技术类:
xss蠕虫的基础知识:第一部分
http://brutelogic.com.br/blog/genesis-xss-worm-part-i/
民主党竞选捐款系统的CSRF漏洞
http://rajk.me/actblue/#intro
Flash 0day漏洞被用于 ScarCruft APT组织
https://securelist.com/blog/research/75100/operation-daybreak/
利用不回显(unreachable)的sql注入
https://blog.asdizzle.com/index.php/2016/06/18/exploiting-unreachable-sql-injections/
通过scf文件不说SMB/HTTP认证
https://room362.com/post/2016/smb-http-auth-capture-via-scf/
犯混淆movfuscated过的二进制文件的开源工具
https://github.com/kirschju/demovfuscator
安全杂志pocorgtfo发行第12期
http://www.sultanik.com/pocorgtfo/pocorgtfo12.pdf
openbank:安全,轻松的使用BTC TRACKER
https://www.evilsocket.net/2016/06/19/presenting-openbank-a-safe-and-easy-to-use-btc-tracker
The Backdoor Factory (BDF) 工具更新至3.4.0,增加-p参数,可预处理目录中的样本
https://github.com/secretsquirrel/the-backdoor-factory
华为固件扫描工具,扫描华为oat服务器中的新的或老的固件
https://github.com/xyzy/huawei-firmware-scanner
Alvaro Muñoz报告的Struts2安全问题
https://struts.apache.org/docs/s2-033.html
https://struts.apache.org/docs/s2-035.html
https://struts.apache.org/docs/s2-036.html
监视和控制内核模式的事件
http://tandasat.github.io/HyperPlatform/recon2016/REcon2016_presentation.pdf
分析Angler-less利用工具包
https://blog.malwarebytes.com/threat-analysis/2016/06/a-look-at-the-angler-less-exploit-kit-scene/
Hacking the Blynclight
https://mborgerson.com/hacking-the-blynclight
XSS post-exploitation 利用工具
https://github.com/Danladi/HttpPwnly
通过FLASH的安装和卸载执行文件实现提权
http://seclists.org/fulldisclosure/2016/Jun/39
在运行前控制JAVASCRIPT 恶意软件
https://isc.sans.edu/diary/Controlling+JavaScript+Malware+Before+it+Runs/21171
使用flash检测远程用户使用的杀软
http://agrrrdog.blogspot.com/2016/06/remote-detection-of-users-av-via-flash.html
Process Failure Modes
https://drive.google.com/file/d/0B5sMkPVXQnfPaVB6T2N3Mk5UX28/view?pref=2&pli=1
Area41 会议 2016 介绍
https://www.insinuator.net/2016/06/area41-conference-2016/
gdb插件用于android debugging
https://github.com/cx9527/strongdb
资讯类:
一个学生如何欺骗1700个代码人员运行他的恶意脚本的
http://arstechnica.com/security/2016/06/college-student-schools-govs-and-mils-on-perils-of-arbitrary-code-execution/
五角大楼的赏金猎人活动发现超过100个安全漏洞
http://hothardware.com/news/hack-the-pentagon-campaign-unearths-over-100-security-vulnerabilities#7tOh7TisRvmOOQrQ.02
黑客通过摄像头来监视加拿大政党会议
http://news.softpedia.com/news/hacker-spied-on-canadian-political-party-s-meetings-via-video-camera-feeds-505414.shtml
GoToMyPC账号被黑,所有客户密码重置
https://www.grahamcluley.com/2016/06/gotomypc-hacked-customer-passwords-reset/
最新的flash 0day滥用windows dde协议
http://news.softpedia.com/news/latest-flash-zero-day-abuses-windows-dde-protocol-505406.shtml
数据泄露消息:
DNC黑客事件继续升温,黑客继续放出资料,包含金融报告和捐献者的个人数据
发表评论
您还未登录,请先登录。
登录