2017-09-08 10:27:09
阅读:288次
点赞(0)
收藏
来源: 安全客
作者:童话
热点概要:windows内核bug阻止安全软件识别恶意软件、微软拒绝修复Edge浏览器中的内容安全策略绕过问题、如何利用python反序列化漏洞、Struts REST漏洞 (CVE-2017-9805)检测payload、TrickBot银行木马Dropper分析、CVE-2017-0780:可使Android的Messages应用程序crash的拒绝服务漏洞分析。
资讯类:
Windows内核bug阻止安全软件识别恶意软件
https://www.bleepingcomputer.com/news/security/bug-in-windows-kernel-could-prevent-security-software-from-identifying-malware/
微软拒绝修复Edge浏览器中的内容安全策略绕过问题
https://www.theregister.co.uk/2017/09/07/talos_says_msft_edge_content_security_bypass_is_a_feature_wont_be_patched/
技术类:
如何利用Python反序列化漏洞
https://crowdshield.com/blog.php?name=exploiting-python-deserialization-vulnerabilities
Windows内核池混合对象漏洞利用
http://srcincite.io/blog/2017/09/06/sharks-in-the-pool-mixed-object-exploitation-in-the-windows-kernel-pool.html
linux进程间代码注入
https://blog.gdssecurity.com/labs/2017/9/5/linux-based-inter-process-code-injection-without-ptrace2.html
PiFinger:检测当前网络中是否存在Wifi- Pineapple,并评估当前wifi网络的安全性
https://github.com/besimaltnok/PiFinger
无线网络后渗透的艺术:通过Indirect Wireless Pivots绕过端口访问控制
https://github.com/GDSSecurity/Whitepapers/blob/master/GDS%20Labs%20-%20The%20Black%20Art%20of%20Wireless%20Post%20Exploitation%20-%20Bypassing%20Port%20Based%20Access%20Controls%20Using%20Indirect%20Wireless%20Pivots.pdf
DolphinAttack: Inaudible Voice Commands
https://endchan.xyz/.media/50cf379143925a3926298f881d3c19ab-applicationpdf.pdf
Jungo DriverWizard WinDriver - 内核池溢出
https://www.exploit-db.com/exploits/42624/
Apache Struts 2.5 - Remote Code Execution
https://www.exploit-db.com/exploits/42627/
CVE-2017-0780:影响Android消息应用程序的拒绝服务漏洞分析
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-0780-denial-service-vulnerability-android-messages-app/
Hunting Pastebin with PasteHunter
https://techanarchy.net/2017/09/hunting-pastebin-with-pastehunter/
Windows内核驱动程序漏洞利用
https://glennmcgui.re/introduction-to-windows-kernel-exploitation-pt-1/
RHME3 Quals - Exploitation
https://glennmcgui.re/rhme3-quals-exploitation/
过期的域名和恶意软件
https://blog.malwarebytes.com/threat-analysis/2017/09/expired-domain-names-and-malvertising/
Detection payload for the new Struts REST vulnerability (CVE-2017-9805)
https://techblog.mediaservice.net/2017/09/detection-payload-for-the-new-struts-rest-vulnerability-cve-2017-9805/
TrickBot银行木马Dropper分析
http://www.ringzerolabs.com/2017/07/trickbot-banking-trojan-doc00039217doc.html
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4381.html
