【知识】11月12日 - 每日安全知识热点

阅读量    76206 |

分享到: QQ空间 新浪微博 微信 QQ facebook twitter

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:DHS团队成功黑掉波音757、CVE-2017-13089 Wget HTTP整数溢出、通过搜索控件预览缓存获取私密推特、伪造密码段绕过浏览器安全警告、数据线间谍设备、子域名渗透测试手册Tor网络的信息收集、Powershell脚本的混淆与反混淆

 

 

 

 

资讯类:

 

 

 

 

 

 

 

Web扩展与其安全性浅谈

https://palant.de/2017/11/11/on-web-extensions-shortcomings-and-their-impact-on-add-on-security

 

勒索软件周报:Cobra,Lockcrypt等

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-10th-2017-ordinypt-and-lockcrypt/

https://www.bleepingcomputer.com/news/security/new-cobra-crysis-ransomware-variant-released/

https://www.bleepingcomputer.com/news/security/lockcrypt-ransomware-crew-started-via-satan-raas-now-deploying-their-own-strain/

 

DHS团队成功黑掉波音757

https://www.bleepingcomputer.com/news/security/dhs-team-hacks-a-boeing-757/

 

 

 

技术类:

 

 

 

 

 

 

 

 

Powershell之劫持数字签名

https://pentestlab.blog/2017/11/08/hijack-digital-signatures-powershell-script/

 

CVE-2017-13089 Wget HTTP整数溢出

https://xorl.wordpress.com/2017/11/11/cve-2017-13089-wget-http-integer-overflow/

 

子域名渗透测试手册

https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6

 

Tor网络的信息收集

https://vallejo.cc/2017/11/11/using-gathering-information-tools-through-tor-network/

 

通过搜索控件预览缓存获取私密推特

https://hackerone.com/reports/263760

 

谷歌验证码破解实例

http://rickyhan.com/jekyll/update/2017/11/10/bypassing-recaptcha.html

 

Radiocarbon泄漏信息分析工具

https://github.com/Neo23x0/radiocarbon

 

Chrome List Item Marker RCE漏洞

https://bugs.chromium.org/p/chromium/issues/detail?id=684684

 

数据线间谍设备

https://ha.cking.ch/s8_data_line_locator/#s8-data-line-locator-capabilities

 

 

Powershell脚本的混淆与反混淆

 

https://pcsxcetrasupport3.wordpress.com/2017/11/11/de-obfuscating-a-powershell-script-obfuscated-by-invoke-obfuscation/

 

伪造密码段绕过浏览器安全警告

https://www.troyhunt.com/bypassing-browser-security-warnings-with-pseudo-password-fields/

 

分享到: QQ空间 新浪微博 微信 QQ facebook twitter
|推荐阅读
|发表评论
|评论列表
加载更多