2017-08-25 10:59:32
阅读:904次
点赞(0)
收藏
来源: 安全客
作者:童话
热点概要:安全研究人员发布iOS内核漏洞的漏洞利用代码、由正则引起的Wecenter拒绝服务漏洞、渗透测试常用脚本收集、0patching福昕阅读器的漏洞(CVE-2017-10952)、Knock Subdomain Scan v.4.1.0(子域名扫描器)、CTF Writeup - Flare-On 2016 - 10: flava。
资讯类:
安全研究人员发布iOS内核漏洞的漏洞利用代码
https://www.bleepingcomputer.com/news/security/researcher-releases-fully-working-exploit-code-for-ios-kernel-vulnerability/
技术类:
DeLuxe版本:在eLux Thin 客户机操作系统上获取root权限
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/delux-edition-getting-root-privileges-on-the-elux-thin-client-os/
利用xwizard.exe加载dll
http://www.4hou.com/technology/6969.html
由正则引起的Wecenter拒绝服务漏洞
http://www.0aa.me/index.php/archives/139/
comission: 白盒CMS分析
https://github.com/Intrinsec/comission
https://securite.intrinsec.com/2017/08/16/comission-whitebox-cms-analysis/
0patching福昕阅读器的漏洞(CVE-2017-10952)
https://0patch.blogspot.com/2017/08/0patching-foxit-readers-saveas-0day-cve.html
Knock Subdomain Scan v.4.1.0(子域名扫描器)
https://github.com/guelfoweb/knock
MFA Slipstream:用于O365钓鱼多因子认证的PoC
https://github.com/decidedlygray/mfa_slipstream_poc/
CTF Writeup - Flare-On 2016 - 10: flava
http://vulnerablespace.blogspot.jp/2016/11/ctf-writeup-flare-on-2016-10-flava.html
UMCI与Internet Explorer:探索CVE-2017-8625
https://posts.specterops.io/umci-vs-internet-explorer-exploring-cve-2017-8625-3946536c6442
Salamandra:封闭环境中检测和定位spy microphones的工具
https://github.com/eldraco/Salamandra
DECONSTRUCTING A WINNING WEBKIT PWN2OWN ENTRY
https://www.zerodayinitiative.com/blog/2017/8/24/deconstructing-a-winning-webkit-pwn2own-entry
Needle in a haystack of .jar files [username enumeration]
http://sheepsec.com/blog/username_enumeration_via_jar.html
pentest-tools:渗透测试常用脚本收集
https://github.com/gwen001/pentest-tools
The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity
https://www.crowdstrike.com/blog/french-connection-french-aerospace-focused-cve-2014-0322-attack-shares-similarities-2012/
WMI查询:ReturnValue vs uValue(和一些远程注册表)
https://blogs.technet.microsoft.com/positivesecurity/2017/08/24/wmi-queries-returnvalue-vs-uvalue-and-some-remote-registry/
Guilt by Association: Large Scale Malware Detection by Mining File-relation Graphs
https://www.cc.gatech.edu/~dchau/papers/14_kdd_aesop.pdf
分析Ruby中内存使用的Crash案例
https://robots.thoughtbot.com/a-crash-course-in-analyzing-memory-usage-in-ruby
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4315.html