Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

【知识】9月4日 - 每日安全知识热点

0
0
【知识】9月4日 - 每日安全知识热点

2017-09-04 10:43:07

阅读:1046次
点赞(0)
收藏
来源: 安全客





【知识】9月4日 - 每日安全知识热点

作者:童话





【知识】9月4日 - 每日安全知识热点

热点概要:利用Marketo Forms XSS、postMessage frame-jumping和jQuery-JSONP窃取www.hackerone.com的contact表单数据、在windows下通过滥用bad assumption检测调试器、通过Burp Macros自动化模糊测试Web应用的输入点、Youtube中的高级Flash漏洞、Ruby on Rails安全检查Checklist、利用内存破坏漏洞进行python沙盒逃逸


资讯类:

GitLab修复暴露用户私有令牌的会话劫持漏洞

https://threatpost.com/session-hijacking-bug-exposed-gitlab-users-private-tokens/127747/


技术类:

利用Marketo Forms XSS、postMessage frame-jumping和jQuery-JSONP窃取www.hackerone.com的contact表单数据

https://hackerone.com/reports/207042


在Windows下通过滥用bad assumption检测调试器

http://www.triplefault.io/2017/08/detecting-debuggers-by-abusing-bad.html


Safari Accidentally Treating ';' as an Assignment Operator

https://bugs.webkit.org/show_bug.cgi?id=176114


通过Burp Macros自动化模糊测试Web应用的输入点

http://blog.securelayer7.net/automating-web-apps-input-fuzzing-via-burp-macros/


Youtube中的高级Flash漏洞

https://opnsec.com/2017/08/advanced-flash-vulnerabilities-in-youtube/


Android tap-jacking can be turned into ransomware

https://youtu.be/FRpcGwCedZ0


Windows逆向工程

http://www.cse.tkk.fi/fi/opinnot/T-110.6220/2014_Reverse_Engineering_Malware_AND_Mobile_Platform_Security_AND_Software_Security/luennot-files/T1106220.pdf


Ruby on Rails安全检查Checklist

http://www.engineyard.com/blog/ruby-on-rails-security-checklist


EvilAbigail:Automated linux evil maid attack

https://github.com/GDSSecurity/EvilAbigail


Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox

https://www.slideshare.net/mark-smith/remotely-compromising-ios-via-wifi-and-escaping-the-sandbox


HTTPLeaks:All possible ways, a website can leak HTTP requests

https://github.com/cure53/HTTPLeaks


使用RDP跳过网络隔离

https://rastamouse.me/2017/08/jumping-network-segregation-with-rdp/


A journey into Radare 2 – Part 2: Exploitation

https://www.megabeets.net/a-journey-into-radare-2-part-2/


利用内存破坏漏洞进行Python沙盒逃逸

https://hackernoon.com/python-sandbox-escape-via-a-memory-corruption-bug-19dde4d5fea5


Flattened Mitre ATT&CK Matrix

https://docs.google.com/spreadsheets/d/e/2PACX-1vSzc2z9ZGpr5rnsFdBlqwG0pKyziZrWmNOPfNHjrFpY3twcyueciWelTMmQETSf8IFcOXvkXYBcyd4W/pubhtml


Alice and Bob, who the FOCI are they?:Analysis of end-to-end encryption in the LINE messaging application

https://www.usenix.org/system/files/conference/foci17/foci17-paper-espinoza.pdf


Mako Web-server Tutorials Multiple Unauthenticated Vulnerabilities

https://blogs.securiteam.com/index.php/archives/3391



【知识】9月4日 - 每日安全知识热点
【知识】9月4日 - 每日安全知识热点
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4352.html

Viewing all articles
Browse latest Browse all 12749