2017-09-07 10:43:55
阅读:1036次
点赞(0)
收藏
来源: 安全客
作者:童话
热点概要:影子经济人回归,再度售卖黑客工具、Apache Struts2–052 漏洞分析预警、S2-052漏洞分析及官方缓解措施无效验证、如何制作基础认证钓鱼页面、Uber Bug Bounty:如何获取内部聊天系统的访问权限、十年磨一剑:恶意程序Snowball(雪球)的前世今生、S2-052 exp、Command and Control – DNS 、IPTables工作原理分析
资讯类:
影子经济人回归,再度售卖黑客工具
http://bobao.360.cn/news/detail/4293.html
黑客免费提供的Cobian RAT中暗藏后门
http://thehackernews.com/2017/09/backdoored-hacking-tools.html
技术类:
【漏洞分析】Apache Struts2–052 漏洞分析预警
http://bobao.360.cn/learning/detail/4372.html
S2-052漏洞分析及官方缓解措施无效验证
http://xxlegend.com/2017/09/06/S2-052%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%8F%8A%E5%AE%98%E6%96%B9%E7%BC%93%E8%A7%A3%E6%8E%AA%E6%96%BD%E6%97%A0%E6%95%88%E9%AA%8C%E8%AF%81/
NSAppTransportSecurity,NSAlwaysArbitraryLoads和应用程序传输安全(ATS)异常安全分析指南
https://www.nowsecure.com/blog/2017/08/31/security-analysts-guide-nsapptransportsecurity-nsallowsarbitraryloads-app-transport-security-ats-exceptions/
如何制作基础认证钓鱼页面
https://securitycafe.ro/2017/09/06/phishy-basic-authentication-prompts/
CFire介绍:绕过CloudFlare安全保护
https://rhinosecuritylabs.com/cloud-security/cloudflare-bypassing-cloud-security/
Uber Bug Bounty:如何获取内部聊天系统的访问权限
http://blog.mish.re/index.php/2017/09/06/uber-bug-bounty-gaining-access-to-an-internal-chat-system/
如何绕过Microsoft Edge、Google Chrome和Apple Safari的内容安全策略
http://blog.talosintelligence.com/2017/09/vulnerability-spotlight-content.html
十年磨一剑:恶意程序Snowball(雪球)的前世今生
https://researchcenter.paloaltonetworks.com/2017/09/unit42-analysing-10-year-old-snowball/
windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 1)
https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/
S2-052 exp
https://github.com/rapid7/metasploit-framework/pull/8924/commits/5ea83fee5ee8c23ad95608b7e2022db5b48340ef
Binary Rewriting With Syzygy, Pt. I
https://doar-e.github.io/blog/2017/08/05/binary-rewriting-with-syzygy/
javascript WebSocket Backdoor: 浏览器后门
https://n0where.net/javascript-websocket-backdoor-browserbackdoor/
A2billing 2.x - SQL Injection
https://www.exploit-db.com/exploits/42615/
kernel-exploits
https://github.com/xairy/kernel-exploits
Java-Deserialization-Cheat-Sheet
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
Command and Control – DNS
https://pentestlab.blog/2017/09/06/command-and-control-dns/
Hunting With Active Directory Replication Metadata
https://posts.specterops.io/hunting-with-active-directory-replication-metadata-1dab2f681b19
IPTables工作原理分析
https://n0where.net/how-does-it-work-iptables/
SubDomain TakeOver Scanner
https://github.com/antichown/subdomain-takeover
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4375.html