热点概要:Mac固件安全研究、AttifyOS:一款针对IoT的渗透测试系统(集成常用工具)、Gen2 UHF RFID Reader、Spring Data Rest服务器PATCH请求远程代码执行漏洞CVE-2017-8046补充分析、CVE-2017-11282:0patching Flash Player远程内存破坏漏洞
国内热词(以下内容部分来自:http://www.solidot.org/ )
在中国之后,韩国也宣布禁止ICO
莫斯科的监控网络部署面部识别技术
资讯类:
谷歌研究员发布攻破iPhone博通无线芯片的PoC利用代码
https://thehackernews.com/2017/09/apple-iphone-wifi-hacking.html
两年时间,Linux内核bug变成潜在的本地权限提升缺陷
https://thehackernews.com/2017/09/linux-kernel-hacking.html
技术类:
Mac固件安全研究
https://duo.com/blog/the-apple-of-your-efi-mac-firmware-security-research
安全圈关系可视化分析【安全圈也许就这么大续集】
http://mp.weixin.qq.com/s/lIOSV5JOs9VvIcSnf_gbAQ
AttifyOS:一款针对IoT的渗透测试系统(集成常用工具)
https://github.com/adi0x90/attifyos
如何保护关键任务域名(域名安全)
https://blendle.engineering/protecting-our-mission-critical-domain-names-e9807db9d84c
Gen2 UHF RFID Reader
https://github.com/nikosl21/Gen2-UHF-RFID-Reader
Spring Data Rest服务器PATCH请求远程代码执行漏洞CVE-2017-8046补充分析
https://xianzhi.aliyun.com/forum/read/2186.html
电子邮件跟踪的隐私启示
https://senglehardt.com/papers/pets18_email_tracking.pdf
4.13 KASLR bypass via virtually seccomp-proof 144 byte infoleak
exploit:https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c
Qmail SMTP Bash Environment Variable Injection (Shellshock)
https://packetstormsecurity.com/files/144424
介绍Cloudflare Warp:隐藏在Edge之后
https://blog.cloudflare.com/introducing-cloudflare-warp/
SolarWinds Network Performance Monitor 12.0.15300.90 Denial Of Service
https://packetstormsecurity.com/files/144412
CVE-2017-11282:0patching Flash Player远程内存破坏漏洞
https://www.youtube.com/watch?v=6iZnIQbRf5M&feature=youtu.be
0patching the "Immortal" CVE-2017-7269
http://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html
发表评论
您还未登录,请先登录。
登录