Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

【知识】9月20日 - 每日安全知识热点

0
0
【知识】9月20日 - 每日安全知识热点

2017-09-20 10:27:21

阅读:6次
点赞(0)
收藏
来源: 安全客





【知识】9月20日 - 每日安全知识热点

作者:童话





【知识】9月20日 - 每日安全知识热点

热点概要:打印机安全详解、CVE-2017-3085:在远程沙箱中运行,Adobe Flash windows用户凭据泄漏漏洞、Active Directory访问控制列表、浏览器安全白皮书、常见的WiFi攻击及检测方法、The PYPI python Package Hack、Microsoft Edge: 内存损坏与部分页面加载漏洞


国内热词(一下内容部分来自:http://www.solidot.org/)

Google 呼吁警惕政府支持的黑客攻击

Equifax 今年三月就遭到过一次入侵


资讯类:

CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP

http://www.openwall.com/lists/oss-security/2017/09/19/1


技术类:

新的Android木马针对60多家银行和社交应用程序

https://clientsidedetection.com/new_android_trojan_targeting_over_60_banks_and_social_apps.html


打印机安全详解

https://0x00sec.org/t/an-introduction-to-printer-exploitation-1/3565/1


CVE-2017-3085:在远程沙箱中运行,Adobe Flash Windows用户凭据泄漏漏洞

https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/


smbmap:用于SMB枚举的工具

https://github.com/ShawnDEvans/smbmap


远程系统漏洞分析:WebSploit Toolkit

https://n0where.net/remote-system-vulnerability-analysis/


探索从TypeScript到WebAssembly的编译

https://medium.com/web-on-the-edge/exploring-compilation-from-typescript-to-webassembly-f846d6befc12


Active Directory访问控制列表 - 攻击和防御

https://blogs.technet.microsoft.com/enterprisemobility/2017/09/18/active-directory-access-control-list-attacks-and-defense/


通过在Windows中滥用bad assumption来检测调试器

http://www.triplefault.io/2017/08/detecting-debuggers-by-abusing-bad.html


蓝牙漏洞影响所有主要操作系统

https://hackaday.com/2017/09/14/bluetooth-vulnerability-affects-all-major-os/


浏览器安全白皮书

https://browser-security.x41-dsec.de/X41-Browser-Security-White-Paper.pdf

https://cure53.de/browser-security-whitepaper.pdf


如何优化ElasticSearch的ssdeep比较

http://www.intezer.com/intezer-community-tip-ssdeep-comparisons-with-elasticsearch/


Epson漏洞: EasyMP投影机接管

https://rhinosecuritylabs.com/research/epson-easymp-remote-projection-vulnerabilities/


常见的WiFi攻击及检测方法

https://wtf.horse/2017/09/19/common-wifi-attacks-explained/


内核驱动程序mmap处理程序漏洞利用代码开发

https://labs.mwrinfosecurity.com/publications/kernel-driver-mmap-handler-exploitation/

https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-mmap-exploitation-whitepaper-2017-09-18.pdf


具有采矿功能的恶意软件近期显著增加

https://securityintelligence.com/network-attacks-containing-cryptocurrency-cpu-mining-tools-grow-sixfold/


The PYPI Python Package Hack

http://www.bytelion.com/pypi-python-package-hack/

传送门:

Package 钓鱼

http://blog.fatezero.org/2017/06/01/package-fishing/

被忽视的攻击面:Python package 钓鱼

https://paper.seebug.org/326/


Apache Struts CVE-2017-5638漏洞带来的思考

https://alexgaynor.net/2017/sep/18/surviving-struts-cve/


Microsoft Edge: 内存损坏与部分页面加载漏洞

https://bugs.chromium.org/p/project-zero/issues/detail?id=1309


Microsoft Edge: out-of-bounds read in COptionsCollectionCacheItem::GetAt

https://bugs.chromium.org/p/project-zero/issues/detail?id=1301


focused Web Crawler: ACHE

https://n0where.net/focused-web-crawler-ache/


I know I haven't patched yet, and there's a zero-day knocking at my door

https://cybersins.com/zero-day-patch-timely-workaround/


An Update of PenTesting Tools that (do not) Support IPv6

https://insinuator.net/2017/09/an-update-of-pentesting-tools-that-do-not-support-ipv6/


HVACKer - Bridging the Air-Gap by Manipulating the Environment Temperature

http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_055_Mirsky_AirgapTemperature.pdf




【知识】9月20日 - 每日安全知识热点
【知识】9月20日 - 每日安全知识热点
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4449.html

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles





Latest Images