2017-05-31 10:30:14
阅读:584次
点赞(0)
收藏
来源: 安全客
作者:天朝第一渣渣roots01
热点概要:WCTF2017世界黑客大师席位赛6月开赛、RFID Hacking with The Proxmark 3、sudo的get_process_ttyname()方法存在提权漏洞、windows MsMpEng remotely exploitable UaF due to design issue in GC engine、一键自动化域渗透工具、福特SYNC 1代 模块分析、TerraMaster NAS TOS<=3.0.30 未经验证的远程root权限代码执行、从根本上突破UAC 、跨域爆破Github SAML 和 2FA recovery codes、开始windows内核开发part 1 建立实验环境、Pivoting from blind SSRF to RCE with HashiCorp Consul、在OSX上监听单个应用HTTPS流量、心脏起搏器的安全性评测、突破Citrix和其他限制的桌面环境、Samba远程代码执行漏洞(CVE-2017-7494)-SambaCry分析报告
资讯类:
WCTF2017世界黑客大师席位赛6月开赛
http://bobao.360.cn/ctf/activity/452.html
技术类:
RFID Hacking with The Proxmark 3
https://blog.kchung.co/rfid-hacking-with-the-proxmark-3/
proxmark3预编译固件集合
https://github.com/exploitagency/github-proxmark3-standalone-lf-emulator
sudo的get_process_ttyname()方法存在提权漏洞
http://www.openwall.com/lists/oss-security/2017/05/30/16
Windows MsMpEng remotely exploitable UaF due to design issue in GC engine
https://bugs.chromium.org/p/project-zero/issues/detail?id=1258
一键自动化域渗透工具
https://byt3bl33d3r.github.io/automating-the-empire-with-the-death-star-getting-domain-admin-with-a-push-of-a-button.html
福特SYNC 1代 模块分析
https://jdgforensicblog.wordpress.com/2017/05/28/analysis-of-a-ford-sync-gen-1-module/
TerraMaster NAS TOS 3.0.30以下版本(包含3.0.30) 未经验证的远程root权限代码执行
https://www.evilsocket.net/2017/05/30/Terramaster-NAS-Unauthenticated-RCE-as-root/#.WS1gUW36cHI.reddit
从根本上突破UAC
https://gist.github.com/tyranid/9ffef5962a642d4a1bb8e4ee7e3bebc5
跨域爆破Github SAML 和 2FA recovery codes
http://blog.intothesymmetry.com/2017/05/cross-origin-brute-forcing-of-saml-and.html
开始windows内核开发part 1 建立实验环境
https://hshrzd.wordpress.com/2017/05/28/starting-with-windows-kernel-exploitation-part-1-setting-up-the-lab/
Pivoting from blind SSRF to RCE with HashiCorp Consul
http://www.kernelpicnic.net/2017/05/29/Pivoting-from-blind-SSRF-to-RCE-with-Hashicorp-Consul.html
一本关于堆内存开发的书
https://github.com/DhavalKapil/heap-exploitation
在OSX上监听单个应用HTTPS流量
https://calebfenton.github.io/2017/05/27/monitoring-https-of-a-single-app-on-osx/
心脏起搏器的安全性评测
https://drive.google.com/file/d/0B_GspGER4QQTYkJfaVlBeGVCSW8/view
Dirty COW and why lying is bad even if you are the linux kernel
https://chao-tic.github.io/blog/2017/05/24/dirty-cow
ARM装配基础介绍
https://azeria-labs.com/writing-arm-assembly-part-1/
突破Citrix和其他限制的桌面环境
https://www.pentestpartners.com/security-blog/breaking-out-of-citrix-and-other-restricted-desktop-environments/?doing_wp_cron=1496192804.4728899002075195312500
Samba远程代码执行漏洞(CVE-2017-7494)-SambaCry分析报告
http://bobao.360.cn/learning/detail/3915.html
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/3919.html