分享]國外最新安全推文整理
http://bbs.pediy.com/user-578992.htm
有些可能需要VPN訪問,安全性方面自己多留意:P
Colourful visualization tool for binary files
https://github.com/FireyFly/pixd
Porting Windows Dynamic Link Libraries to Linux
https://github.com/taviso/loadlibrary
Defeating Windows User Account Control
https://github.com/hfiref0x/UACME
An opensource API hooking framework
https://github.com/PassingTheKnowledge/Ganxo
WinDbg docs
https://github.com/MicrosoftDocs/windows-driver-docs/tree/staging/windows-driver-docs-pr/debugger
Windows Internals Book 7th edition Tools
https://github.com/zodiacon/windowsinternals
Intel Engine Firmware Analysis Tool
https://github.com/platomav/MEAnalyzer
UEFI firmware training materials
https://github.com/advanced-threat-research/firmware-security-training
SimpleVisor is a simple, portable, Intel VT-x hypervisor
https://github.com/ionescu007/SimpleVisor
Z3 is a theorem prover from Microsoft Research
https://github.com/Z3Prover/z3
Quick introduction into SAT/SMT solvers and symbolic execution
https://yurichev.com/writings/SAT_SMT_draft-EN.pdf
Analysis of the Attack Surface of Microsoft Office from a User‘s Perspective (Slides)
https://sites.google.com/site/zerodayresearch/Analysis_of_the_Attack_Surface_of_Microsoft_Office_from_User_Perspective_final.pdf
Improving Coverage Guided Fuzzing, Using Static Analysis
https://repret.wordpress.com/2017/05/01/improving-coverage-guided-fuzzing-using-static-analysis/
Windows Kernel Exploitation Part 4: Introduction to Windows Kernel Pool Exploitation
https://samdb.xyz/windows-kernel-exploitation-part-4/
Are we doing memory corruption mitigations wrong
https://scarybeastsecurity.blogspot.com/2017/05/are-we-doing-memory-corruption.html
Reading Your Way Around UAC (Part 3)
https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html
A Dissection of the "EsteemAudit" Windows Remote Desktop Exploit
https://researchcenter.paloaltonetworks.com/2017/05/unit42-dissection-esteemaudit-windows-remote-desktop-exploit/
Exploitation of CVE-2017-2491 (WebKit)
https://phoenhex.re/2017-05-04/pwn2own17-cachedcall-uaf
MS Edge TypedArray.sort Use-After-Free (CVE-2016-7288)
https://blog.quarkslab.com/exploiting-ms16-145-ms-edge-typedarraysort-use-after-free-cve-2016-7288.html
Exploiting a V8 OOB write
https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/
Exploiting a Cross-mmap Overflow in Firefox
https://saelo.github.io/posts/firefox-script-loader-overflow.html
Dynamic Binary Analysis with Intel Pin
https://blog.netspi.com/dynamic-binary-analysis-intel-pin/
Reverse engineer 200 binaries with the mechanical efficiency of symbolic execution
http://blog.trailofbits.com/2017/05/15/magic-with-manticore/
KONNI: A Malware Under The Radar For Years
http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html
Analysis of Emotet v4
https://www.cert.pl/en/news/single/analysis-of-emotet-v4/
Wicked malware persistence methods (Slides)
https://drive.google.com/file/d/0Bzb5kQFOXkiSVEVMTy12dlhJcW8/view
Exploit Course (Slides)
https://exploit.courses/files/bfh2017/content.html
Convolutional Neural Networks for Visual Recognition (Slides)
http://cs231n.stanford.edu/slides/2017/
CoreNLP – Core natural language software
https://stanfordnlp.github.io/CoreNLP/
A highly visual ARM emulator
https://salmanarif.bitbucket.io/visual/
Tutorial series on ARM assembly basics
https://azeria-labs.com/writing-arm-assembly-part-1/
Industrial Robots Security
http://robosec.org/
SeaGlass is a system to measure IMSI-catcher use across a city
https://seaglass.cs.washington.edu/
Exploiting Network Printers
https://www.ieee-security.org/TC/SP2017/papers/64.pdf
Researchers Hack Accelerometers with Sound Waves
https://spqr.eecs.umich.edu/papers/trippel-IEEE-oaklawn-walnut-2017.pdf
CAN bus reverse-engineering with Arduino and iOS
https:[email protected]/can-bus-reverse-engineering-with-arduino-and-ios-5627f2b1709a
RFID Hacking with The Proxmark 3
https://blog.kchung.co/rfid-hacking-with-the-proxmark-3/
分享]國外最新安全推文整理