1. 程式人生 > >分享]國外最新安全推文整理

分享]國外最新安全推文整理

wal into lai around war 需要 esc hyperv -type

http://bbs.pediy.com/user-578992.htm

有些可能需要VPN訪問,安全性方面自己多留意:P

Colourful visualization tool for binary files

https://github.com/FireyFly/pixd

Porting Windows Dynamic Link Libraries to Linux

https://github.com/taviso/loadlibrary

Defeating Windows User Account Control

https://github.com/hfiref0x/UACME

An opensource API hooking framework

https://github.com/PassingTheKnowledge/Ganxo

WinDbg docs

https://github.com/MicrosoftDocs/windows-driver-docs/tree/staging/windows-driver-docs-pr/debugger

Windows Internals Book 7th edition Tools

https://github.com/zodiacon/windowsinternals

Intel Engine Firmware Analysis Tool

https://github.com/platomav/MEAnalyzer

UEFI firmware training materials

https://github.com/advanced-threat-research/firmware-security-training

SimpleVisor is a simple, portable, Intel VT-x hypervisor

https://github.com/ionescu007/SimpleVisor

Z3 is a theorem prover from Microsoft Research

https://github.com/Z3Prover/z3

Quick introduction into SAT/SMT solvers and symbolic execution

https://yurichev.com/writings/SAT_SMT_draft-EN.pdf

Analysis of the Attack Surface of Microsoft Office from a User‘s Perspective (Slides)

https://sites.google.com/site/zerodayresearch/Analysis_of_the_Attack_Surface_of_Microsoft_Office_from_User_Perspective_final.pdf

Improving Coverage Guided Fuzzing, Using Static Analysis

https://repret.wordpress.com/2017/05/01/improving-coverage-guided-fuzzing-using-static-analysis/

Windows Kernel Exploitation Part 4: Introduction to Windows Kernel Pool Exploitation

https://samdb.xyz/windows-kernel-exploitation-part-4/

Are we doing memory corruption mitigations wrong

https://scarybeastsecurity.blogspot.com/2017/05/are-we-doing-memory-corruption.html

Reading Your Way Around UAC (Part 3)

https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html

A Dissection of the "EsteemAudit" Windows Remote Desktop Exploit

https://researchcenter.paloaltonetworks.com/2017/05/unit42-dissection-esteemaudit-windows-remote-desktop-exploit/

Exploitation of CVE-2017-2491 (WebKit)

https://phoenhex.re/2017-05-04/pwn2own17-cachedcall-uaf

MS Edge TypedArray.sort Use-After-Free (CVE-2016-7288)

https://blog.quarkslab.com/exploiting-ms16-145-ms-edge-typedarraysort-use-after-free-cve-2016-7288.html

Exploiting a V8 OOB write

https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/

Exploiting a Cross-mmap Overflow in Firefox

https://saelo.github.io/posts/firefox-script-loader-overflow.html

Dynamic Binary Analysis with Intel Pin

https://blog.netspi.com/dynamic-binary-analysis-intel-pin/

Reverse engineer 200 binaries with the mechanical efficiency of symbolic execution

http://blog.trailofbits.com/2017/05/15/magic-with-manticore/

KONNI: A Malware Under The Radar For Years

http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html

Analysis of Emotet v4

https://www.cert.pl/en/news/single/analysis-of-emotet-v4/

Wicked malware persistence methods (Slides)

https://drive.google.com/file/d/0Bzb5kQFOXkiSVEVMTy12dlhJcW8/view

Exploit Course (Slides)

https://exploit.courses/files/bfh2017/content.html

Convolutional Neural Networks for Visual Recognition (Slides)

http://cs231n.stanford.edu/slides/2017/

CoreNLP – Core natural language software

https://stanfordnlp.github.io/CoreNLP/

A highly visual ARM emulator

https://salmanarif.bitbucket.io/visual/

Tutorial series on ARM assembly basics

https://azeria-labs.com/writing-arm-assembly-part-1/

Industrial Robots Security

http://robosec.org/

SeaGlass is a system to measure IMSI-catcher use across a city

https://seaglass.cs.washington.edu/

Exploiting Network Printers

https://www.ieee-security.org/TC/SP2017/papers/64.pdf

Researchers Hack Accelerometers with Sound Waves

https://spqr.eecs.umich.edu/papers/trippel-IEEE-oaklawn-walnut-2017.pdf

CAN bus reverse-engineering with Arduino and iOS

https:[email protected]/can-bus-reverse-engineering-with-arduino-and-ios-5627f2b1709a

RFID Hacking with The Proxmark 3

https://blog.kchung.co/rfid-hacking-with-the-proxmark-3/

分享]國外最新安全推文整理