半月安全看看看第五期

首先感谢360安全播报、FreebuffgithubExploit-db、天融信等各安全资讯平台,为安全事业做出的努力。小编秉承着安全你我他的信念,收集半个月以来的安全资讯,希望能给更多人以帮助。

资讯类:

维基解密揭示了CIA用来掩饰自己攻击的框架“Marble”

http://thehackernews.com/2017/03/cia-marble-framework.html

 

攻击者利用Dimnie窃取数据恶意软件对GitHub项目的所有者进行定位

http://securityaffairs.co/wordpress/57565/malware/dimnie-data-stealer-github.html

google发现一个隐藏3年多严重的Android Chrysaor恶意软件

http://thehackernews.com/2017/04/spy-app-for-android.html

 

升级你的ios到iOS 10.3.1,避免通过WIFI导致任意代码执行

http://thehackernews.com/2017/04/iphone-ios-update.html

数百万的使用 Broadcom Wifi芯片的智能手机存在漏洞

http://thehackernews.com/2017/04/broadcom-wifi-hack.html

 

一家网络犯罪组织接管了巴西一家主要银行的在线服务五个小时,危及该银行整个DNS基础设施

http://securityaffairs.co/wordpress/57736/cyber-crime/brazilian-bank-hacked.html

Scottrade银行确认泄漏20,000用户记录和60GB MSSQL信息

http://securityaffairs.co/wordpress/57773/data-breach/scottrade-bank-data-leak.html

Microsoft Word 0day在野外被利用

http://thehackernews.com/2017/04/microsoft-word-zero-day.html

 

数以百万计的手机和笔记本电脑潜在地受到基带存在0day

http://securityaffairs.co/wordpress/57867/hacking/mobile-baseband-zero-day.html

 

Crooks 窃取通过无文件的恶意软件从俄罗斯的8台ATM窃取80万美刀

http://securityaffairs.co/wordpress/57881/cyber-crime/atmitch-fileless-malaware.html

达拉斯官员指责黑客在上周六早晨在整个城市发出紧急警报

https://www.dallasnews.com/news/dallas/2017/04/08/emergency-sirens-blare-across-dallas-county-despite-clear-weather

 

Symantec研究人员将40个网络攻击联系到由维基解密所暴露的CIA黑客工具

http://thehackernews.com/2017/04/cia-longhorn-hacking.html

未修复的Microsoft Word漏洞被Dridex 银行木马中

http://thehackernews.com/2017/04/microsoft-word-dridex-trojan.html

 

2017-owasp-top-10 release 发布

http://securityaffairs.co/wordpress/57938/hacking/2017-owasp-top-10.html

黑客使用手机传感器窃取PIN码

https://threatpost.com/phone-hack-uses-sensors-to-steal-pins/124945/

 

Shadow Brokers上周放出的工具中针对Solaris boxes获取远程root权限已确认

http://securityaffairs.co/wordpress/57951/hacking/shadow-brokers-solaris-exploits.html

 

技术类:

blackhat asia 2017部分议题及资料

https://www.blackhat.com/asia-17/briefings.html

 

通过让Edge认为网页是Intranet的,绕过禁用弹出窗口拦截器,XSS过滤器,SuperNavigate

https://www.brokenbrowser.com/free-ticket-to-the-intranet-zone/

 

Windows 10 Redstone 1/2 UAC changes

http://www.kernelmode.info/forum/viewtopic.php?f=11&t=3643&start=130#p30191

 

CVE-2017-7269:0patch IIS 6.0远程代码执行漏洞的分析

https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html

 

黑盒发现的box.com的一个内存破坏导致的RCE漏洞

https://scarybeastsecurity.blogspot.com/2017/03/black-box-discovery-of-memory.html

 

radare2 逆向引擎框架的一个Qt和C++图形界面

https://github.com/hteso/iaito

 

CROSS THE WALL – BYPASS ALL MODERN MITIGATIONS OF MICROSOFT EDGE

https://www.blackhat.com/docs/asia-17/materials/asia-17-Li-Cross-The-Wall-Bypass-All-Modern-Mitigations-Of-Microsoft-Edge.pdf

 

在任天堂3DS安全引导引擎中早期执行代码的分析

https://github.com/Plailect/keyshuffling/blob/master/keyshuffling.pdf

 

类似windows系统下mimikatz的一个linux下dump密码的工具

https://github.com/huntergregal/mimipenguin

 

HTTPS中的’S’的另一面

https://www.engadget.com/2017/03/31/when-the-s-in-https-also-stands-for-shady/

 

恶意软件作者不想让你的知道的技术:Evasive Hollow Process Injection

https://www.blackhat.com/docs/asia-17/materials/asia-17-KA-What-Malware-Authors-Don’t-Want-You-To-Know-Evasive-Hollow-Process-Injection-wp.pdf

 

SSH over Robust Cache Covert Channels in the Cloud

https://www.blackhat.com/docs/asia-17/materials/asia-17-Schwarz-Hello-From-The-Other-Side-SSH-Over-Robust-Cache-Covert-Channels-In-The-Cloud.pdf

 

Abusing Kerberos for arbitrary impersonations and RCE

https://www.blackhat.com/docs/asia-17/materials/asia-17-Hart-Delegate-To-The-Top-Abusing-Kerberos-For-Arbitrary-Impersonations-And-RCE.pdf

 

Apple macOS/IOS 10.12.2(16C67)mach_msg堆溢出

https://www.exploit-db.com/exploits/41778/

 

your next JVM:Panama, Valhalla, Metropolis

http://cr.openjdk.java.net/~jrose/pres/201703-YourNextVM.pdf

 

一个提供混淆的访问痕迹的项目,阻止ISP进行跟踪你的信息

https://slifty.github.io/internet_noise/index.html

 

一次无文件感染过程

https://www.virusbulletin.com/uploads/pdf/magazine/2017/VB2016-AnandMenrige.pdf

 

通过JavaScript代码进行跨“孤立世界”注入修改LastPass全局属性,进而允许远程代码执行

https://bugs.chromium.org/p/project-zero/issues/detail?id=1225

 

CVE-2017-2636:利用linux 内核驱动n_hdlc的条件竞争绕过SMEP

http://blog.ptsecurity.com/2017/03/cve-2017-2636-exploit-race-condition-in.html

 

Sundown攻击套件的一些变化

http://blog.talosintelligence.com/2017/03/sundown-matures.html

CVE-2017-7199:Tenable Nessus Agent 6.10.3本地权限提升

https://aspe1337.blogspot.no/2017/04/writeup-of-cve-2017-7199.html

 

对抗设备保护:CVE-2017-0007分析

https://enigma0x3.net/2017/04/03/defeating-device-guard-a-look-into-cve-2017-0007/

 

Over The Air: 攻击Broadcom的WIFI 栈(part1)

https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html

 

android应用的LD_PRELOAD 工作方式及反RE技术

https://serializethoughts.com/2017/04/01/working-of-ld_preload-for-android-applications-and-its-anti-re-technique/

 

破解IoT Svakom Siime Eye振动器

https://www.pentestpartners.com/blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/

 

绕过Cylance:使用VSAgent.exe、DNSCat2、Netcat & Nishang ICMP C2 Channel、Metasploit Meterpreter和PowerShell Empire Agent,以及总结

http://www.blackhillsinfosec.com/?p=5792

http://www.blackhillsinfosec.com/?p=5798

http://www.blackhillsinfosec.com/?p=5804

http://www.blackhillsinfosec.com/?p=5806

http://www.blackhillsinfosec.com/?p=5808

 

分析APT 10使用的Red Leaves implant

https://raw.githubusercontent.com/nccgroup/Cyber-Defence/master/Technical%20Notes/Red%20Leaves/Red%20Leaves%20technical%20note%20v1.0.pdf

 

CVE-2017-7269的几个技巧及BUG修正

http://www.zcgonvh.com/post/tips_for_cve_2017_7269.html

 

DakotaCon2017视频合集

https://www.youtube.com/channel/UCXesy_TH6dJBgOyVlDIJoAA

 

一个简单的秘密会话的危险

https://martinfowler.com/articles/session-secret.html

 

math.js中的远程代码执行

https://capacitorset.github.io/mathjs/

 

小密圈专题(2)-命令执行绕过

http://www.cnblogs.com/iamstudy/articles/command_exec_tips_1.html

 

Synology公开的6个有代表性的漏洞

http://kb.hitcon.org/post/158891385842/synology-bug-bounty-report

 

Apache Tomcat 6/7/8/9信息泄漏

https://www.exploit-db.com/exploits/41783/

 

从Pwnhub诞生聊Django安全编码

https://zhuanlan.zhihu.com/p/26134332

 

禁用EMET 5.52:通过单次写入操作控制它

https://blog.ropchain.com/2017/04/03/disarming-emet-5-52/

 

深度分析RawPOS恶意软件

https://www.alienvault.com/blogs/security-essentials/a-newer-variant-of-rawpos-in-depth

 

windows内核拒绝服务:#4nt!NtAccessCheck and family (Windows 8-10)

http://j00ru.vexillium.org/?p=3225

 

PowerMeta:通过Google和Bing搜索特定域名网上公开的有用的文件

https://github.com/dafthack/PowerMeta

 

Sherlock:windows下用于本地提权的PowerShell脚本

https://github.com/rasta-mouse/Sherlock

 

UEFI 固件Rootkits:Myths和Reality

https://www.blackhat.com/docs/asia-17/materials/asia-17-Matrosov-The-UEFI-Firmware-Rootkits-Myths-And-Reality.pdf

 

ASUS B1M投影仪 远程代码执行

https://www.myhackerhouse.com/asus-b1m-projector-remote-root-0day/

 

下一代tor路由实现

http://sec.cs.ucl.ac.uk/users/smurdoch/papers/tor14design.pdf

 

Pluck VM、Sedna VM Writeup

http://www.hackingarticles.in/hack-pluck-vm-ctf-challenge/

http://www.hackingarticles.in/hack-sedna-vm-ctf-challenge/

 

通过微软office文档窃取远程电脑windows凭证

http://www.hackingarticles.in/stealing-windows-credentials-remote-pc-ms-office-document/

 

通过.LNK文件跟踪威胁因素

https://blog.nviso.be/2017/04/04/tracking-threat-actors-through-lnk-files/

 

介绍ROKRAT

http://blog.talosintelligence.com/2017/04/introducing-rokrat.html

 

来自Google project-zero团队:Apple Webkit UXSS系列

https://www.exploit-db.com/exploits/41801/

https://www.exploit-db.com/exploits/41802/

https://www.exploit-db.com/exploits/41800/

https://www.exploit-db.com/exploits/41799/

 

Android恶意软件Pegasus技术分析

https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf

 

解析APT29的无文件WMI和PowerShell后门(POSHSPY)

https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html

 

基于开源RAT的恶意软件RedLeaves

http://blog.jpcert.or.jp/2017/04/redleaves—malware-based-on-open-source-rat.html

三星Tizen系统被发现40多个0day

https://motherboard.vice.com/en_us/article/samsung-tizen-operating-system-bugs-vulnerabilities

 

TROOPERS Conference2017 视频

https://www.youtube.com/user/TROOPERScon/playlists

 

使用AFL和ASAN找bug

https://gaming.youtube.com/watch?v=5mBbDHDakds

 

java AMF 反序列化导致远程代码执行

https://codewhitesec.blogspot.it/2017/04/amf.html

 

fancy bear APT中的技巧,利用快捷方式安装后门

https://www.uperesia.com/booby-trapped-shortcut-generator

 

获取红队的C2基础设施

http://www.chokepoint.net/2017/04/hunting-red-team-empire-c2.html

 

介绍一款linux上的逆向工程软件

http://www.ouah.org/RevEng/

 

绕过java安全管理策略

https://community.hpe.com/t5/Security-Research/Auditing-and-Bypassing-Security-Manager-policies/ba-p/6954256#.WOWb-lWGNaR

 

SPF (ShellPcapFication)v1.0:shell框架发布

http://www.mfmokbel.com/Down/Mix/MixD.html

 

linux-re-101:有关linux上逆向的优质资源合集

https://github.com/michalmalik/linux-re-101

 

Apple macOS/iOS Kernel 10.12.3 多个漏洞

https://bugs.chromium.org/p/project-zero/issues/detail?id=1129

https://bugs.chromium.org/p/project-zero/issues/detail?id=1125

https://bugs.chromium.org/p/project-zero/issues/detail?id=1111

 

WordPress安全-恶意的js导致wp网站跳转

https://blog.sucuri.net/2017/04/wordpress-security-unwanted-redirects-via-infected-javascript-files.html

 

通过burpsuite检测Blind XSS

http://www.agarri.fr/kom/archives/2017/04/04/exploiting_a_blind_xss_using_burp_suite/index.html

 

高级Msfvenom有效载荷生成

http://www.blackhillsinfosec.com/?p=4935

 

PS4/4.0x WebKit Exploit Writeup

https://github.com/Cryptogenic/Exploit-Writeups/blob/master/PS4/4.0x%20WebKit%20Exploit%20Writeup.md

 

写给白帽子的数据科学手册

https://github.com/phunterlau/data_science_for_whitehat

 

现代栈溢出利用技术基础:ROP

http://bobao.360.cn/learning/detail/3694.html

 

科恩实验室:对小米九号平衡车的无接触式攻击

http://keenlab.tencent.com/zh/2017/04/01/remote-attack-on-mi-ninebot/

Java AMF3 反序列化漏洞分析

http://bobao.360.cn/learning/detail/3705.html

 

用程序特征的统计学习来检测ROP

https://blog.acolyer.org/2017/04/06/detecting-rop-with-statistical-learning-of-program-characteristics/

 

Evilginx – 具有双因素身份验证的高级网络钓鱼

https://breakdev.org/evilginx-advanced-phishing-with-two-factor-authentication-bypass/

 

XSA-212:Critical Xen bug in PV memory virtualization code

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt

 

QNAP QTS 多个RCE漏洞

https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt

 

BrickerBot – PDoS的发现和分析

https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/

 

通过云端服务渗透的apt活动

http://jblog.javelin-networks.com/blog/operation-cloud-hopper-apt10/

https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf

 

微软edge:检测已安装的扩展

https://www.brokenbrowser.com/microsoft-edge-detecting-installed-extensions/

 

我是如何通过命令注入黑掉智能电视

https://www.netsparker.com/blog/web-security/hacking-smart-tv-command-injection/

 

网络间谍活动成为全球贸易的核心

https://www.fidelissecurity.com/TradeSecret

 

推荐一个实时收集req请求包的网站

http://requestb.in

 

Android代码混淆技术总结(一)

http://bobao.360.cn/learning/detail/3704.html

 

一键无文件感染

http://paper.seebug.org/265/

 

bash指南

https://github.com/Idnan/bash-guide

 

比较老的两个有关sql注入的paper

https://www.nds.rub.de/media/hfs/attachments/files/2010/03/hackpra09_kornburst_advanced_sql_injection.pdf

https://crypto.stanford.edu/cs142/lectures/16-sql-inj.pdf

 

如何修复使用NOP指令抹去关键方法的DEX文件

http://blog.fortinet.com/2017/04/05/how-to-repair-a-dex-file-in-which-some-key-methods-are-erased-with-nops

 

从 Android Native代码中创建一个java 虚拟机

https://calebfenton.github.io/2017/04/05/creating_java_vm_from_android_native_code/

 

利用Java Struts2漏洞安装勒索软件

https://isc.sans.edu/diary.html

 

Windows管理规范(WMI)利用

https://blog.netspi.com/getting-started-wmi-weaponization-part-1/

https://blog.netspi.com/getting-started-wmi-weaponization-part-2/

 

Diamond Fox恶意软件分析

https://blog.malwarebytes.com/threat-analysis/2017/03/diamond-fox-p1/

https://blog.malwarebytes.com/threat-analysis/2017/04/diamond-fox-p2/

 

Windows 10 x64 – Egghunter Shellcode

https://www.exploit-db.com/exploits/41827/

 

Drupal 7.x Service模块SQLi & RCE 漏洞分析及EXP

https://xianzhi.aliyun.com/forum/read/1472.html

CIA专门针对 Windows 操作系统的恶意程序框架 Grasshopper

https://wikileaks.org/vault7/document/Grasshopper-v2_0_2-UserGuide/

 

Mysql字符编码利用技巧

https://www.leavesongs.com/PENETRATION/mysql-charset-trick.html

 

SSRF in java

http://joychou.org/index.php/web/javassrf.html

 

SSRF in php

http://joychou.org/index.php/web/phpssrf.html

 

方程式组织eqgrp-auction-file.tar.xz文件归档

https://github.com/x0rz/EQGRP

 

TYPO3 模块存在sql注入,影响60k+网站

https://www.ambionics.io/blog/typo3-news-module-sqli

 

CVE-2017-2416:在 ImageIO框架中由于畸形gif文件导致的远程代码执行,影响大多ios/mac os 应用

https://blog.flanker017.me/cve-2017-2416-gif-remote-exec/

 

虚拟化:利用Xen虚拟机管理程序

https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html

 

CVE-2017-7185:Mongoose OS – Use-after-free / Denial of Service

http://seclists.org/bugtraq/2017/Apr/9

 

野外捕获的office 0day

https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/

 

Two Bugs, One Func():内核信息泄漏

https://objective-see.com/blog/blog_0x1A.html

https://objective-see.com/blog/blog_0x1B.html

 

针对方程式黑客攻击的YARA & Sigma规则

https://github.com/Neo23x0/signature-base/blob/master/yara/apt_eqgrp_apr17.yar

https://github.com/Neo23x0/sigma/blob/master/rules/apt/apt_equationgroup_lnx.yml

 

APT2: 自动化渗透测试工具集

http://pentestit.com/apt2-automated-penetration-testing-toolkit/

 

Horde Groupware Webmail 多个远程代码执行漏洞

https://blogs.securiteam.com/index.php/archives/3107

 

使用Ubuntu .DESKTOP作为恶意软件向量

http://blog.mazinahmed.net/2017/04/using-ubuntu-desktop-as-malware-vector.html

 

在二进制代码级别缓解高级代码重用攻击

http://syssec.rub.de/media/emma/veroeffentlichungen/2016/05/01/Tough-call-Oakland16.pdf

 

Linux内核用户和管理员指南

https://01.org/linuxgraphics/gfx-docs/drm/admin-guide/index.html

 

Sn1per v2.4发布,新增IIS6 RCE, Apache Struts RCE,open X11 server detection

https://github.com/1N3/Sn1per

 

2017 AsiaCSS 会议论文列表

http://dl.acm.org/citation.cfm?id=3052973

 

OS X 逆向实例(二)- BETTERZIP 3.1.2

https://and-rev.blogspot.com/2017/04/os-x-betterzip-312.html

CVE-2017-3881:思科Catalyst 交换机RCE

https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/

https://github.com/artkond/cisco-rce/

 

Facebook 的一个有趣的CSRF

http://blog.intothesymmetry.com/2017/04/csrf-in-facebookdropbox-mallory-added.html

 

使用Windows 10安全功能来缓解威胁

https://technet.microsoft.com/en-us/itpro/windows/keep-secure/overview-of-threat-mitigations-in-windows-10

 

关于Windows Uniscribe Fuzzing

https://googleprojectzero.blogspot.tw/2017/04/notes-on-windows-uniscribe-fuzzing.html

 

ASIS CTF Video Review

https://www.youtube.com/watch?v=c1dU7DR2BKQ

 

远程调试kext

https://rednaga.io/2017/04/09/remote_kext_debugging/

 

使用System.EnterpriseServices.RegistrationHelper扩展JScript

http://subt0x10.blogspot.nl/2017/04/extending-jscript-with.html

 

OSX/iOS逆向资源合集

https://github.com/michalmalik/osx-re-101

 

通过逆向工程获取 Android软件的token

https://regmedia.co.uk/2016/09/02/hacking_soft_tokens_-_bernhard_mueller.pdf

 

owasp移动安全测试指南

https://b-mueller.gitbooks.io/owasp-mobile-security-testing-guide/content/

 

利用IPv6绕过IDS检测

https://ccdcoe.org/sites/default/files/multimedia/pdf/ip6eva_0.pdf

 

使用Android ART进行反调试

http://www.vantagepoint.sg/blog/88-anti-debugging-fun-with-android-art

http://www.vantagepoint.sg/blog/89-more-android-anti-debugging-fun

 

2周内一步步发掘ICS设备的不安全问题

http://blog.talosintelligence.com/2017/04/moxa-box.html

 

MS16-135 exp

https://github.com/FuzzySecurity/PSKernel-Primitives/tree/master/Sample-Exploits/MS16-135

 

CAA 检查对于ssl/tls 证书必要的

https://ma.ttias.be/caa-checking-becomes-mandatory-ssltls-certificates/

 

nosql 注入环境

https://digi.ninja/projects/nosqli_lab.php

 

实战栈溢出:三个漏洞搞定一台路由器

https://zhuanlan.zhihu.com/p/26271959

 

开源跳板机(堡垒机)jumpserver:认证,授权,审计,自动化运维

https://github.com/jumpserver/jumpserver

 

ApiScout:Windows API 信息恢复

http://byte-atlas.blogspot.com/2017/04/apiscout.html

CVE-2016-7552/CVE-2016-7547:trend的认证绕过和远程代码执行

https://github.com/rapid7/metasploit-framework/pull/8216

 

Owasp top 10 2017 release 发布

https://raw.githubusercontent.com/OWASP/Top10/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf

 

Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)

https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html

 

渗透测试Skype业务:利用缺失的Lync

https://www.mdsec.co.uk/2017/04/penetration-testing-skype-for-business-exploiting-the-missing-lync/

 

VolgaCTF 2017 WriteUp

https://binarystud.io/volgactf-2017-time-is-exploitation-150.html

 

CVE-2017-0199 | Microsoft Office / WordPad远程执行代码漏洞

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199

 

打破Subgraph操作系统的安全模型

https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/

 

通过移动传感器窃取PIN:实际风险与用户感知

https://arxiv.org/pdf/1605.05549v1.pdf

 

Windows管理规范(WMI)利用:第三部分

https://blog.netspi.com/getting-started-wmi-weaponization-part-3/

 

CVE-2017-0199 (Office RTF RCE)简单分析

https://github.com/nccgroup/Cyber-Defence/blob/master/Technical%20Notes/Office%20zero-day%20(April%202017)/2017-04%20Office%20OLE2Link%20zero-day%20v0.4.pdf

 

如何开发解包器

http://www.synacktiv.ninja/ressources/unpacking_starforce_synacktiv.pdf

 

路由器漏洞挖掘

https://www.blackhat.com/presentations/bh-usa-09/LINDNER/BHUSA09-Lindner-RouterExploit-SLIDES.pdf

 

简单快速在windows 10的子系统linux上安装Metasploit

https://gist.github.com/dafthack/8aa4ff60cd9352448a372ce1a7b2e27e

 

Apache Tomcat 目录遍历

http://defensecode.com/advisories/DC-2017-03-001_DefenseCode_ThunderScan_SAST_Apache_Tomcat_Security_Advisory.pdf

 

ETW的入侵检测(part1)

https://blogs.technet.microsoft.com/office365security/hidden-treasure-intrusion-detection-with-etw-part-1/

 

CVE-2017-0199:Microsoft Office RTF漏洞分析

https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html

 

Adobe XML Injection文件内容泄漏

https://raw.githubusercontent.com/tsluyter/exploits/master/adobe_xml_inject.sh

 

Phpcms_V9任意文件上传 漏洞分析

http://mp.weixin.qq.com/s?src=3&timestamp=1491961052&ver=1&signature=E5iEjvTqVbQYzOUccvry6bHq81*X39K3nbfWxvjieRP7wNUsYUos-1ofFX4v3cKl8p53EM1pE5unWNbzeCTCBuFcuF8Yiye4Ham70lJAuxd-6SoCCokg3WuWHTQw3rlKdid1ezbv3chX2wyj*2tw1qFoncncv3qu5proz6QuPXY=

总结最全的勒索软件相关信息的速查表

https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml#

 

实时验证https保护下的Netflix视频流

http://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf

 

逆向工程分析DGA(域名生成算法)

https://vimeo.com/212352397

 

PHPCMS v9.6.0 任意文件上传漏洞分析

http://paper.seebug.org/273/

 

针对iPhone 3GS的无限制bootrom攻击

https://github.com/axi0mX/alloc8

 

MasterPrint:探索部分指纹验证系统的漏洞

http://ieeexplore.ieee.org/document/7893784/

 

Unitrends(一体式企业备份软件) 远程代码执行漏洞分析

https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/

 

任天堂:3DS DNS客户端解析库使用可预测的TXID

https://bugs.chromium.org/p/project-zero/issues/detail?id=1089

 

加密的SQL注入案例

https://www.notsosecure.com/anatomy-hack-sqli-via-crypto/

 

分析CVE-2017-0199恶意的RTF文档

https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/

 

Adobe Flash UAF导致远程代码执行

http://www.zerodayinitiative.com/advisories/ZDI-17-245/

 

Horde Groupware Webmail 3 / 4 / 5 代码执行

https://packetstormsecurity.com/files/142106/hgw345-exec.txt

 

无线鼠标/键盘的重放攻击

http://www.kitploit.com/2017/04/mousejack-transmit-wireless.html

 

20个流行的无线黑客工具

http://resources.infosecinstitute.com/20-popular-wireless-hacking-tools-updated-for-2016/

 

Windows 10 Creators 更新了哪些特性

https://blogs.msdn.microsoft.com/commandline/2017/04/11/windows-10-creators-update-whats-new-in-bashwsl-windows-console/

 

直接执行Shellcode

https://osandamalith.com/2017/04/11/executing-shellcode-directly/

 

黑客利用0day安装臭名昭着的监控公司FinFisher的间谍软件

https://motherboard.vice.com/en_us/article/government-hackers-used-microsoft-word-zero-day-to-install-spyware-on-russian-targets

 

Solaris 7 – 11 (x86 & SPARC)权限提升漏洞

https://github.com/HackerFantastic/Public/blob/master/exploits/dtappgather-poc.sh

 

微软在Internet Explorer 11弃用VBScript

https://blogs.windows.com/msedgedev/2017/04/12/disabling-vbscript-execution-in-internet-explorer-11/

 

Nightmare VM (CTF Challenge) Writeup

http://www.hackingarticles.in/hack-nightmare-vm-ctf-challenge/

 

研究人员称网页可通过传感器去检测pin码

https://9to5mac.com/2017/04/12/iphone-motion-sensors-detect-passcodes-pins/

 

java-html-sanitizer bypass

https://github.com/OWASP/java-html-sanitizer/issues/110

 

Tweetdeck 上的Domxss

https://hackerone.com/reports/119471

 

在android上的chrome中的逻辑错误

https://www.slideshare.net/CanSecWest/csw2017-geshevmiller-logic-bug-hunting-in-chrome-on-android

 

4年来第一次更新!OWASP Top 10 2017 rc1解读

http://mp.weixin.qq.com/s/c1LvUAfCY-fY3y0yEDF3lw

 

打赏