转:https://github.com/re-pronin/Awesome-Vulnerability-Research Awesome Vulnerability Research …

In this article, we are going to see another powerful framework that is used widely in pen-testing. Burp suite is an integration of various tools put together to work in an effective manner to help the pen-tester in the entire testing process, from t…

0x01. IIS短文件漏洞的由来 Microsoft IIS 短文件/文件夹名称信息泄漏最开始由Vulnerability Research Team(漏洞研究团队)的Soroush Dalili在2010年8月1日发现,并于2010年8月3日通知供应商(微软公司).微软公司分别于2010年12月1日和2011年1月4日给予答复下个版本修复.2012年6月29日,此漏洞公开披露(中危). 此漏洞实际是由HTTP请求中旧DOS 8.3名称约定(SFN)的代字符(〜)波浪号引起的.它允许远程攻击者…

Awesome Courses  Introduction There is a lot of hidden treasure lying within university pages scattered across the internet. This list is an attempt to bring to light those awesome courses which make their high-quality material i.e. assignments, lect…

1.IIS短文件漏洞 Microsoft IIS 短文件/文件夹名称信息泄漏最开始由Vulnerability Research Team(漏洞研究团队)的Soroush Dalili在2010年8月1日发现,并于2010年8月3日通知供应商(微软公司).微软公司分别于2010年12月1日和2011年1月4日给予答复下个版本修复.2012年6月29日,此漏洞公开披露(中危). 此漏洞实际是由HTTP请求中旧DOS 8.3名称约定(SFN)的代字符(〜)波浪号引起的.它允许远程攻击者在Web根目录…

NOTE: This specific issue was fixed before the launch of Privacy-Preserving Contact Tracing in iOS 13.5 in May 2020. In this demo I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proxi…

目录 . 序列化的定义 . serialize:序列化 . unserialize:反序列化 . 序列化.反序列化存在的安全风险 . Use After Free Vulnerability -] . PHP中的内存破坏漏洞利用(CVE--8142和CVE--) . PHP多种序列化.反序列化处理机制不同导致对象注入 . 序列化/反序列化在开源CMS上存在的漏洞 . pch-.md: Use After Free Vulnerabilities in Session Deserializer .…

In this blog post we'll go over a Linux kernel privilege escalation vulnerability I discovered which enables arbitrary code execution within the kernel. The vulnerability affected all devices based on Qualcomm chipsets (that is, based on the "msm&quo…

ANALYSIS AND EXPLOITATION OF A LINUX KERNEL VULNERABILITY (CVE-2016-0728) By Perception Point Research Team Introduction The Perception Point Research team has identified a 0-day local privilege escalation vulnerability in the Linux kernel. While the…

Research Guide: Pruning Techniques for Neural Networks 2019-11-15 20:16:54 Original: https://heartbeat.fritz.ai/research-guide-pruning-techniques-for-neural-networks-d9b8440ab10d Pruning is a technique in deep learning that aids in the development of…

hihoCoder #1427 : What a Simple Research(大㵘研究) 时间限制:1000ms 单点时限:1000ms 内存限制:256MB Description - 题目描述 Peking University Student Folk Music Band has a history of more than 90 years. They play Chinese traditional music by Chinese traditional instruments…

As I walked through the large poster-filled hall at CVPR 2013, I asked myself, “Quo vadis Computer Vision?" (Where are you going, computer vision?)  I see lots of papers which exploit last year’s ideas, copious amounts of incremental research, and an…

  Deep Learning Research Review Week 2: Reinforcement Learning 转载自: https://adeshpande3.github.io/adeshpande3.github.io/Deep-Learning-Research-Review-Week-2-Reinforcement-Learning This is the 2nd installment of a new series called Deep Learning Resea…

MLA Handbook for Writers of Research Papers.7th ed.New York:MLA,2009.print.还有一本,留待阅读MLA Style Manual and Guide to Scholarly Publishing.3rd ed.New York:MLA, 2008.print. 1 .总结 区分文章内容:        著,your ideas/words;        述, your summaries and paraphrases…

This list is not exhaustive - help expand it! Social Tagging Systems Research Group Source Year Obtained Availability Contact References CiteULike Oversity Ltd. Primary Daily Snapshots Via Download after Email (link) Richard Cameron   Bibsonomy KDE P…

目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 为了理解这个漏洞,我们需要先理解两个基本概念 0x1: Bash的环境变量 . 只能在当前shell中使用的"局部变量" var="hello world" echo $var . 在子进程中也可以使用的"全局变量" export var="hello…

This abstract tells me a lot of stories about itself. Here I want to discuss two stories about it. It has demonstrated an excellent job of promoting and abstracting itself to a higher level by playing with words. The work this abstract has done is me…

catalogue . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 other SQL injection vulnerability via graphs_new.php in cacti was found, reported to the bug http://bugs.cacti.net/view.php?id=2652 Relevant Link: http://bobao.360.cn/snapshot/index?id…

catalog . Description . Analysis 1. Description PHP is vulnerable to a remote denial of service, caused by repeatedly allocate memory.concatenate string.copy string and free memory when PHP parses header areas of body part of HTTP request with multip…

catalog . Description . Effected Scope . Exploit Analysis . Principle Of Vulnerability . Patch Fix 1. Description OGNL provides, among other features, extensive expression evaluation capabilities. A request that included a specially crafted request p…

Catalog . Linux attack vector . Grsecurity/PaX . Hardened toolchain . Default addition of the Stack Smashing Protector (SSP): Compiler Flag: GS . Automatic generation of Position Independent Executables (PIEs): System Characteristic + Compiler Flag:…

You Can Do Research Too I was recently discussing gatekeeping and the process of getting started in CS research with a close friend. I feel compelled to offer a note. As a practicing academic researcher, I’m personally thrilled by the degree of excit…

Computer Graphics Research Software Helping you avoid re-inventing the wheel since 2009! Last updated December 5, 2012.Try searching this page for keywords like 'segmentation' or 'PLY'.If you would like to contribute links, please e-mail them to rms@…

转自:http://lyxh-2003.iteye.com/blog/434014 这是大科学家Richard Hamming的著名讲演,于1986年在贝尔通讯研究中心给200多名Bellcore的科学家们所做.在google上一搜,还未见中文翻译.在享受到Hamming闪耀的智慧的同时,禁不住要把它译成中文,让更多的只学了法语.德语.和柬埔寨语还未来得及学英语的同胞可以分享.思维是独特的,任何人的翻译都加上了译者的“思想”.所以,要知道Hamming到底讲的什么,请看原文.要看我是如何听Ham…

Adit Deshpande CS Undergrad at UCLA ('19) Blog About Resume Deep Learning Research Review Week 1: Generative Adversarial Nets Starting this week, I’ll be doing a new series called Deep Learning Research Review. Every couple weeks or so, I’ll be summa…

时间:2015.11.21 版本:初稿 ------------------------------------------------------------------------------------------------- 主页:http://johanneskopf.de/ 简介: Background I am a researcher at Microsoft Research in Redmond. Before I came to Seattle I got a Ph.D.…

Pooyan Jamshidi, Aakash Ahmad, Claus Pahl, "Cloud Migration Research: A Systematic Review," IEEE Transactions on Cloud Computing, 20 Nov. 2013. IEEE computer Society Digital Library. IEEE Computer Society 作者Pooyan Jamshidi是都柏林城市大学School of Compu…

HDU   3294 Problem Description One day, sailormoon girls are so delighted that they intend to research about palindromic strings. Operation contains two steps:First step: girls will write a long string (only contains lower case) on the paper. For exa…

目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 这次的CVE和windows的Secure Channel (Schannel)有关 The Secure Channel (Schannel) security package is a Security Support Provider (SSP) that implements the Secure Soc…

目录 . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 Use Drupal to build everything from personal blogs to enterprise applications. Thousands of add-on modules and designs let you build any site you can imagine. Join us!Drupal是使用PHP语言编写的开源内容管理框…