安卓手机邮件客户端钓鱼漏洞,Android 邮件钓鱼 [CVE-2014-4925]

视频: 安卓邮件客户端漏洞测试 FD 论坛上刚爆出的一个漏洞 poc: <meta http-equiv="refresh" content="0;URL='http://www.maliciousurl.com'" /> 攻击者可以构造一个邮件发给目标并且重定向到固定页面 详情可以 点击 Full Disclosure: Good for Enterprise Android HTML Injection

JSON应用:判断支付宝是否登录

JSON应用:判断支付宝是否登录 专注XSS三十年 | 2014-12-31 03:16 通过JSON判断登录状态 https://lab.alipay.com/user/msgcenter/getMsgInfosNew.json?_callback=xss&_input_charset=utf-8&ctoken=222&_=1419965709755 已登录: zozi({"popMsg":false,"infos":[],"totalCount":6,"stat":"ok","isRead":false}) 未登录: zozi({"target":"https://auth.alipay.com/login/index.htm?goto=","stat":"deny"}) 支付宝里有很多类似的JSON,虽然请求里

MS14-068 privilege escalation PoC: 可以让任何域内用户提升为域管理员

ms14-068.py Exploits MS14-680 vulnerability on an un-patched domain controler of an Active Directory domain to get a Kerberos ticket for an existing domain user account with the privileges of the following domain groups : Domain Users (513) Domain Admins (512) Schema Admins (518) Enterprise Admins (519) Group Policy Creator Owners (520) USAGE: ms14-068.py -u <userName>@<domainName> -s <userSid> -d <domainControlerAddr> OPTIONS: -p <clearPassword> --rc4 <ntlmHash> Example usage : Linux (tested with

iSniff GPS:WIFI被动嗅探工具,嗅探附近无线设备广播泄漏信息定位

iSniff GPS passively sniffs for SSID probes, ARPs and MDNS (Bonjour) packets broadcast by nearby iPhones, iPads and other wireless devices. The aim is to collect data which can be used to identify each device and determine previous geographical locations, based solely on information each device discloses about previously joined WiFi networks. iOS devices transmit ARPs which sometimes contain MAC addresses (BSSIDs) of previously joined WiFi networks, as described in

贝叶斯安全应用 (1)

贝叶斯安全应用 (1) 杀戮 (某无业游民) | 2014-11-24 18:12 之前在微博上看到一个妹纸分享了一个IBM的paper,关于通过贝叶斯推导数据泄露,很有趣,当然算法本