每日攻防资讯简报[Mar.9th]

1.CpuidSpoofer：x64dbg插件，辅助修改CPUID指令的行为

https://github.com/jonatan1024/CpuidSpoofer

2.search-that-hash：首先检查各个网站查找要破解的hash，找不到则自动传递给HashCat

https://github.com/HashPals/search-that-hash

3.HelloSmm：使用自定义SMM模块构建BIOS

https://github.com/tandasat/HelloSmm

1.通过重新编译Flutter Engine逆向Flutter应用

https://tinyhack.com/2021/03/07/reversing-a-flutter-app-by-recompiling-flutter-engine/

2.如何搜索由短域名服务公开的URL

https://grayhatwarfare.medium.com/how-to-search-urls-exposed-by-shortener-services-f68e199cd560

3.Lord of the Ring(s)：对CPU片上环形互连的侧通道攻击

https://github.com/FPSG-UIUC/lotr

4.如何通过响应操作绕过著名的区域性电子纸Web应用程序的订阅计划

https://infosecwriteups.com/how-i-was-able-to-bypass-the-subscription-plan-of-a-famous-regional-e-paper-web-application-by-b14bb5d82c5f

5.Prime + Probe 1，JavaScript 0：克服基于浏览器的侧通道防御

https://orenlab.sise.bgu.ac.il/p/PP0?k

6.Academy HackTheBox Walkthrough

https://www.hackingarticles.in/academy-hackthebox-walkthrough/

7.McAfee ATR：以图标的方式思考网络攻击行动

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-thinks-in-graphs

8.[HTB] Passage

https://infosecwriteups.com/htb-passage-36b0cf14f64b

9.Google Update Service being a scum

https://halove23.blogspot.com/2021/03/google-update-service-being-scum.html

https://github.com/klinix5/GoogleUpdateSvcLPE