2017-06-26 10:10:05
阅读:319次
点赞(0)
收藏
来源: 安全客
作者:adlab_puky
热点概要:针对巴基斯坦的某APT活动事件分析、dnsAutoRebinding:ssrf、ssrf内网地址fuzz、dns二次rebinding、支持ipv4/ipv6、支持ip地址转码、dns记录污染(文末一个0day为例)、python Waf黑名单过滤下的一些Bypass思路、Alpine linux:从漏洞发现到代码执行(Pt 1 of 2)、Tomcat 源代码调试笔记 - 看不见的 Shell、T00LS帖子正文XSS、pwn Vivotek 的网络摄像头、Blind SQL Injection Attacks
资讯类:
微软Win 10内部架构和部分源代码遭泄露
http://thehackernews.com/2017/06/windows10-builds-source-code.html
技术类:
针对巴基斯坦的某APT活动事件分析
http://bobao.360.cn/learning/detail/4020.html
dnsAutoRebinding:ssrf、ssrf内网地址fuzz、dns二次rebinding、支持ipv4/ipv6、支持ip地址转码、dns记录污染(文末一个0day为例)
https://github.com/Tr3jer/dnsAutoRebinding
利用 Huginn 将微信公众号转化为 RSS 订阅
https://www.40huo.cn/blog/wechat2rss-by-huginn.html
Python Waf黑名单过滤下的一些Bypass思路
http://www.0aa.me/index.php/archives/123/
电子数据取证技能树 (V1)
https://mp.weixin.qq.com/s?__biz=MzUyNTA2MTQ5Mw==&mid=2247483707&idx=1&sn=584d666fb85762354378d0919dad5ed5&scene=0
Tomcat 源代码调试笔记 - 看不见的 Shell
https://mp.weixin.qq.com/s?__biz=MzI5Nzc0OTkxOQ==&mid=2247483666&idx=1&sn=6421b39037735953fa3148bdbf5bf912&chksm=ecb11de2dbc694f4e00a55667fdc81387d53494788f43ec90327fa64f8c02fa6805fc0577671&mpshare=1&scene=1&srcid=0623Z7avuWtePZvyDd2GWbOi&key=f0ee669
2017年上半年网络诈骗趋势研究报告
http://zt.360.cn/1101061855.php?dtid=1101062366&did=490534325
AWS安全入门
https://cloudonaut.io/aws-security-primer/
Alpine Linux:从漏洞发现到代码执行(Pt 1 of 2)
https://www.twistlock.com/2017/06/25/alpine-linux-vulnerability-discovery-code-execution-pt-1-2/
NTFS:Forensics Malware and vulnerabilities
https://drive.google.com/file/d/0B3P18M-shbwrM1E2V24tTVFUU3M/view
Intel Skylake/Kaby Lake 处理器存在超线程bug
https://lists.debian.org/debian-devel/2017/06/msg00308.html
通过NSynth生成你自己的声音
https://magenta.tensorflow.org/nsynth-fastgen
T00LS帖子正文XSS
http://mp.weixin.qq.com/s?timestamp=1498440914&src=3&ver=1&signature=qqRavynQN6fIkjX4rhKfPCGw7bzxVIqDR5F2FUNVIco6OnVuQY1Eu4XQNMj19g-L-IEZE9koFQUYqJ3*EFOz77gs4Qe8KjkqL56G2VY-MZ9KWvqxPr2U5v3rZa-DwG9YufHzSSPRPs7VuSdBn0seGankkXBiDWbu0AntZg7-WLU=
apparatus:IOT安全分析框架
http://seclist.us/apparatus-is-a-security-framework-to-facilitate-security-analysis-in-iot-systems.html
Sophisticated Cobalt Strike Gang's CVE-2017-0199 Loader
http://www.vkremez.com/2017/06/lets-learn-diy-sophisticated-cobalt.html
Tomcat 源代码调试笔记 - 看不见的 Shell
https://mp.weixin.qq.com/s/x4pxmeqC1DvRi9AdxZ-0Lw
pwn Vivotek 的网络摄像头
https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras
Cisco Prime Infrastructure 3.1.6 XXE Injection / XSS / LFD / SQL Injection
https://cxsecurity.com/issue/WLB-2017060185
Blind SQL Injection Attacks
https://www.exploit-db.com/docs/42209.pdf
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4022.html