2017-09-13 10:17:42
阅读:1386次
点赞(0)
收藏
来源: 安全客
作者:77caikiki
热点概要:Strust2漏洞影响多个Cisco产品、三星发布漏洞赏金计划,最高赏金可达20万美元、【IoT】BlueBorne攻击:无需用户交互黑客即可仅通过蓝牙接管Android设备、CURL会有后门吗、如何制作一个GSM基站、ARM exploitation for IoT、渗透测试工具备忘录
资讯类:
Strust2漏洞影响多个Cisco产品
http://thehackernews.com/2017/09/apache-struts-flaws-cisco.html【hackernews】三星发布漏洞赏金计划,最高赏金可达20万美元
http://thehackernews.com/2017/09/samsung-bug-bounty-program.html技术类:
【IoT】BlueBorne攻击:无需用户交互黑客即可仅通过蓝牙接管Android设备(影响主流移动,桌面,IoT操作系统以及任何使用蓝牙的设备)。BlueBorne攻击可使攻击者完全接管设备,并通过受感染的设备传播恶意软件。
https://threatpost.com/wireless-blueborne-attacks-target-billions-of-bluetooth-devices/127921/视频demo:https://www.bilibili.com/video/av14413847/
【exploit-db】tcprewrite Heap-Based Buffer Overflow
https://www.exploit-db.com/exploits/42652/【exploit-db】php Dashboards NEW 4.4 - SQL Injection
https://www.exploit-db.com/exploits/42654/【exploit-db】PHP Dashboards NEW 4.4 - Arbitrary File Read
https://www.exploit-db.com/exploits/42653/windows Event Forwarding for Network Defense
https://medium.com/@palantir/windows-event-forwarding-for-network-defense-cb208d5ff86fWindows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 2)
https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-2/part 1: https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/
Malware Analysis - Triaging Java JAR Files视频分析
https://www.bilibili.com/video/av14414854/CURL会有后门吗?
https://daniel.haxx.se/blog/2017/09/12/the-backdoor-threat/ARM exploitation for IoT - part 2
https://quequero.org/2017/09/arm-exploitation-iot-episode-2/传送门part 1: https://quequero.org/2017/07/arm-exploitation-iot-episode-1/
渗透测试工具备忘录
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/Windows kernel pool spraying fun - Part 2 - More objects
http://theevilbit.blogspot.jp/2017/09/windows-kernel-pool-spraying-fun-part-2.html
How to hide your browser 0-days in an encrypted ninja fashion!
https://github.com/Mrgeffitas/Ironsquirrel如何制作一个GSM基站
https://n0where.net/build-gsm-base-station/exploitations of Uninitialized Uses on macOS Sierra
https://www.usenix.org/system/files/conference/woot17/woot17-paper-xu.pdf
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4410.html
