2017-06-05 10:39:59
阅读:1111次
点赞(0)
收藏
来源: 安全客
作者:天朝第一渣渣roots01
热点概要:CVE-2017-3881 Cisco Catalyst远程代码执行POC、Cobalt Strike的evil.HTA文件变形工具-morphHTA、2017美国黑帽大会部分工具公开、CVE-2017-8083 IntensePC缺少BIOS写入保护机制、2017 NTLM中继实用指南(5分钟获得一个据点)(域渗透相关)、MS-17-010:EternalBlue在SRV驱动中的大型非分页池溢出、劫持一个国家的TLD之旅-Domain Extensions的隐藏威胁、初见 Chrome Headless系列
资讯类:
谷歌宣布举办Flag 2017
https://security.googleblog.com/2017/06/announcing-google-capture-flag-2017.html
DEFCON GROUP 010 黑客沙龙.
http://bobao.360.cn/activity/detail/449.html
技术类:
CVE-2017-3881 Cisco Catalyst远程代码执行POC
https://github.com/artkond/cisco-rce
malicious dropper as an attack vector
https://www.uperesia.com/malicious-dropper-as-an-attack-vector
Cobalt Strike的evil.HTA文件变形工具-morphHTA
https://howucan.gr/scripts-tools/2222-morphhta-morphing-cobalt-strike-s-evil-hta
2017美国黑帽大会部分工具公开
https://medium.com/hack-with-github/black-hat-arsenal-usa-2017-3fb5bd9b5cf2
CVE-2017-8083 IntensePC缺少BIOS写入保护机制
https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/
2017 NTLM中继实用指南(5分钟获得一个据点)(域渗透相关)
https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html
通过Empire和Msfconsole利用永恒之蓝获得shell
http://www.hackingtutorials.org/exploit-tutorials/exploiting-eternalblue-for-shell-with-empire-msfconsole/
Wordpress插件gift-certificate-creator v1.0存在非存储型xss
http://seclists.org/oss-sec/2017/q2/399
MS-17-010:EternalBlue在SRV驱动中的大型非分页池溢出
http://blog.trendmicro.com/trendlabs-security-intelligence/ms17-010-eternalblue/
WannaCry的编码错误,可以帮助感染后的文件恢复
http://thehackernews.com/2017/06/wannacry-ransomware-unlock-files.html
PHDays VII WAF绕过竞赛:结果和答案
http://blog.ptsecurity.com/2017/06/waf-bypass-at-phdays-vii-results-and.html?m=1
劫持一个国家的TLD之旅-Domain Extensions的隐藏威胁
https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html
基于机器学习的分布式webshell检测系统
http://www.s0nnet.com/project
信息安全与对抗技术竞赛(ISCC 2017)WriteUp(详细,通俗易懂)
http://www.CodeSec.Net/articles/others-articles/135825.html
会找漏洞的时光机: Pinpointing Vulnerabilities
https://www.inforsec.org/wp/?p=1993
初见 Chrome Headless系列
https://lightless.me/archives/first-glance-at-chrome-headless-browser.html
https://lightless.me/archives/chrome-headless-second.html
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/3938.html