12月4日-每日安全知识热点

阅读量    35949 |

分享到: QQ空间 新浪微博 微信 QQ facebook twitter

http://p1.qhimg.com/t01ee0ded1a480b06ce.jpg

1、一周渗透系列的第四天:Post Exploitation

http://www.labofapenetrationtester.com/2015/12/week-of-continuous-intrusion-tools-day-4.html

2、一个隐藏原数据(metadata)的隐私消息系统

https://github.com/davidlazar/vuvuzela


3、由于三年的老漏洞导致备受瞩目的移动应用存在风险

http://blog.trendmicro.com/trendlabs-security-intelligence/high-profile-mobile-apps-at-risk-due-to-three-year-old-vulnerability/

4、常见powershell渗透工具整理

https://www.peerlyst.com/blog-post/resource-infosec-powershell-tools-resources-and-authors


5、Java的零日漏洞CVE-2015-4852被发现用于网络攻击

http://blog.imperva.com/2015/12/zero-day-attack-strikes-again-java-zero-day-vulnerability-cve-2015-4852-tracked-by-imperva.html

6、自动MIME附件分流

https://blog.rootshell.be/2015/12/04/automatic-mime-attachments-triage/


7、fuzzing math:opessl中的BN_mod_exp(CVE-2015-3193)错误计算

https://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.html

8、Zeronights'2015 会议上的2篇攻击hypervisors的PPT

https://github.com/REhints/Publications/tree/master/Conferences/Zeronights'2015


9、Botconf 2015 会议第二天记录

https://blog.rootshell.be/2015/12/03/botconf-2015-wrap-up-day-2/

10、0day贸易市场分析

http://moritzlaw.osu.edu/students/groups/is/files/2015/06/Fidler-Second-Review-Changes-Made.pdf


11、分析利用elasticsearch漏洞形成的僵尸网络

https://www.alienvault.com/open-threat-exchange/blog/elasticzombie-botnet-exploiting-elasticsearch-vulnerabilities

12、用VB.NET实现通过PID获取用户名

http://ibreak.software/2015/12/03/get-username-from-pid-in-vb-net/


13、从远程shell到远程终端(实现了tty,通过信号实现窗口大小改变)

http://blog.stalkr.net/2015/12/from-remote-shell-to-remote-terminal.html#more

14、微软IE CDOMStringDataList::InitFromString导致信息泄露

http://www.zerodayinitiative.com/advisories/ZDI-15-547/


15、sknyk's的公共漏洞数据库,帮你查阅历史漏洞

https://github.com/Snyk/vulndb

16、Defusing a binary bomb with gdb – Part 3

http://blog.carlosgaldino.com/2015/12/03/defusing-a-binary-bomb-with-gdb-part-3.html


17、恶意软件解密

https://blog.malwarebytes.org/development/2015/12/malware-crypters-the-deceptive-first-layer/

18、mitmproxy 0.15发行

http://corte.si/posts/code/mitmproxy/announce_0_15/

分享到: QQ空间 新浪微博 微信 QQ facebook twitter
|推荐阅读
|发表评论
|评论列表
加载更多