Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

【知识】9月7日 - 每日安全知识热点

0
0
【知识】9月7日 - 每日安全知识热点

2017-09-07 10:43:55

阅读:1036次
点赞(0)
收藏
来源: 安全客





【知识】9月7日 - 每日安全知识热点

作者:童话





【知识】9月7日 - 每日安全知识热点

热点概要:影子经济人回归,再度售卖黑客工具、Apache Struts2–052 漏洞分析预警、S2-052漏洞分析及官方缓解措施无效验证、如何制作基础认证钓鱼页面、Uber Bug Bounty:如何获取内部聊天系统的访问权限、十年磨一剑:恶意程序Snowball(雪球)的前世今生、S2-052 exp、Command and Control – DNS 、IPTables工作原理分析


资讯类:

影子经济人回归,再度售卖黑客工具

http://bobao.360.cn/news/detail/4293.html


黑客免费提供的Cobian RAT中暗藏后门

http://thehackernews.com/2017/09/backdoored-hacking-tools.html


技术类:

【漏洞分析】Apache Struts2–052 漏洞分析预警

http://bobao.360.cn/learning/detail/4372.html


S2-052漏洞分析及官方缓解措施无效验证

http://xxlegend.com/2017/09/06/S2-052%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%8F%8A%E5%AE%98%E6%96%B9%E7%BC%93%E8%A7%A3%E6%8E%AA%E6%96%BD%E6%97%A0%E6%95%88%E9%AA%8C%E8%AF%81/


NSAppTransportSecurity,NSAlwaysArbitraryLoads和应用程序传输安全(ATS)异常安全分析指南

https://www.nowsecure.com/blog/2017/08/31/security-analysts-guide-nsapptransportsecurity-nsallowsarbitraryloads-app-transport-security-ats-exceptions/


如何制作基础认证钓鱼页面

https://securitycafe.ro/2017/09/06/phishy-basic-authentication-prompts/


CFire介绍:绕过CloudFlare安全保护

https://rhinosecuritylabs.com/cloud-security/cloudflare-bypassing-cloud-security/


Uber Bug Bounty:如何获取内部聊天系统的访问权限

http://blog.mish.re/index.php/2017/09/06/uber-bug-bounty-gaining-access-to-an-internal-chat-system/


如何绕过Microsoft Edge、Google Chrome和Apple Safari的内容安全策略

http://blog.talosintelligence.com/2017/09/vulnerability-spotlight-content.html


十年磨一剑:恶意程序Snowball(雪球)的前世今生

https://researchcenter.paloaltonetworks.com/2017/09/unit42-analysing-10-year-old-snowball/


windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 1)

https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/


S2-052 exp

https://github.com/rapid7/metasploit-framework/pull/8924/commits/5ea83fee5ee8c23ad95608b7e2022db5b48340ef


Binary Rewriting With Syzygy, Pt. I

https://doar-e.github.io/blog/2017/08/05/binary-rewriting-with-syzygy/


javascript WebSocket Backdoor: 浏览器后门

https://n0where.net/javascript-websocket-backdoor-browserbackdoor/


A2billing 2.x - SQL Injection

https://www.exploit-db.com/exploits/42615/


kernel-exploits

https://github.com/xairy/kernel-exploits


Java-Deserialization-Cheat-Sheet

https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet


Command and Control – DNS

https://pentestlab.blog/2017/09/06/command-and-control-dns/


Hunting With Active Directory Replication Metadata

https://posts.specterops.io/hunting-with-active-directory-replication-metadata-1dab2f681b19


IPTables工作原理分析

https://n0where.net/how-does-it-work-iptables/


SubDomain TakeOver Scanner

https://github.com/antichown/subdomain-takeover



【知识】9月7日 - 每日安全知识热点
【知识】9月7日 - 每日安全知识热点
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4375.html

Viewing all articles
Browse latest Browse all 12749
click here for Latest and Popular articles on Mesothelioma and Asbestos