【知识】5月31日 - 每日安全知识热点

热点概要：syscan360国际前瞻信息安全会议在美国西雅圖四季酒店召开、影子经纪人推出0day漏洞订阅服务 每月21000美元、Judy Android 恶意病毒感染超过3650万谷歌Play商店用户、RFID Hacking with The Proxmark 3、sudo的get_process_ttyname()方法存在提权漏洞、Windows MsMpEng remotely exploitable UaF due to design issue in GC engine、一键自动化域渗透工具、福特SYNC 1代 模块分析、TerraMaster NAS TOS<=3.0.30 未经验证的远程root权限代码执行、从根本上突破UAC 、跨域爆破Github SAML 和 2FA recovery codes、开始windows内核开发part 1 建立实验环境、Pivoting from blind SSRF to RCE with HashiCorp Consul、在OSX上监听单个应用HTTPS流量、心脏起搏器的安全性评测、突破Citrix和其他限制的桌面环境、Samba远程代码执行漏洞(CVE-2017-7494)-SambaCry分析报告

资讯类：

---

syscan360国际前瞻信息安全会议在美国西雅圖四季酒店召开

http://www.syscan360.org/

影子经纪人推出0day漏洞订阅服务 每月21000美元

http://thehackernews.com/2017/05/shadow-brokers-exploits.html

Judy Android 恶意病毒感染超过3650万谷歌Play商店用户

http://thehackernews.com/2017/05/android-adware-malware.html

 

技术类：

---

RFID Hacking with The Proxmark 3

https://blog.kchung.co/rfid-hacking-with-the-proxmark-3/

proxmark3预编译固件集合

    https://github.com/exploitagency/github-proxmark3-standalone-lf-emulator

sudo的get_process_ttyname()方法存在提权漏洞 

http://www.openwall.com/lists/oss-security/2017/05/30/16

Windows MsMpEng remotely exploitable UaF due to design issue in GC engine

https://bugs.chromium.org/p/project-zero/issues/detail?id=1258

一键自动化域渗透工具

https://byt3bl33d3r.github.io/automating-the-empire-with-the-death-star-getting-domain-admin-with-a-push-of-a-button.html

福特SYNC 1代 模块分析

https://jdgforensicblog.wordpress.com/2017/05/28/analysis-of-a-ford-sync-gen-1-module/

TerraMaster NAS TOS 3.0.30以下版本(包含3.0.30) 未经验证的远程root权限代码执行

https://www.evilsocket.net/2017/05/30/Terramaster-NAS-Unauthenticated-RCE-as-root/#.WS1gUW36cHI.reddit

从根本上突破UAC 

https://gist.github.com/tyranid/9ffef5962a642d4a1bb8e4ee7e3bebc5

跨域爆破Github SAML 和 2FA recovery codes

http://blog.intothesymmetry.com/2017/05/cross-origin-brute-forcing-of-saml-and.html

开始windows内核开发part 1 建立实验环境

https://hshrzd.wordpress.com/2017/05/28/starting-with-windows-kernel-exploitation-part-1-setting-up-the-lab/

Pivoting from blind SSRF to RCE with HashiCorp Consul

http://www.kernelpicnic.net/2017/05/29/Pivoting-from-blind-SSRF-to-RCE-with-Hashicorp-Consul.html

一本关于堆内存开发的书

https://github.com/DhavalKapil/heap-exploitation

在OSX上监听单个应用HTTPS流量

https://calebfenton.github.io/2017/05/27/monitoring-https-of-a-single-app-on-osx/

心脏起搏器的安全性评测

https://drive.google.com/file/d/0B_GspGER4QQTYkJfaVlBeGVCSW8/view

Dirty COW and why lying is bad even if you are the Linux kernel

https://chao-tic.github.io/blog/2017/05/24/dirty-cow

ARM装配基础介绍

https://azeria-labs.com/writing-arm-assembly-part-1/

突破Citrix和其他限制的桌面环境

https://www.pentestpartners.com/security-blog/breaking-out-of-citrix-and-other-restricted-desktop-environments/?doing_wp_cron=1496192804.4728899002075195312500

Samba远程代码执行漏洞(CVE-2017-7494)-SambaCry分析报告

http://bobao.360.cn/learning/detail/3915.html