【知识】9月8日 - 每日安全知识热点

热点概要：Windows内核bug阻止安全软件识别恶意软件、微软拒绝修复Edge浏览器中的内容安全策略绕过问题、如何利用Python反序列化漏洞、Struts REST漏洞 (CVE-2017-9805)检测payload、TrickBot银行木马Dropper分析、CVE-2017-0780：可使Android的Messages应用程序crash的拒绝服务漏洞分析。

资讯类：

Windows内核bug阻止安全软件识别恶意软件

https://www.bleepingcomputer.com/news/security/bug-in-windows-kernel-could-prevent-security-software-from-identifying-malware/

微软拒绝修复Edge浏览器中的内容安全策略绕过问题

https://www.theregister.co.uk/2017/09/07/talos_says_msft_edge_content_security_bypass_is_a_feature_wont_be_patched/

技术类：

如何利用Python反序列化漏洞

https://crowdshield.com/blog.php?name=exploiting-python-deserialization-vulnerabilities 

Windows内核池混合对象漏洞利用

http://srcincite.io/blog/2017/09/06/sharks-in-the-pool-mixed-object-exploitation-in-the-windows-kernel-pool.html

Linux进程间代码注入

https://blog.gdssecurity.com/labs/2017/9/5/linux-based-inter-process-code-injection-without-ptrace2.html

PiFinger：检测当前网络中是否存在Wifi- Pineapple，并评估当前wifi网络的安全性

https://github.com/besimaltnok/PiFinger

无线网络后渗透的艺术：通过Indirect Wireless Pivots绕过端口访问控制

https://github.com/GDSSecurity/Whitepapers/blob/master/GDS%20Labs%20-%20The%20Black%20Art%20of%20Wireless%20Post%20Exploitation%20-%20Bypassing%20Port%20Based%20Access%20Controls%20Using%20Indirect%20Wireless%20Pivots.pdf

DolphinAttack: Inaudible Voice Commands

https://endchan.xyz/.media/50cf379143925a3926298f881d3c19ab-applicationpdf.pdf

Jungo DriverWizard WinDriver – 内核池溢出

https://www.exploit-db.com/exploits/42624/

Apache Struts 2.5 – Remote Code Execution

https://www.exploit-db.com/exploits/42627/

CVE-2017-0780：影响Android消息应用程序的拒绝服务漏洞分析

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-0780-denial-service-vulnerability-android-messages-app/

Hunting Pastebin with PasteHunter

https://techanarchy.net/2017/09/hunting-pastebin-with-pastehunter/

Windows内核驱动程序漏洞利用

https://glennmcgui.re/introduction-to-windows-kernel-exploitation-pt-1/

RHME3 Quals – Exploitation

https://glennmcgui.re/rhme3-quals-exploitation/

过期的域名和恶意软件

https://blog.malwarebytes.com/threat-analysis/2017/09/expired-domain-names-and-malvertising/

Detection payload for the new Struts REST vulnerability (CVE-2017-9805)

https://techblog.mediaservice.net/2017/09/detection-payload-for-the-new-struts-rest-vulnerability-cve-2017-9805/

TrickBot银行木马Dropper分析

http://www.ringzerolabs.com/2017/07/trickbot-banking-trojan-doc00039217doc.html