每日攻防资讯简报[Nov.23th]

1.ImageMagick：通过PDF密码进行Shell注入

https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html

2.逆向分析教程，覆盖x86, x64, 32-bit ARM & 64-bitARM架构

https://github.com/mytechnotalent/Reverse-Engineering-Tutorial

3.My First Kernel Module: A DebuggingNightmare

https://reberhardt.com/blog/2020/11/18/my-first-kernel-module.html

4.模糊哈希与常规哈希

https://hackerspot.net/2020/11/20/fuzzy-hashing-vs-regular-hashing/

5.Burp Suite与OWASPZAP对比

https://jaw33sh.wordpress.com/2020/11/22/burp-suite-vs-owasp-zap-a-comparison-series/

6.特权容器逃逸，以在容器主机上执行任意命令

https://ajxchapman.github.io/containers/2020/11/19/privileged-container-escape.html

7..NET中几种动态调用方法，可用于绕过内联和IAT挂钩

https://blog.nviso.eu/2020/11/20/dynamic-invocation-in-net-to-bypass-hooks/

8.使用杀毒软件转储进程内存

https://www.archcloudlabs.com/projects/dumping-memory-with-av/

9.High Security, Plausible Deniability andTwo Factor Encryption: You're the Weak Link

https://www.alvarez.io/posts/two-factor-encryption/

10.HTB Buff [writeup]

https://medium.com/bugbountywriteup/htb-buff-writeup-5d118ab695c0

11.攻击1Password：在没有加密知识的情况下解密数据

https://www.youtube.com/watch?v=ZTEXpPQTz5o

12.路由器渗透测试

https://www.hackingarticles.in/router-penetration-testing/

13.将基于盲错误的SQL注入转换为可利用的漏洞

https://ozguralp.medium.com/turning-blind-error-based-sql-injection-into-an-exploitable-boolean-one-85d6be3ca23b

14.通过命名管道分析检测Cobalt Strike默认模块

https://labs.f-secure.com/blog/detecting-cobalt-strike-default-modules-via-named-pipe-analysis/

15.XXE注入完全指南

https://www.hackingarticles.in/comprehensive-guide-on-xxe-injection/