2017-05-08 09:46:58
阅读:543次
点赞(0)
收藏
作者:adlab_puky
热点概要:再次认识Intel AMT漏洞、Ode to the use-after-free: one vulnerable function, a thousand possibilities、php-CGI远程代码执行漏洞(CVE-2012-1823)分析、在iOS应用程序中使用Frida绕过越狱检测、详细解析PHP mail()函数漏洞利用技巧
资讯类:
法国总统大选在即 候选人马克龙9 GB 邮件遭曝光
http://www.theregister.co.uk/2017/05/06/hackers_release_9gb_of_email_from_macron_two_days_before_french_presidential_election/
技术类:
再次认识Intel AMT漏洞
https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
Qubes 安全公告:修复了与PV存储器相关的高危漏洞
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-030-2017.txt
Ode to the use-after-free: one vulnerable function, a thousand possibilities
https://scarybeastsecurity.blogspot.com/2017/05/ode-to-use-after-free-one-vulnerable.html
对Pawn Storm 网络间谍组织的跟踪分析
https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf
对移动设备安全性的研究
https://www.dhs.gov/sites/default/files/publications/DHS%20Study%20on%20Mobile%20Device%20Security%20-%20April%202017-FINAL.pdf
DNS的一个特性:DNSAdmin to DC compromise in one line
https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-one-line-a0f779b8dc83
端口扫描的小工具
https://github.com/vesche/scanless
CVE-2017-3305:mysql Client 和 Server端存在MITM漏洞
http://again.riddle.link/
PHP-CGI远程代码执行漏洞(CVE-2012-1823)分析
https://www.leavesongs.com/PENETRATION/php-cgi-cve-2012-1823.html
TrustZone安全技术研究
http://mp.weixin.qq.com/s?src=3×tamp=1494204662&ver=1&signature=mV84SMCvF0EvZTPVNDWofzOR5jyZ1BFzQB0jBE4GSnLM-3fp52wQf5H8GnAi3EQHObZSzPw6FBvafA4E0kxSPeuHuQp-SGUUowFmrqvae13r43AD0PcP80hO2B-2sWsjX36kGLjNSUQ*Wjo0PCxd4GrtlFJuXHujiw-MWDadi6I=
XSS Bypass Cookbook ver 3.0
http://www.math1as.com/index.php/archives/426/
Ursnif反分析技术并绕过它们的方法
http://www.iij.ad.jp/en/company/development/iir/pdf/iir_vol34_EN.pdf
浏览器的XSS过滤器bypass表
https://github.com/masatokinugawa/filterbypass/wiki/Browser's-XSS-Filter-Bypass-Cheat-Sheet
CISO&SOC指南:检测和停止数据外带via DNS
https://www.peerlyst.com/posts/ciso-and-soc-guide-detecting-and-stopping-data-exfiltration-via-dns-s-delano
BSidesCBR 2017 CTF Write-Up: Needleinahaystack
https://paulsec.github.io/blog/2017/05/06/bsidescbr-2017-ctf-write-up-needleinahaystack/
在iOS应用程序中使用Frida绕过越狱检测
http://blog.attify.com/2017/05/06/bypass-jailbreak-detection-frida-ios-applications/
维基解密发布“阿基米德”:用来攻击在办公室使用的局域网(LAN)中的计算机
https://wikileaks.org/vault7/#Archimedes
详细解析PHP mail()函数漏洞利用技巧
http://bobao.360.cn/learning/detail/3818.html
MySQL False注入及技巧总结
http://bobao.360.cn/learning/detail/3804.html
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/3820.html