【知识】9月6日 - 每日安全知识热点

【知识】9月6日 - 每日安全知识热点

2017-09-06 10:55:00

阅读：315次
点赞(0)
收藏
来源： 安全客







作者：童话

热点概要：【漏洞预警】Apache Struts2插件高危漏洞(S2-052)、Struts2 S2-052 RCE分析与利用、Mastercard互联网网关服务：Hashing设计缺陷、Solaris to linux Migration 2017、ToorCon 19 - 2017 议题视频、滥用可写windows服务

资讯类：

【漏洞预警】Apache Struts2插件高危漏洞(S2-052)

http://bobao.360.cn/news/detail/4291.html

技术类：

Mastercard互联网网关服务：Hashing设计缺陷

http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/

DIY监控程序: 滥用Apple的Call Relay协议

http://www.martinvigo.com/diy-spy-program-abusing-apple-call-relay-protocol/

High Sierra安全内核扩展加载存在安全隐患

https://objective-see.com/blog/blog_0x21.html

ToorCon 19 - 2017 议题视频

https://www.youtube.com/playlist?list=PLR6Acteg0QHE0Yjs3jK2zzWjmGhUgsYUp

滥用可写Windows服务

https://blog.didierstevens.com/2017/09/05/abusing-a-writable-windows-service/

使用QL去发现Apache Struts的远程代码执行漏洞（CVE-2017-9805)

https://lgtm.com/blog/apache_struts_CVE-2017-9805

译文：

https://xianzhi.aliyun.com/forum/read/2067.html

WiseGiga NAS多个漏洞

https://blogs.securiteam.com/index.php/archives/3402

Struts2 S2-052 RCE分析与利用

https://mp.weixin.qq.com/s/PedD0NG2KLAKWbupzU8lrw

通过静态分析检测python Web应用程序中漏洞

https://github.com/python-security/pyt

C# DLL注入指南

http://www.codingvision.net/miscellaneous/c-inject-a-dll-into-a-process-w-createremotethread

Graftor - But I Never Asked for This

http://blog.talosintelligence.com/2017/09/graftor-but-i-never-asked-for-this.html

Flattened MITRE ATT&CK Matrix

http://www.austintaylor.io/mitre/attack/matrix/flattened/threat/actor/mapping/2017/09/05/flattened-mitre-attack-matrix/

Flash Dumping - Part I

https://blog.quarkslab.com/flash-dumping-part-i.html

Re-enjoying the ActiveX (and others) Fun in Chinese Customized Browsers

https://justhaifei1.blogspot.com/2017/09/re-enjoying-activex-and-others.html

Solaris to Linux Migration 2017

http://www.brendangregg.com/blog/2017-09-05/solaris-to-linux-2017.html

security things in Linux v4.13

https://outflux.net/blog/archives/2017/09/05/security-things-in-linux-v4-13/

Footprints of FIN7: Tracking Actor Patterns (Part 1)

https://www.icebrg.io/blog/footprints-of-fin7-tracking-actor-patterns

本文由 安全客 原创发布，如需转载请注明来源及本文地址。
本文地址：http://bobao.360.cn/learning/detail/4368.html