2017-06-16 10:45:52
阅读:1076次
点赞(0)
收藏
来源: 安全客
作者:天朝第一渣渣roots01
热点概要:国外黑客爆出Avast杀毒软件的内核提权漏洞POC(作者说会持续更新)、metasploit加入IDA Pro的debug server远程代码执行漏洞模块、Berkeley DB无需认证通过cwd读取配置文件、不要在web服务上启用Coredumps功能!(可能导致getshell)、Adobe Flash Player SecureSocket Use-After-Free远程代码执行漏洞POC、Schadsoftware:独立于操作系统的恶意软件、云基础架构之固件安全合规
资讯类:微软再次为XP系统推送补丁
http://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-patches-windows-xp-again-june-patch-tuesday/
技术类:
Schadsoftware独立于操作系统的恶意软件
https://www.melani.admin.ch/melani/de/home/dokumentation/newsletter/malware---si-raccomanda-prudenza-indipendentemente-dal-sistema-o.html
metasploit加入IDA Pro的debug server远程代码执行漏洞模块
https://github.com/rapid7/metasploit-framework/pull/8474
国外黑客爆出Avast杀毒软件的内核提权漏洞POC(作者说会持续更新)
https://github.com/bee13oy/AV_Kernel_Vulns
Adobe Flash Player SecureSocket Use-After-Free远程代码执行漏洞POC
https://github.com/bo13oy/flash/tree/master/poc1
Berkeley DB无需认证通过cwd读取配置文件
http://seclists.org/oss-sec/2017/q2/475
Analyzing the Fileless, Code-injecting SOREBRECT Ransomware
https://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-fileless-code-injecting-sorebrect-ransomware/
Smashing Security #029: Exploits to get your English teeth into
https://www.youtube.com/watch?v=qHXAEmNGcoQ
Bugs You'll Probably Only Have in RustAlexis Beingessner
https://gankro.github.io/blah/only-in-rust/
APIs are 2FA Backdoors
http://blog.ioactive.com/2017/06/apis-are-2fa-backdoors.html
扫描域权限和特权帐户
https://adsecurity.org/?p=3658
A WarCon 2017 presentation: Cisco ASA - Exploiting the IKEv1 heap overflow - CVE-2016-1287
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/june/a-warcon-2017-presentation-cisco-asa-exploiting-the-ikev1-heap-overflow-cve-2016-1287/
不要在web服务上启用Coredumps功能!(可能导致getshell)
https://blog.hboeck.de/archives/887-Dont-leave-Coredumps-on-Web-Servers.html
在线ssh加密检测工具
https://sshcheck.com/
The challenge of verification and testing of machine learning
http://www.cleverhans.io/security/privacy/ml/2017/06/14/verification.html
云基础架构之固件安全合规
https://hardenedlinux.github.io/system-security/2017/06/15/firmware_compliance.html?from=timeline
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/3990.html
