【知识】9月4日 - 每日安全知识热点

【知识】9月4日 - 每日安全知识热点

2017-09-04 10:43:07

阅读：1046次
点赞(0)
收藏
来源： 安全客







作者：童话

热点概要：利用Marketo Forms XSS、postMessage frame-jumping和jQuery-JSONP窃取www.hackerone.com的contact表单数据、在windows下通过滥用bad assumption检测调试器、通过Burp Macros自动化模糊测试Web应用的输入点、Youtube中的高级Flash漏洞、Ruby on Rails安全检查Checklist、利用内存破坏漏洞进行python沙盒逃逸

资讯类：

GitLab修复暴露用户私有令牌的会话劫持漏洞

https://threatpost.com/session-hijacking-bug-exposed-gitlab-users-private-tokens/127747/

技术类：

利用Marketo Forms XSS、postMessage frame-jumping和jQuery-JSONP窃取www.hackerone.com的contact表单数据

https://hackerone.com/reports/207042

在Windows下通过滥用bad assumption检测调试器

http://www.triplefault.io/2017/08/detecting-debuggers-by-abusing-bad.html

Safari Accidentally Treating ';' as an Assignment Operator

https://bugs.webkit.org/show_bug.cgi?id=176114

通过Burp Macros自动化模糊测试Web应用的输入点

http://blog.securelayer7.net/automating-web-apps-input-fuzzing-via-burp-macros/

Youtube中的高级Flash漏洞

https://opnsec.com/2017/08/advanced-flash-vulnerabilities-in-youtube/

Android tap-jacking can be turned into ransomware

https://youtu.be/FRpcGwCedZ0

Windows逆向工程

http://www.cse.tkk.fi/fi/opinnot/T-110.6220/2014_Reverse_Engineering_Malware_AND_Mobile_Platform_Security_AND_Software_Security/luennot-files/T1106220.pdf

Ruby on Rails安全检查Checklist

http://www.engineyard.com/blog/ruby-on-rails-security-checklist

EvilAbigail:Automated linux evil maid attack

https://github.com/GDSSecurity/EvilAbigail

Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox

https://www.slideshare.net/mark-smith/remotely-compromising-ios-via-wifi-and-escaping-the-sandbox

HTTPLeaks:All possible ways, a website can leak HTTP requests

https://github.com/cure53/HTTPLeaks

使用RDP跳过网络隔离

https://rastamouse.me/2017/08/jumping-network-segregation-with-rdp/

A journey into Radare 2 – Part 2: Exploitation

https://www.megabeets.net/a-journey-into-radare-2-part-2/

利用内存破坏漏洞进行Python沙盒逃逸

https://hackernoon.com/python-sandbox-escape-via-a-memory-corruption-bug-19dde4d5fea5

Flattened Mitre ATT&CK Matrix

https://docs.google.com/spreadsheets/d/e/2PACX-1vSzc2z9ZGpr5rnsFdBlqwG0pKyziZrWmNOPfNHjrFpY3twcyueciWelTMmQETSf8IFcOXvkXYBcyd4W/pubhtml

Alice and Bob, who the FOCI are they?:Analysis of end-to-end encryption in the LINE messaging application

https://www.usenix.org/system/files/conference/foci17/foci17-paper-espinoza.pdf

Mako Web-server Tutorials Multiple Unauthenticated Vulnerabilities

https://blogs.securiteam.com/index.php/archives/3391

本文由 安全客 原创发布，如需转载请注明来源及本文地址。
本文地址：http://bobao.360.cn/learning/detail/4352.html