热点概要:使用D-Link路由器构建僵尸网络、Luckystrike:恶意office文档生成器、小心Bashware:恶意软件绕过杀软的新思路、Ansible Vault、Tablib YAML解析器原创代码执行漏洞、Spaghetti:Web漏洞扫描器、Ichidan:暗网中的网络空间搜索引擎(类似shodan)、CVE-2017-0213: Windows COM权限提升漏洞
资讯类:
恶意软件作者在网页中植入js代码用来挖矿
开发人员利用存在安全问题的SDK无意将恶意代码插入Android APP中
技术类:
使用D-Link路由器构建僵尸网络
https://embedi.com/blog/enlarge-your-botnet-top-d-link-routers-dir8xx-d-link-routers-cruisin-bruisin
Luckystrike:恶意office文档生成器
https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator
小心Bashware:恶意软件绕过杀软的新思路
https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/
Ansible Vault、Tablib YAML解析器原创代码执行漏洞
http://blog.talosintelligence.com/2017/09/vulnerability-spotlight-yaml-remote.html
Equifax:重新思考社保号作为唯一身份标识符(Part I)
https://securingtomorrow.mcafee.com/business/equifax-rethinking-social-security-numbers-identifiers
从SQL注入到管理员权限
https://www.notsosecure.com/anatomy-of-a-hack-sqli-to-enterprise-admin/
Spaghetti:Web漏洞扫描器
https://github.com/m4ll0k/Spaghetti
利用CVE-2017-0199和UAC绕过的PowerPoint文件解析
https://blog.fortinet.com/2017/09/01/powerpoint-file-armed-with-cve-2017-0199-and-uac-bypass
Nicky Bloor – BaRMIe – Poking Java's Back Door – 44CON 2017
https://www.slideshare.net/NickBloor3/nicky-bloor-barmie-poking-javas-back-door-44con-2017
Ichidan:暗网中的网络空间搜索引擎(类似shodan)
Windbg-Cheat-Sheet
https://github.com/bulentrahimkazanci/Windbg-Cheat-Sheet
从PHP源码与扩展开发谈PHP任意代码执行与防御
https://blog.zsxsoft.com/post/30
Digital Whisper
https://www.exploit-db.com/docs/42712.pdf
youtube高级flash漏洞分析
https://opnsec.com/2017/09/advanced-flash-vulnerabilities-in-youtube-part-4/
free open-source macOS firewall
https://github.com/objective-see/LuLu
CVE-2017-0213: Windows COM权限提升漏洞
https://github.com/WindowsExploits/Exploits/tree/master/CVE-2017-0213/Binaries
EST API Security Testing with Acunetix
https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/
通过Argus PDF转换器深入了解MarkLogic漏洞利用过程
http://blog.talosintelligence.com/2017/09/deep-dive-marklogic-exploitation.html
How I Snatched 153,037 ETH After A Bad Tinder Date
https://medium.com/@rtaylor30/how-i-snatched-your-153-037-eth-after-a-bad-tinder-date-d1d84422a50b
SuperBeam:利用wifi和NFC的跨平台文件传输APP
https://thinktanksec.github.io/
Exploit iOS 9.x Userland with LLDB JIT
https://www.slideshare.net/Proteas_Wang/exploit-ios-9x-userland-with-lldb-jit
New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 2/2
http://www.intezer.com/new-variants-of-agent-btz-comrat-found-part-2/
Theater Management Script – SQL Injection
https://www.exploit-db.com/exploits/42716
发表评论
您还未登录,请先登录。
登录