2017-05-09 10:44:30
阅读:813次
点赞(0)
收藏
作者:adlab_puky
热点概要:Microsoft恶意软件防护引擎远程执行代码漏洞(CVE-2017-0290)、MsMpEng是默认情况下在windows 8,8.1,10,Windows Server 2012等上启用的恶意软件防护服务,存在远程可利用的类型混淆漏洞、本地搭建wooyun8.8w漏洞库、第三届 SSCTF 全国网络安全大赛—线上赛官方 Writeup、发掘十个知名大厂XSS漏洞的故事、SSCTF pwn450 Windows Kernel Exploitation Writeup
资讯类:
Google Project Zero研究员发现一个可怕的Windows远程代码执行漏洞
https://threatpost.com/wormable-windows-zero-day-reported-to-microsoft/125513/
技术类:
Microsoft恶意软件防护引擎远程执行代码漏洞(CVE-2017-0290)
http://bobao.360.cn/learning/detail/3826.html
Oracle Golden Gate远程上传漏洞
https://blog.silentsignal.eu/2017/05/08/fools-of-golden-gate/
CVE-2017-5689:intel_amt_bypass
https://github.com/kd0kkv/intel_amt_bypass
Google对开源软件fuzz测试五个月的成果
https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html
绕过OTR签名验证以窃取iCloud钥匙串秘密
https://medium.com/@longtermsec/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605
关于英特尔Intel's Management Engine的几个需要了解的问题
https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it
BSidesCBR 2017 CTF Write-Up: DerpChat
http://paulsec.github.io/blog/2017/05/07/bsidescbr-2017-ctf-write-up-derpchat/
本地搭建wooyun8.8w漏洞库
https://zhuanlan.zhihu.com/p/26759783
SSCTF pwn450 Windows Kernel Exploitation Writeup
http://whereisk0shl.top/ssctf_pwn450_windows_kernel_exploitation_writeup.html
第三届 SSCTF 全国网络安全大赛—线上赛官方 Writeup
http://bobao.360.cn/ctf/detail/197.html
第三届 SSCTF 全国网络安全大赛—线上赛 Writeup
http://bobao.360.cn/ctf/detail/195.html
Java反序列化漏洞
https://forum.90sec.org/forum.php?mod=viewthread&tid=10514
AD ACL Scanner:一款扫描ad权限生成报告的小工具
https://4sysops.com/archives/ad-acl-scanner-easily-generate-active-directory-permissions-reports/
MsMpEng是默认情况下在Windows 8,8.1,10,Windows Server 2012等上启用的恶意软件防护服务,存在远程可利用的类型混淆漏洞
https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5
https://technet.microsoft.com/en-us/library/security/4022344
发掘十个知名大厂XSS漏洞的故事
http://fsecurify.com/ATaleofTenXssInTheWild_Fsecurify.pdf
深度学习的一些papers
https://github.com/sbrugman/deep-learning-papers
渗透分析Android apps第五部分:Heap Dump
https://securingtomorrow.mcafee.com/technical-how-to/pen-testing-android-apps-part-5-analyzing-heap-dump/
flare-floss:FireEye Labs去混淆的工具
https://github.com/fireeye/flare-floss
通过恶意的Microsoft Office Word hta 远程控制PC
http://www.hackingarticles.in/exploit-remote-pc-using-microsoft-office-word-malicious-hta-execution/
通过.cshtml 从404页面和默认页面到RCE
https://niemand.com.ar/2017/05/05/from-404-and-default-pages-to-rce-via-cshtml-webshell/
Gmail的一个接口,可以验证邮箱是否存在
https://blog.0day.rocks/abusing-gmail-to-get-previously-unlisted-e-mail-addresses-41544b62b2
PwnBin - python Pastebin搜索工具
https://www.darknet.org.uk/2017/05/pwnbin-python-pastebin-search-tool/
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/3827.html