热点概要:Black Hat USA 2017军火库、看我如何黑掉PayPal的服务器,从任意文件上传到远程代码执行、通过Excel.Application RegisterXLL()方法执行DLL、Cisco WebEx Browser Extension RCE漏洞(CVE-2017-6753)分析、常见恶意软件分析工具介绍、从DNS和sinkhole视角看WannaCry蠕虫、英国牙医(NSA泄露漏洞利用工具之一)Exploit Analysis
资讯类:
报警:尼日利亚钓鱼正威胁全球工业企业
http://mp.weixin.qq.com/s/m5QMzsGYVrU_bn1WmCj2HQ
技术类:
看我如何黑掉PayPal的服务器,从任意文件上传到远程代码执行
http://blog.pentestbegins.com/2017/07/21/hacking-into-paypal-server-remote-code-execution-2017/
深入了解奇偶校验bug
http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/
通过Excel.Application RegisterXLL()方法执行DLL
https://gist.github.com/ryhanson/227229866af52e2d963cf941af135a52
Fast-key-erasure随机数生成器
http://blog.cr.yp.to/20170723-random.html
Cisco WebEx Browser Extension RCE漏洞(CVE-2017-6753)分析
http://mp.weixin.qq.com/s/v4oxyVqTA6sgtD3dHkKG7Q
英国牙医(NSA泄露漏洞利用工具之一)Exploit Analysis
https://blogs.technet.microsoft.com/srd/2017/07/20/englishmansdentist-exploit-analysis/
浅析OGNL表达式求值(S2-003/005/009跟踪调试记录)
http://mp.weixin.qq.com/s/VoNbuNE-SkAdMzngRv121Q
从DNS和sinkhole视角看WannaCry蠕虫
http://blog.netlab.360.com/wannacry-from-dns-and-sinkhole-view/
DG在Windows 10 S:执行任意代码
https://tyranidslair.blogspot.co.uk/2017/07/dg-on-windows-10-s-executing-arbitrary.html
Inject All the Things – DLL injection
http://blog.deniable.org/blog/2017/07/16/inject-all-the-things/
fuzz monkey – infrastructure fuzzer/fuzzing tools.
http://seclist.us/fuzz-monkey-infrastructure-fuzzerfuzzing-tools.html
Patching SambaCry by exploiting it
https://astr0baby.wordpress.com/2017/07/22/patching-sambacry-by-exploiting-it/
常见恶意软件分析工具介绍
http://www.hackingtutorials.org/malware-analysis-tutorials/basic-malware-analysis-tools/
防止深度包检测的方法
http://blog.codingnow.com/2017/07/antidpi.html
Kayak:CAN bus分析工具
https://n0where.net/can-bus-analysis-tool-kayak/
hacking移动电话嵌入式系统
NXcrypt:基于Python的后门框架
https://n0where.net/python-backdoor-framework-nxcrypt/
Websploit Wifi Jammer
http://www.hackingtutorials.org/metasploit-tutorials/websploit-wifi-jammer/
开发安全的 API 所需要核对的清单
https://github.com/shieldfy/API-Security-Checklist/blob/master/README-zh.md
NagaScan:针对Web应用的分布式被动扫描器
http://www.kitploit.com/2017/07/nagascan-nagascan-is-distributed.html
https://github.com/brianwrf/NagaScan
Black Hat USA 2017军火库
https://medium.com/hack-with-github/black-hat-arsenal-usa-2017-3fb5bd9b5cf2
发表评论
您还未登录,请先登录。
登录