2017-08-16 10:52:30
阅读:991次
点赞(0)
收藏
来源: 安全客
作者:童话
热点概要:中国在线DDoS平台的兴起、从瑞士军刀到变形金刚--XSS攻击面拓展、windows 95漏洞挖掘演示视频:Crash分析、2017用户风险报告、使用CSP Auditor构建内容安全策略配置、WordPress漏洞利用框架v1.6.1、LNKUp:生成恶意LNK文件payload用于渗出数据
国内热词(以下内容部分摘自http://www.solidot.org/):
Marcus Hutchins 对其指控不认罪
大疆为执行敏感任务的客户提供离线模式
资讯类:
打开恶意的PowerPoint文件就可以控制你的电脑
http://thehackernews.com/2017/08/powerpoint-malware-ms-office.html
固件自动更新功能故障破坏数百个“智能锁”
http://thehackernews.com/2017/08/firmware-smart-locks.html
技术类:
中国在线DDoS平台的兴起
http://blog.talosintelligence.com/2017/08/chinese-online-ddos-platforms.html
从瑞士军刀到变形金刚--XSS攻击面拓展
https://xianzhi.aliyun.com/forum/read/1988.html
用ATT&CK寻找网络威胁
https://www.mitre.org/sites/default/files/publications/16-3713-finding-cyber-threats%20with%20att%26ck-based-analytics.pdf
Windows 95漏洞挖掘演示视频:Crash分析
https://www.youtube.com/watch?v=hLGQYi8W5sw
从random block破坏到权限提升:一种用于rowhammer-like攻击的文件系统攻击向量
https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf
Research on CMSTP.exe:UAC绕过和从Webdav加载DLL
https://msitpros.com/?p=3960
gost:构建安全跟踪器的本地副本,如果有更新,通过电子邮件/Slack通知
https://github.com/knqyf263/gost
Yahoo漏洞赏金计划:看我如何接管任意Flurry用户帐户
http://lightningsecurity.io/blog/password-not-provided/
LNKUp:生成恶意LNK文件payload用于渗出数据
https://github.com/Plazmaz/LNKUp
恶意代码分析:分析绕过反沙箱技术的URSNIF银行木马
http://www.ringzerolabs.com/2017/07/the-multi-faceted-ursnif-trojan.html
MeatPistol:模块化恶意软件植入框架
https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-FuzzyNop-and-Ceyx-MEATPISTOL-A-Modular-Malware-Implant-Framework-UPDATED.pdf
国际网络安全意识调查:2017用户风险报告
https://info.wombatsecurity.com/user-risk-report
Hacking手机嵌入式系统
https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-Hacking_Cell_Phone_Embedded_Systems.pdf
WordPress漏洞利用框架v1.6.1
http://pentestit.com/update-wordpress-exploit-framework-v1-6-1/
IaaS,PaaS和SaaS之间的不同(以及何时使用)
http://www.engineyard.com/blog/the-differences-between-iaas-paas-and-saas-and-when-to-use-each
使用CSP Auditor构建内容安全策略配置
http://gosecure.net/2017/07/20/building-a-content-security-policy-configuration-with-csp-auditor/
dataLoc:用于查找存储在mssql中的Payment Cards的POC工具
https://blog.netspi.com/dataloc-poc-tool-finding-payment-cards-stored-mssql/
GPD Pocket 7: Impressions, GNU/linux Installation and Offensive Setup
https://www.evilsocket.net/2017/08/15/gpd-pocket-7-impressions-gnulinux-installation-and-offensive-setup/
CSP Is Dead, Long Live CSP! - On the Insecurity of Whitelists and the Future of Content Security Policy by Lukas Weichselbaum et. al.
http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_053_Weichselbaum_CSP.pdf
Weaponize a Mouse with WHID Injector for Fun & W00t
https://whid-injector.blogspot.in/2017/06/weaponize-mouse-with-whid-injector-for.html
Launch – Hello Amazon Macie: Automatically Discover, Classify, and Secure Content at Scale
https://aws.amazon.com/cn/blogs/aws/launch-amazon-macie-securing-your-s3-buckets/
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4259.html
