.html


Marshalling to SYSTEM - An analysis of CVE-2018-0824(COM 组件漏洞)

https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html


Windows: Child Process Restriction Mitigation Bypass(子进程防护绕过)

https://bugs.chromium.org/p/project-zero/issues/detail?id=1544


Introduction to Trusted Execution Environment: ARM's TrustZone(TrustZone 的介绍)

https://blog.quarkslab.com/introduction-to-trusted-execution-environment-arms-trustzone.html


Virtualization-based security (VBS) memory enclaves(虚拟化保护)

https://cloudblogs.microsoft.com/microsoftsecure/2018/06/05/virtualization-based-security-vbs-memory-enclaves-data-protection-through-isolation/


Timeless Debugging of Complex Software(Mozilla 的 rr,同 Microsoft 的 TTD)

https://blog.ret2.io/2018/06/19/pwn2own-2018-root-cause-analysis/


Reverse Engineering open course, slides(逆向分析公开课)

http://martin.uy/blog/projects/reverse-engineering/


Delta Debugging(优化 fuzzing 文件的大小)

https://blog.grimm-co.com/post/delta-debugging/


T-Fuzz: Fuzzing by Program Transformation, slides(fuzzing 工具)

http://nebelwelt.net/publications/files/18Oakland-presentation.pdf


SAT/SMT by example(符号执行)

https://yurichev.com/writings/SAT_SMT_by_example.pdf


Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features, slides(检测 Double-Fetch)

https://misc0110.net/web/files/double_fetch_slides.pdf


Backdooring your server through its BMC: the HPE iLO4 case, slides(向 HPE iLO4 植入固件后门)

https://www.synacktiv.com/ressources/sstic_2018_backdooring_ilo4_slides_en.pdf


Breaking LTE on Layer Two(针对 LTE 数据链路层的攻击)

https://alter-attack.net/



[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 1
支持
分享
打赏 + 1.00雪花
打赏次数 1 雪花 + 1.00
 
赞赏  junkboy   +1.00 2018/07/01
最新回复 (1)
雪    币: 7012
活跃值: (4222)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
感谢分享
2018-7-1 10:51
0
游客
登录 | 注册 方可回帖
返回
//