2015-11-30 10:10:26 来源:360安全播报 作者:360安全播报 阅读:582次 点赞(0) 收藏
分享到:
1、宝马I3的app(https://play.google.com/store/apps/details?id=com.bmwi.remote)反向工程接口( https://shkspr.mobi/blog/2015/11/reverse-engineering-the-bmw-i3-api/ )
https://github.com/edent/BMW-i-Remote
2、qualcomm TrustZone漏洞导致Droid Turbo bootloader解锁
http://theroot.ninja/disclosures/TRUSTNONE_1.0-11282015.pdf
3、卡内基梅隆二进制炸弹实验室(CMU Binary Bomb)的符号执行writeup
http://ctfhacker.com/ctf/python/symbolic/execution/reverse/radare/2015/11/28/cmu-binary-bomb-flag2.html
4、zeroNights会议ppt:orm2pwn:利用Hibernate ORM注入
http://www.slideshare.net/0ang3el/orm2pwn-exploiting-injections-in-hibernate-orm?from_action=save
5、zeroNights会议ppt:执行渗透测试的另一种方式
http://www.slideshare.net/KirillErmakov/lets-play-the-game-yet-another-way-to-perform-penetration-test-russian-red-team-exercise-experience-from-qiwi
6、GO语言运行时环境变量介绍
http://dave.cheney.net/2015/11/29/a-whirlwind-tour-of-gos-runtime-environment-variables
7、serpico:渗透测试报告生成和协同工作的工具
https://github.com/MooseDojo/Serpico/
8、powerMemory:可以查看内存和文件中的明文帐号的powershell工具集
https://github.com/giMini/PowerMemory
9、on* Landing Point :文章考虑到<符号后都过滤的情况,但是没有过滤'和"时的on*事件XSS利用方法,随后又分别讨论了,过滤'和"时的绕过方法
https://respectxss.blogspot.de/2015/11/on-landing-point.html
10、Terminus项目启动:自动生成windows structure的差异(当前只支持NTDLL的PDBs)
http://blog.rewolf.pl/blog/?p=1438
11、Math.random() and 32-bit precision
http://jandemooij.nl/blog/2015/11/27/math-random-and-32-bit-precision/
12、优化ssDeep(一种哈希算法)比较,降低大范围的文件比较所需的时间
https://www.virusbtn.com/virusbulletin/archive/2015/11/vb201511-ssDeep
13、事件响应方法的PPT
https://cert.societegenerale.com/en/publications.html
14、阻止基于jaxws-rt (2.1) web服务的XXE攻击
http://stackoverflow.com/questions/12977299/prevent-xxe-attack-with-jaxb
15、virtual-search.py更新,支持-s参数,可以指定csv分隔符
http://blog.didierstevens.com/2015/11/28/update-virustotal-search-py-version-0-1-3/
16、国外研究人员报google翻译页面的上传文档翻译功能可导致xss,其实是translate.googleusercontent.com的问题,根据SOP,并不能访问到translate.google.es
http://www.intelligentexploit.com/view-details.html?id=22623
17、php-fusion 9 的Robots.php文件的xss存储型XSS到远程代码执行
http://permalink.gmane.org/gmane.comp.security.oss.general/18253?utm_source=twitterfeed&utm_medium=twitter
18、使用python ctypes库写一个简单的mach-o解析器
https://rotlogix.com/2015/11/28/writing-a-simple-binary-parser-with-python-ctypes/
19、ARM反向工程练习
https://github.com/rotlogix/Exercises
20、Easy File Sharing Web Server v7.2 - Remote SEH 缓冲区溢出漏洞
http://blog.knapsy.com/blog/2015/11/25/easy-file-sharing-web-server-v7-dot-2-remote-seh-buffer-overflow-dep-bypass-with-rop/
21、广告牌照明系统漏洞
http://randywestergren.com/cutting-the-lights-vulnerabilities-in-a-billboard-lighting-system/
22、使用AFL和libFuzzer来fuzz C++代码
http://jefftrull.github.io/c++/clang/llvm/fuzzing/sanitizers/2015/11/27/fuzzing-with-sanitizers.html
23、在图片里隐藏shellcode
https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Sutton.pdf
本文由 360安全播报 原创发布,如需转载请注明来源及本文地址。本文地址:http://bobao.360.cn/news/detail/2410.html