【知识】10月17日 - 每日安全知识热点

阅读量    25907 |

分享到: QQ空间 新浪微博 微信 QQ facebook twitter

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:ShadowBrokers再一次回归,只要10万欧元(500 ZEC)就可以获得十月度的漏洞利用工具、Basics of Tracking WMI Activity、BlackBerry Workspaces服务器远程代码执行漏洞分析、Passionfruit:iOS应用黑盒评估工具、Exploiting on CVE-2016-6787利用内存破坏实现Python沙盒逃逸

国内热词(以下内容部分来自:http://www.solidot.org/ )

KRACK 攻击能解密 Android 设备传输的数据,OpenBSD 提前释出补丁

世人不再嘲笑朝鲜的网络战力量

WPA2 协议漏洞让 Wi-Fi 流量能被攻击者监听

资讯类:

ShadowBrokers再一次回归,只要10万欧元(500 ZEC)就可以获得十月度的漏洞利用工具

https://steemit.com/shadowbrokers/@theshadowbrokers/october-price-adjustment 

技术类:

Basics of Tracking WMI Activity

https://www.darkoperator.com/blog/2017/10/14/basics-of-tracking-wmi-activity 


利用内存破坏实现Python沙盒逃逸

https://mp.weixin.qq.com/s/s9fAskmp4Bb42OYsiQJFaw 


BlackBerry Workspaces服务器远程代码执行漏洞分析

https://blog.gdssecurity.com/labs/2017/10/16/remote-code-execution-in-blackberry-workspaces-server.html 

ROCA: Vulnerable RSA generation (CVE-2017-15361)

https://crocs.fi.muni.cz/public/papers/rsa_ccs17 

BlackOasis APT和利用0day的新目标攻击

https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/    

https://exchange.xforce.ibmcloud.com/collection/9ffcf4ce159e932cfe597695c1f44fe8?from=timeline 

Vulnerability Patched in Democratic Donor Database

https://jlospinoso.github.io/responsible%20disclosure/abrade/hacking/2017/10/16/ngpvan-email-subscription.html 

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2

https://papers.mathyvanhoef.com/ccs2017.pdf 

Call for WPA3 – what's wrong with WPA2 security and how to fix it

https://github.com/d33tah/call-for-wpa3/blob/master/README.md?t=1 

Passionfruit:iOS应用黑盒评估工具

https://github.com/chaitin/passionfruit 

Windows Kernel pool memory disclosure in nt!RtlpCopyLegacyContextX86

https://bugs.chromium.org/p/project-zero/issues/detail?id=1311 

Exploiting on CVE-2016-6787

https://hardenedlinux.github.io/system-security/2017/10/16/Exploiting-on-CVE-2016-6787.html 

分享到: QQ空间 新浪微博 微信 QQ facebook twitter
|推荐阅读
|发表评论
|评论列表
加载更多