【知识】5月25日 - 每日安全知识热点

热点概要：Samba远程代码执行漏洞(CVE-2017-7494)分析、可靠的发现和利用Java反序列化漏洞、Pwn2own漏洞分享系列：利用macOS内核漏洞逃逸Safari沙盒  、macOS下Nylas邮件客户端的命令执行漏洞、ios开发中常见的安全漏洞 、chrome V8 越界读写漏洞分析、利用可信文档实现PDF UXSS、利用DNS隧道进行C＆C通信

资讯类：

---

在Samba潜伏7年的可蠕虫的远程代码执行漏洞

https://arstechnica.com/security/2017/05/a-wormable-code-execution-bug-has-lurked-in-samba-for-7-years-patch-now/

技术类：

---

Samba远程代码执行漏洞(CVE-2017-7494)公告

https://lists.samba.org/archive/samba-announce/2017/000406.html

Samba远程代码执行漏洞(CVE-2017-7494)分析

http://bobao.360.cn/learning/detail/3900.html

可靠的发现和利用Java反序列化漏洞

https://techblog.mediaservice.net/2017/05/reliable-discovery-and-exploitation-of-java-deserialization-vulnerabilities/

对亚洲大型apt组织OceanLotus的跟踪分析

https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/

wordpress漏洞利用框架

https://github.com/rastating/wordpress-exploit-framework

Auto Hooks Spider

http://www.thinkings.org/2017/05/24/auto-hooks-spider.html

Pwn2own漏洞分享系列：利用macOS内核漏洞逃逸Safari沙盒

http://blogs.360.cn/blog/pwn2own-using-macos-kernel-vuln-escape-from-safari-sandbox/

macOS下Nylas邮件客户端的命令执行漏洞

http://elladodelnovato.blogspot.com.es/2017/05/nylas-mail-command-injection-on-macos.html

ios开发中常见的安全漏洞

https://github.com/felixgr/secure-ios-app-dev

那些你不知道的爬虫反爬虫套路

https://mp.weixin.qq.com/s?__biz=MjM5MDI3MjA5MQ==&mid=2697266133&idx=1&sn=51426072d8ad4c4496795127e9c9f1ae

Linux查杀木马经验总结

http://qicheng0211.blog.51cto.com/3958621/1928738

chrome V8 越界读写漏洞分析

https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/

NTP，SSDP和DNS放大攻击简述

https://blog.cloudflare.com/reflections-on-reflections/

File2pcap:通过模拟流量并创建合适的pcap文件

http://blog.talosintelligence.com/2017/05/file2pcap.html

chrome V8 越界读写漏洞分析

https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/

如何加固你的网络环境

https://www.appsecconsulting.com/blog/get-back-to-basics-before-you-get-pwned

Trend Micro ServerProtect多个漏洞

https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities

利用可信文档实现PDF UXSS

http://insert-script.blogspot.co.at/2017/05/pdf-fdf-uxss-via-trusted-document.html

MS Edge:Exploiting MS16-145: MS Edge TypedArray.sort Use-After-Free (CVE-2016-7288)

https://blog.quarkslab.com/exploiting-ms16-145-ms-edge-typedarraysort-use-after-free-cve-2016-7288.html

Firefox:在Firefox中利用Cross-mmap溢出

https://saelo.github.io/posts/firefox-script-loader-overflow.html

Safari:Pwn2Own 2017: UAF in JSC::CachedCall (WebKit)

https://phoenhex.re/2017-05-04/pwn2own17-cachedcall-uaf

Chrome:Out-of-bounds read in V8 Array.concat

https://bugs.chromium.org/p/chromium/issues/detail?id=682194

利用DNS隧道进行C＆C通信

https://securelist.com/blog/research/78203/use-of-dns-tunneling-for-cc-communications/

libtiff发布更新修复OSS-Fuzz报送的11个bug

http://www.simplesystems.org/libtiff/v4.0.8.html

Windows Kernel Pool Spraying

http://trackwatch.com/windows-kernel-pool-spraying/

WebKit: UXSS via Editor::Command::execute

https://bugs.chromium.org/p/project-zero/issues/detail?id=1133