半月安全看看看2017第六期

首先感谢360安全播报、FreebuffgithubExploit-db、天融信等各安全资讯平台,为安全事业做出的努力。小编秉承着安全你我他的信念,收集半个月以来的安全资讯,希望能给更多人以帮助。

资讯类:

Callisto APT组织利用黑客团队监控工具来打击政府目标

http://securityaffairs.co/wordpress/58051/hacking/callisto-apt-hacking-team-tools.html

 

70多家智能设备厂商受Amnesia IoT 僵尸网络影响

http://bestsecuritysearch.com/amnesia-iot-botnet-infects-devices-worldwide/

 

微软就Shadow Brokers放出的exp的回应

https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

安全客2017季刊第一期活动预告

http://bobao.360.cn/news/detail/4101.html

 

关于Jackson框架存在Java反序列化代码执行漏洞的安全公告

http://www.cnvd.org.cn/webinfo/show/4111

【重磅推荐】安全客2017季刊第一期新鲜出炉!

http://bobao.360.cn/news/detail/4101.html

 

Shadow Brokers 最新泄密暴露 NSA 与 Stuxnet 的可能联系

https://motherboard.vice.com/en_us/article/shadow-brokers-nsa-stuxnet-iran

Oracle发布四月份补丁修复大量漏洞包括Apache Struts和Shadow Brokers漏洞等

http://securityaffairs.co/wordpress/58142/hacking/oracle-patch-update-for-april.html

 

微软推出新的基于手机的登录机制

https://threatpost.com/microsoft-touts-new-phone-based-login-mechanism/125065/

 

洲际酒店集团宣布,超过1,000家酒店的支付卡系统受恶意软件影响

http://securityaffairs.co/wordpress/58129/data-breach/intercontinental-hotels-group-breach.html

NIST网络安全框架对日益紧张的网络安全环境有重要的作用

http://securityaffairs.co/wordpress/58163/laws-and-regulations/nist-cybersecurity-framework-2.html

 

几十种Linksys Wi-Fi路由器易受多个漏洞的影响

http://thehackernews.com/2017/04/linksys-router-hacking.html

美法官要求谷歌提交存储在外国服务器中的数据

http://www.theregister.co.uk/2017/04/20/google_must_provide_overseas_gmail_data/

泄漏的NSA黑客工具被用来破坏数以万计的存在漏洞的pc

http://thehackernews.com/2017/04/windows-hacking-tools.html

Ubuntu 16.04 LTS内核更新修复10个漏洞

http://news.softpedia.com/news/canonical-outs-major-kernel-update-to-ubuntu-16-04-lts-10-vulnerabilities-fixed-515191.shtml

 

一个神秘的僵尸网络劫持了30万台设备

http://www.zdnet.com/article/a-mysterious-botnet-has-hijacked-thousands-of-devices/

FalseGuide恶意软件使60万Android用户感染僵尸网络

http://www.zdnet.com/article/falseguide-malware-dupes-600000-android-users-into-joining-botnet/

 

 

技术类:

★★★hitbsecconf2017会议公开ppt下载

http://conference.hitb.org/hitbsecconf2017ams/materials/

 

通过固件和硬件攻击管理程序

https://www.mcafee.com/uk/resources/reports/rp-attacking-hypervisors-firmware-hardware.pdf

 

NSA恶意软件对WINDOWS用户的影响

https://theintercept.com/2017/04/14/leaked-nsa-malware-threatens-windows-users-around-the-world/

 

iOS KPP/watchtower bypass

https://xerub.github.io/ios/kpp/2017/04/13/tick-tock.html

 

PandwaRF Demo: 通过爆破的方式解除警报

https://pandwarf.com/news/disarming-an-alarm-using-brute-force/

 

Magento任意文件上传漏洞分析

http://www.defensecode.com/advisories/DC-2017-04-003_Magento_Arbitrary_File_Upload.pdf

 

Chrome、Firefox、Edge本地文件信息泄漏

http://leucosite.com/Chrome-Firefox-Edge-Local-File-Disclosure/

 

使用Unicode域进行网络钓鱼

https://www.xudongz.com/blog/2017/idn-phishing/

 

go语言中的SSH安全性

https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/

 

VMware VCenter未经身份验证的RCE

http://blog.gdssecurity.com/labs/2017/4/13/vmware-vcenter-unauthenticated-rce-using-cve-2017-5638-apach.html

 

对博世行车日志平台连接器OBD-II加密狗的远程攻击

https://argus-sec.com/remote-attack-bosch-drivelog-connector-dongle/

 

当表名可控的注入遇到了Describe时的几种情况

http://www.yulegeyu.com/2017/04/16/%E5%BD%93%E8%A1%A8%E5%90%8D%E5%8F%AF%E6%8E%A7%E7%9A%84%E6%B3%A8%E5%85%A5%E9%81%87%E5%88%B0%E4%BA%86Describe%E6%97%B6%E7%9A%84%E5%87%A0%E7%A7%8D%E6%83%85%E5%86%B5%E3%80%82/

 

Markdown URL模式下处理信息导致的Rocket.Chat XSS

https://www.theblazehen.com/posts/rocketchat-xss-with-markdown-url-handling-in-messages/

 

应急响应大合集:用于安全事件响应的工具与资源列表 

https://github.com/meirwah/awesome-incident-response/blob/master/README_ch.md

 

OBD-II DONGLE攻击:通过蓝牙控制车辆

http://hackaday.com/2017/04/14/obd-ii-dongle-attack-stopping-a-moving-car-via-bluetooth/

 

关于Safe DOG的文件上传bypass

http://blog.cora-lab.org/193.html

 

CVE-2017-0199 Practical exploitation ! (PoC)

http://rewtin.blogspot.com/2017/04/cve-2017-0199-practical-exploitation-poc.html

 

WordPress插件安全测试表

https://github.com/CaledoniaProject/wordpress_plugin_security_testing_cheat_sheet

 

VirtualBox:协作中的虚拟机可以从共享的文件夹中逃逸

https://bugs.chromium.org/p/project-zero/issues/detail?id=1037

 

通过MimiPenguin 获取linux系统的密码

http://www.hackingarticles.in/dump-cleartext-password-linux-pc-using-mimipenguin/

 

Linux Kernel 4.8.0 udev 232权限提升

https://packetstormsecurity.com/files/142152/linuxkernel480udev-escalate.txt

 

different-take-on-keylogging

http://blogs.rsa.com/different-take-on-keylogging/

 

Web Services安全测试

https://www.exploit-db.com/docs/41888.pdf

 

路由器:Cisco Linksys WRT54GL 通用Broadcom UPnP格式字符串漏洞

https://community.rapid7.com/docs/DOC-2150 

http://defensecode.com/whitepapers/From_Zero_To_ZeroDay_Network_Devices_Exploitation.txt

NSA Eternalblue SMB 漏洞分析

http://blogs.360.cn/360safe/2017/04/17/nsa-eternalblue-smb/

 

快速分析最新的Shadow Brokers dump

https://labs.nettitude.com/blog/a-quick-analysis-of-the-latest-shadow-brokers-dump/

 

equation-group-dump工具使用复现指南

https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/

 

Edge:通过从Fetch请求中泄漏URL来识别用户

http://mov.sx/2017/04/16/microsoft-edge-leaks-url.html

 

Edge::滥用read模式导致SOP绕过

https://www.brokenbrowser.com/sop-bypass-abusing-read-protocol/

 

严格的软件缓存攻击对策分析

http://software.imdea.org/~bkoepf/papers/pldi17.pdf

 

Android漏洞测试套件

https://github.com/AndroidVTS/android-vts

 

OWASP Cheat Sheet Series

https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series

 

环路漏洞:默认情况下,AES-GCM的密文长度与原始明文长度相同,攻击者可以利用该漏洞得到密码的长度

http://www.ringroadbug.com/

 

公开的但是未修复的漏洞列表

https://github.com/ludios/unfixed-security-bugs

 

深入了解恶意软件如何滥用TeamViewer

https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer

 

BrowserGather:通过PowerShell以无文件的方式提取Chrome凭证、cookie

http://sekirkity.com/browsergather-part-1-fileless-chrome-credential-extraction-with-powershell/ 

http://sekirkity.com/browsergather-part-2-fileless-chrome-cookie-extraction/ 

 

pgAdmin 4中通过XSS进行SQL注入

https://blog.liftsecurity.io/2017/04/14/sql-and-more-via-xss-in-pgadmin4/

 

PicoCTF2017 Writeups

https://www.rootnetsec.com/picoctf-weird-rsa/ 

https://github.com/xennygrimmato/picoctf-writeups/tree/master/2017 

https://github.com/Caesurus/PicoCTF2017

 

检测服务对HTTP方法的响应

https://www.doyler.net/security-not-included/burp-verbalyzer-release

 

学习为Unicorn引擎编写一个libemu兼容层

https://www.fireeye.com/blog/threat-research/2017/04/libemu-unicorn-compatability-layer.html

 

PHP HOOK的若干方法

http://blog.csdn.net/u011721501/article/details/70174924

 

waf绕过参考资料

https://www.peerlyst.com/posts/list-of-waf-security-bypass-research-karl-m-1

 

常用服务器、数据库、中间件安全配置基线

https://github.com/re4lity/Benchmarks

 

启动微博终结者计划(WT Plan)

https://github.com/jinfagang/weibo_terminater

 

使用调试工具查找token和session泄漏

https://blogs.technet.microsoft.com/askds/2017/04/05/using-debugging-tools-to-find-token-and-session-leaks/

 

2017年陕西省网络空间安全技术大赛过关攻略

http://bobao.360.cn/ctf/detail/191.html

 

任意伪造大站域名(以Apple官网为例)

http://bobao.360.cn/learning/detail/3736.html

使用Python,Searx构建搜索引擎和Pastebin的敏感关键字监控

http://www.automatingosint.com/blog/2017/04/building-a-keyword-monitoring-pipeline-with-python-pastebin-and-searx/

 

Unitrends Enterprise Backup设备远程执行代码part2

https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-2/

 

Android中的漏洞利用和缓解

https://source.android.com/security/reports/zer0-conf-2017-Your-Move.pdf

 

Windows: ManagementObject Arbitrary .NET Serialization RCE

https://bugs.chromium.org/p/project-zero/issues/detail?id=1081

 

XSS简介

https://blog.sucuri.net/2016/04/what-is-an-xss-vulnerability.html

 

在iOS上面向异常的漏洞利用技术

https://googleprojectzero.blogspot.com/2017/04/exception-oriented-exploitation-on-ios.html

 

Callisto 组织活动分析报告

https://www.f-secure.com/documents/996508/1030745/callisto-group

 

EITEST CAMPAIGN RIG EK样本分析

http://malware-traffic-analysis.net/2017/04/16/index.html

 

Office 365中的DNS入侵检测

https://blogs.technet.microsoft.com/office365security/dns-intrusion-detection-in-office-365/

 

在没有密码的情况下运行sudo命令

https://www.cyberciti.biz/faq/linux-unix-running-sudo-command-without-a-password/

 

Windows: Runtime Broker ClipboardBroker EoP

https://bugs.chromium.org/p/project-zero/issues/detail?id=1079

 

Web Service 渗透测试从入门到精通

http://bobao.360.cn/learning/detail/3741.html

 

Apple WebKit: UXSS via PrototypeMap::createEmptyStructure

https://bugs.chromium.org/p/project-zero/issues/detail?id=1084

 

WebKit: UXSS via operationSpreadGeneric

https://bugs.chromium.org/p/project-zero/issues/detail?id=1094

 

CVE-2017-0199 – v2.0 利用脚本和视频

https://github.com/bhdresh/CVE-2017-0199 

https://blog.didierstevens.com/2017/04/18/cve-2017-0199/ 

https://github.com/rapid7/metasploit-framework/pull/8254

 

Mnemosyne:windows内存擦除工具

https://github.com/nccgroup/mnemosyne

 

深入分析NSA用了5年的IIS漏洞

http://xlab.tencent.com/cn/2017/04/18/nsa-iis-vulnerability-analysis/

 

CVE-2017-0199漏洞复现过程

http://fuping.site/2017/04/18/CVE-2017-0199%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0%E8%BF%87%E7%A8%8B/

 

The Apache™ XML Graphics Project (Batik/FOP ) XXE 漏洞

https://xmlgraphics.apache.org/security.html

 

Tenable Appliance < 4.5未授权的RCE

https://www.exploit-db.com/exploits/41892/

 

NSA泄露黑客工具之 FuzzBunch & DanderSpritz 分析

http://bobao.360.cn/learning/detail/3743.html

 

iOS 安全之针对 mach_portal 的分析

http://bobao.360.cn/learning/detail/3740.html

详解cve-2016-0636漏洞,java的一个类型混淆漏洞

http://www.security-explorations.com/materials/SE-2012-01-ORACLE-14.pdf

 

java安全

http://www.security-explorations.com/materials/se-javaland.pdf

 

Ubuntu LightDM访客账户权限提升

https://blogs.securiteam.com/index.php/archives/3134

 

NSA工具ETERNALBLUE & DOUBLEPULSAR的利用

https://www.exploit-db.com/docs/41896.pdf 

https://www.exploit-db.com/docs/41897.pdf

 

使用W3C环境光传感器API窃取敏感的浏览器数据

https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/

 

我是如何云fuzz到tcpdump的漏洞

https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/

 

对 EternalPulsar 的一次实践

https://medium.com/@xNymia/eternalpulsar-a-practical-example-of-a-made-up-name-629737170a9e

 

分析DOUBLEPULSAR内核DLL注入技术

https://countercept.com/our-thinking/analyzing-the-doublepulsar-kernel-dll-injection-technique/

 

浅谈linux安全加固  

http://mp.weixin.qq.com/s/y8np-sFzik15x09536QA5w

 

Hyper-V 远程代码执行和两个拒绝服务洞

http://blog.pi3.com.pl/?p=564

 

LabyREnth CTF 2017开始预告

http://researchcenter.paloaltonetworks.com/2017/04/unit42-labyrenth-ctf-2017/

 

安全相关的免费电子书集合

https://github.com/Hack-with-Github/Free-Security-eBooks-from-PacktPub

 

blackhat us-17 大会议题

https://www.blackhat.com/us-17/briefings.html

 

CVE-2017-6919:Drupal 8.x被爆严重绕过漏洞

https://www.drupal.org/SA-CORE-2017-002

 

NSA:从git clone 到pwned

http://www.pwn3d.org/posts/1721872-from-git-clone-to-pwned-owning-windows-with-doublepulsar-and-eternalblue-part-1 

http://www.pwn3d.org/posts/1723940-from-git-clone-to-pwned-owning-windows-with-doublepulsar-and-eternalblue-part-2 

http://www.pwn3d.org/posts/1724109-from-git-clone-to-pwned-owning-windows-with-doublepulsar-and-eternalblue-part-3 

 

cPanel安全小组在对Shadow Brokers dump泄漏的漏洞发布的申明

https://news.cpanel.com/wp-content/uploads/2017/04/shadow-brokers-announcement.txt

 

渗透测试中需要关注的本地凭据

https://pentestlab.blog/2017/04/19/stored-credentials/

 

Oracle发布四月份更新补丁

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

 

VirtualBox:Windows进程COM注入EoP

https://bugs.chromium.org/p/project-zero/issues/detail?id=1103

 

理解微软office2016 PROTECTED-VIEW沙箱技术

http://conference.hitb.org/hitbsecconf2017ams/materials/D2T4%20-%20Koh%20Yong%20Chuan%20-%20Understanding%20the%20Microsoft%20Ofice%202016%20Protected%20View%20Sandbox.pdf

 

QEMU: user-to-root privesc inside VM via bad translation caching

https://bugs.chromium.org/p/project-zero/issues/detail?id=1122

 

第三届XCTF——北京站BCTF第一名战队Writeup

http://bobao.360.cn/ctf/detail/192.html

 

Eternalromance (永恒浪漫) 漏洞分析

http://blogs.360.cn/360safe/2017/04/19/eternalromance-analyze/

挂马新招:全程纯Flash文件挂马传播勒索软件技术揭秘

http://bobao.360.cn/learning/detail/3752.html

 

Lastpass 2FA实施中的设计缺陷

http://www.martinvigo.com/design-flaws-lastpass-2fa-implementation/

 

Jackson框架Java反序列化远程代码执行漏洞技术分析与防护方案

http://blog.nsfocus.net/jackson-framework-java-vulnerability-analysis/

 

禅道826版本一定条件下的getshell和注入

http://ecma.io/?p=683 

http://ecma.io/?p=691

 

BeFF浏览器漏洞利用框架

https://crowdshield.com/blog.php?name=man-in-the-browser-advanced-client-side-exploitation-using-beef

 

SSL & TLS 安全测试

https://www.aptive.co.uk/blog/tls-ssl-security-testing/

 

[CVE-2015-7547]GLIBC GETADDRINFO栈溢出漏洞

http://www.whereisk0shl.top/post/2017-04-20

 

浅说Source Insight 4.0.0085版的黑名单

http://scz.617.cn/misc/201704201657.txt

 

phpcms任意文件下载

http://www.91ri.org/16956.html

 

通过APC实现Dll注入——绕过Sysmon监控

http://www.4hou.com/technology/4393.html

 

Android安全编码

http://www.jssec.org/dl/android_securecoding_en.pdf

 

Facebook的又一个跨站点请求伪造漏洞

http://blog.intothesymmetry.com/2017/04/meh-csrf-in-facbook-delegated-account.html

 

Chrome的一个web数据包测试扩展程序

https://github.com/google/tamperchrome

 

神奇的Content-Type:影响所有版本的IE

https://jankopecky.net/index.php/2017/04/18/0day-textplain-considered-harmful/

 

滥用公司网络邮件进行C&C和exfiltration

https://www.securityartwork.es/2017/04/20/abusing-corporate-webmail-for-cc-and-exfiltration/

 

滥用NVIDIA’s node.js绕过程序的白名单

http://blog.sec-consult.com/2017/04/application-whitelisting-application.html

 

在Microsoft Edge中实现DOM树

https://blogs.windows.com/msedgedev/2017/04/19/modernizing-dom-tree-microsoft-edge/

 

Cardinal RAT活跃超过两年了

http://researchcenter.paloaltonetworks.com/2017/04/unit42-cardinal-rat-active-two-years/

 

WMI 武器化第6部分

https://blog.netspi.com/getting-started-wmi-weaponization-part-6/

 

我是如何发现 Trend Micro软件100多RCE

http://conference.hitb.org/hitbsecconf2017ams/materials/D1T1%20-%20Steven%20Seeley%20and%20Roberto%20Suggi%20Liverani%20-%20I%20Got%2099%20Trends%20and%20a%20%23%20Is%20All%20Of%20Them.pdf

 

Safari Browser: Memory corruption in Array concat

https://bugs.chromium.org/p/project-zero/issues/detail?id=1095

 

无文件恶意软件的发展过程

https://zeltser.com/fileless-malware-beyond-buzzword/

 

利用机器学习实时对抗Java恶意软件

https://blogs.technet.microsoft.com/mmpc/2017/04/20/combating-a-wave-of-java-malware-with-machine-learning-in-real-time/

 

CVE-2017-7692: Squirrelmail 1.4.22远程代码执行

http://www.openwall.com/lists/oss-security/2017/04/19/7

Linksys智能Wi-Fi路由器的漏洞

http://blog.ioactive.com/2017/04/linksys-smart-wi-fi-vulnerabilities.html

 

Unitrends Enterprise Backup <= 9.1.0-2未认证RCE

https://github.com/sghctoma/writeups/blob/master/exploits/unitrends/unitrends-rce.md

 

使用MailSniper滥用Exchange邮箱权限

http://www.blackhillsinfosec.com/?p=5871

 

安全研究员提供的关于bose收集用户数据的证据

https://bscc.support/files/bc_privacy/bose_connect_privacy_evaluation.pdf

 

一些优秀的POC列表

https://github.com/qazbnm456/awesome-cve-poc

 

针对正在运行的linux应用进行代码注入

https://www.codeproject.com/Articles/33340/Code-Injection-into-Running-Linux-Application

 

devdocs提供多个API文档

http://devdocs.io/ 

 

SecWiki科普WAF

https://mp.weixin.qq.com/s?__biz=MjM5NDM1OTM0Mg==&mid=2651050493&idx=1&sn=1d81ff6aff52fa93f329522021bf93e0&scene=0#wechat_redirect

 

网络层检测doublepulsar

https://github.com/countercept/doublepulsar-c2-traffic-decryptor

 

使用业务和技术有关的上下文对网络威胁情报(CTI)进行排序

https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&mid=2247484419&idx=1&sn=a2f2980c5c1d8e028f8fe32d89ee0c82&scene=0#wechat_redirect

Trueseeing :一款针对Android应用的漏洞扫描工具

https://pypi.python.org/pypi/trueseeing

 

苹果文件系统的逆向分析

https://blog.cugu.eu/post/apfs/

 

Western Digital My Cloud 认证的bypass

https://www.securify.nl/advisory/SFY20170404/authentication_bypass_vulnerability_in_western_digital_my_cloud_allows_escalation_to_admin_privileges.html

 

对SMB Backdoor Ring 0 Shellcode的深入分析

https://zerosum0x0.blogspot.com/2017/04/doublepulsar-initial-smb-backdoor-ring.html

 

对FlexiSpy的移动间谍软件程序的分析

http://www.cybermerchantsofdeath.com/blog/2017/04/23/FlexiSpy.html

 

春秋杯逆向第一题writeup

https://weiyiling.cn/one/ichunqiu_ctr_re1_writeup

 

防火墙-路由器学习

http://www.cnblogs.com/iamstudy/articles/firewall_route_study_1.html 

http://www.cnblogs.com/iamstudy/articles/firewall_route_study_2.html

 

Microsoft Office系列的持久化渗透

https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/

 

注册表和COM对象对windows的影响

https://www.slideshare.net/enigma0x3/windows-operating-system-archaeology

 

Foxit阅读器远程代码执行

http://www.zerodayinitiative.com/advisories/ZDI-17-310/

 

Acunetix AcuSensor采用新的安全技术

https://dustri.org/b/playing-with-the-acusensor.html

 

Hadoop安全问题介绍以及安全加固

http://mp.weixin.qq.com/s?timestamp=1492941490&src=3&ver=1&signature=gXTd4gOEFruFmxjExuIHmZr-SFRNNw0S2suLk6tw9X-UwuhK1W3CRF-7yYo2ICpf7rXG*kF*B772lZYrEj46*V1bUQHCSmE0oIF9SaouPKDqN788aUdvtKzT6xnM16VahG1WrAH*33ugAroAJ71hDWEArkWjHijyBLCUqY3wJvQ=

Jackson-Databind框架json反序列化代码执行漏洞分析

http://seclab.dbappsecurity.com.cn/?p=1698

 

【渗透神器系列】Fiddler

http://thief.one/2017/04/27/1/

 

【渗透神器系列】nc

http://thief.one/2017/04/10/1/

 

Zabbix爆多个漏洞,涉及远程代码执行和数据库写入漏洞

http://bobao.360.cn/news/detail/4142.html

 

通过QueueUserAPC进行Shellcode注入

http://subt0x10.blogspot.com/2017/04/shellcode-injection-via-queueuserapc.html

 

CVE-2017-0202:Microsoft IE 11.576.14393.0 CStyleSheetArray::BuildListOfMatchedRules 内存破坏漏洞

https://bugs.chromium.org/p/project-zero/issues/detail?id=1118

 

windows提权相关的文章列表

https://github.com/netbiosX/Checklists/blob/master/Windows-Privilege-Escalation.md

 

检测Windows基础架构中的横向移动

http://cert.europa.eu/static/WhitePapers/CERT-EU_SWP_17-002_Lateral_Movements.pdf

 

CVE-2017-2636:n_hdlc Linux内核驱动程序中的竞争条件漏洞分析

http://blog.ptsecurity.com/2017/03/cve-2017-2636-exploit-race-condition-in.html

 

译:基于jemalloc的Android漏洞利用技巧—-CENSUS

http://bobao.360.cn/learning/detail/3786.html

 

游戏外挂网站暗藏病毒:下个外挂,电脑秒变“毒窝”

http://www.4hou.com/technology/4497.html

 

Moodle远程代码执行漏洞

http://bbs.pediy.com/thread-217212.htm

 

Quantenna 多款网络设备利用csrf实现命令注入

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/april/technical-advisory-quentanna/

 

卡巴斯基2017第一季度apt趋势报告

https://securelist.com/analysis/quarterly-malware-reports/78169/apt-trends-report-q1-2017/

MySQL Connector/J:攻击者精心构造的数据库内容可以导致远程代码执行(CVE-2017-3523)

https://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt

 

Portrait Display SDK服务 存在权限提升的问题,惠普,飞利浦和富士通等多家厂商的数百万设备受影响

http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html

 

子域名枚举的艺术

https://blog.sweepatic.com/art-of-subdomain-enumeration/

 

绕过CSRF过滤器在PHPMailer模块执行代码

https://www.cdxy.me/?p=765

 

APT 攻击利器-Word 漏洞 CVE-2016-7193 原理揭秘

http://paper.seebug.org/288/

 

浏览器插件的攻击向量

http://www.freebuf.com/column/133218.html

 

Fastcgi协议分析 && PHP-FPM未授权访问漏洞 && Exp编写

https://www.leavesongs.com/PENETRATION/fastcgi-and-php-fpm.html

 

使用机器学习和行为分析来协助进行威胁检测

http://www.ccsinet.com/machine-learning-behavioral-analysis-assist-threat-detection/

 

bWapp中服务端注入

http://www.hackingarticles.in/server-side-injection-explotation-bwapp/

 

使用Dnsflow作为DNS入侵检测

https://blogs.technet.microsoft.com/office365security/dns-intrusion-detection-using-dnsflow/

 

分析和检测内存中PEDDLECHEAP植入代码

https://www.countercept.com/our-thinking/analyzing-and-detecting-the-in-memory-peddlecheap-implant/

 

在内核网络macsec.c模块中堆溢出

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee

 

【HackBack】hack指南

https://www.exploit-db.com/papers/41915/ 

https://www.exploit-db.com/papers/41913/

 

新威胁报告:一个新IoT僵尸网络正在 HTTP 81上大范围传播

http://blog.netlab.360.com/a-new-threat-an-iot-botnet-scanning-internet-on-port-81-ch/

 

flexispy是如何被黑的

https://www.exploit-db.com/papers/41912/

 

nt!_SEP_TOKEN_PRIVILEGES – Single Write EoP Protect

https://www.exploit-db.com/docs/41924.pdf

 

DOUBLEPULSAR检测脚本中更新了移除DOUBLEPULSAR模块

https://github.com/countercept/doublepulsar-detection-script

 

Adobe更新修复 Apache BlazeDS 系列的java反序列化漏洞

https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html

 

使用高级代码重用攻击来解除控制流防护

https://www.endgame.com/blog/disarming-control-flow-guard-using-advanced-code-reuse-attacks

 

如何准备和使用docker进行web渗透测试

https://pentestmag.com/prepare-use-docker-web-pentest-junior-carreiro/

关于移动间谍软件FlexiSpy的分析,新增第二部分

http://www.cybermerchantsofdeath.com/blog/2017/04/23/FlexiSpy.html 

http://www.cybermerchantsofdeath.com/blog/2017/04/23/FlexiSpy-pt2.html

 

SugarCRM的安全故事

http://karmainsecurity.com/tales-of-sugarcrm-security-horrors

 

windows内核提权exp

https://pentestlab.blog/2017/04/24/windows-kernel-exploits/

 

Windows内核拒绝服务#5win32k!NtGdiGetDIBitsInternal (Windows 7-10)

http://j00ru.vexillium.org/?p=3251

 

饿了么第一届信息安全峰会内容分享

https://pan.baidu.com/s/1eRWGpKA

 

应用 Bro 软件对 TLS 客户端进行指纹识别

https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282671&idx=1&sn=954924c72a99b8526d62180c99d77d1f&scene=0#wechat_redirect

 

我们也来聊聊IDN

http://blog.netlab.360.com/idn_measurement_netlab/

 

内网渗透+基础+工具使用=自己理解

http://www.yuag.org/2017/04/21/内网渗透基础工具使用自己理解

 

从电子垃圾邮件到僵尸网络的分析

https://www.incapsula.com/blog/viagra-spam-botnet.html

 

Cobalt Strike搭建和使用以及bybass杀软

https://xianzhi.aliyun.com/forum/read/1506.html

 

Plaid CTF 2017: Pykemon Writeup

https://amritabi0s.wordpress.com/2017/04/24/plaid-ctf-2017-pykemon-writeup/

 

Edge:再一次在Edge浏览器上实现SOP绕过/ UXSS 

https://www.brokenbrowser.com/sop-bypass-uxss-tweeting-like-charles-darwin/

 

flatpipes:管道上的TCP代理

https://github.com/dxflatline/flatpipes

 

英特尔管理引擎(ME):静态分析的方式

http://blog.ptsecurity.com/2017/04/intel-me-way-of-static-analysis.html

 

开发者的十大加密问题

https://littlemaninmyhead.wordpress.com/2017/04/22/top-10-developer-crypto-mistakes/

 

LOKI版本0.20.0发布,提供DoublePulsar后门检测

https://github.com/Neo23x0/Loki/releases/tag/0.20.0

 

Windows: Dolby Audio X2服务提权

https://bugs.chromium.org/p/project-zero/issues/detail?id=1075

 

MS17-010:MS08-067当之无愧的接班人

http://www.securityinsider-solucom.fr/2017/04/hacking-like-nsa-ms17-10.html

打赏