3月28日热点 - Meltdown补丁再出问题,允许用户级程序读取内核数据

阅读量    24838 |

分享到: QQ空间 新浪微博 微信 QQ facebook twitter

 

资讯类

微软Meltdown补丁引发更大的安全漏洞,允许任何用户级应用程序从操作系统内核读取内容,甚至将数据写入内核内存

https://www.bleepingcomputer.com/news/microsoft/meltdown-patch-opened-bigger-security-hole-on-windows-7/

 

新的CPU侧信道攻击——BranchScope

https://www.bleepingcomputer.com/news/security/academics-discover-new-cpu-side-channel-attack-named-branchscope/

BranchScope is a new side-channel attack method against Intel chip

 

灰鹭监视公司

Grey Heron, the new Co in the surveillance industry that promises to spy on Signal and Telegram

 

浏览器内的加密越来越难以检测到

https://www.bleepingcomputer.com/news/security/in-browser-cryptojacking-is-getting-harder-to-detect/

 

VirusBay——分享恶意软件分析社区

https://www.bleepingcomputer.com/news/security/virusbay-aims-to-make-malware-analysis-more-social/

 

Firefox插件将Facebook网站及其所有域名隔离

https://www.bleepingcomputer.com/news/software/firefox-add-on-isolates-facebook-tracking-from-the-rest-of-the-browser/

 

Struts框架S2-056漏洞预警

https://cwiki.apache.org/confluence/display/WW/S2-056

https://open.work.weixin.qq.com/wwopen/mpnews?mixuin=3_HVCQAABwBuIkeyAAAUAA&mfid=WW0328-lC6I7gAABwAEhQ8V4-a1TwtN_v_23&idx=0&sn=47f1a5e9f022ba9c73fd5bf32511a0c0&from=timeline&isappinstalled=0

 

GOSCANSSH恶意软件瞄准SSH服务器

GoScanSSH Malware Targets SSH Servers, But Avoids Military and .GOV Systems

 

高额打车补贴下,黑产如何薅走美团的羊毛?
http://t.cn/RnHbBfP

 

技术类

客户端 session 导致的安全问题

https://paper.seebug.org/550/

 

披着狼皮的羊——寻找惠普多款打印机中的RCE漏洞

https://paper.seebug.org/549/

 

智能合约蜜罐

https://medium.com/@gerhard.wagner/the-phenomena-of-smart-contract-honeypots-755c1f943f7b

 

利用入侵分析的微控制器进行固件修复

https://duo.com/blog/microcontroller-firmware-recovery-using-invasive-analysis

 

强网杯出题思路

https://bbs.pediy.com/thread-225488.htm

 

强网杯writeup

https://lorexxar.cn/2018/03/26/qwb2018/

 

加密101:解密者的思考过程

Encryption 101: Decryptor’s thought process

 

记一次爬虫批量爬取exp

https://mp.weixin.qq.com/s?__biz=MzI5NTQ5MTAzMA==&mid=2247483860&idx=1&sn=c773f70165f5a48be62acdf8e0217f2d&chksm=ec53856ddb240c7b372d85c3912456b236f9b37e399e30c687b4596892cf5c399ef4ea9aeb18&scene=38#wechat_redirect

 

Pwn a CTF Platform with Java JRMP Gadget

http://blog.orange.tw/2018/03/pwn-ctf-platform-with-java-jrmp-gadget.html

 

Reducing Fuzzing Code Coverage Overhead using “Disposable Probes”

https://repret.wordpress.com/2018/03/21/128/

 

DiskShadow工具介绍

https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/

分享到: QQ空间 新浪微博 微信 QQ facebook twitter
|推荐阅读
|发表评论
|评论列表
加载更多