2017-09-22 10:54:16
阅读:149次
点赞(0)
收藏
来源: 安全客
作者:童话
热点概要:针对联网智能灯泡的安全性分析、维基解密公布新文档 揭露俄罗斯实施的大规模监控活动、[Project Zero]模糊测试5个最常用的浏览器DOM引擎 、蓝牙安全向导、针对CVE-2016-10190的详细分析、浅析python对象注入
国内热词(一下内容部分来自:http://www.solidot.org/)
CCleaner 攻击者以思科微软等公司为目标
CEO 下班后逮住一个陌生人,引发经济间谍调查
资讯类:
攻击者控制WordPress、Joomla、JBoss服务器挖掘门罗币
https://www.bleepingcomputer.com/news/security/attackers-take-over-wordpress-joomla-jboss-servers-to-mine-monero/
维基解密公布新文档 揭露俄罗斯实施的大规模监控活动
http://securityaffairs.co/wordpress/63189/intelligence/wikileaks-russia-peter-service.html
技术类:
针对联网智能灯泡的安全性分析
https://www.contextis.com/blog/hacking-into-internet-connected-light-bulbs
Realmode Assembly - Writing bootable stuff - Part 5
https://0x00sec.org/t/realmode-assembly-writing-bootable-stuff-part-5/3667
[Project Zero]模糊测试5个最常用的浏览器DOM引擎
https://googleprojectzero.blogspot.de/2017/09/the-great-dom-fuzz-off-of-2017.html
windows kernel pool spraying fun - Part 4 - object & pool headers, kex & putting it all together
https://theevilbit.blogspot.hu/2017/09/windows-kernel-pool-spraying-fun-part-4.html
蓝牙安全向导
https://csrc.nist.gov/csrc/media/publications/sp/800-121/rev-2/draft/documents/sp800_121_r2_draft.pdf
How I hacked hundreds of companies through their helpdesk
https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c
通过CISSP考试后的分享
https://secvul.com/topics/804.html
新的FinFisher监控活动:是否涉及互联网提供商?
https://www.welivesecurity.com/2017/09/21/new-finfisher-surveillance-campaigns/
小心Bashware:恶意软件绕过杀软的新方法
https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/
uTest:针对Scala的测试框架
http://www.lihaoyi.com/post/uTesttheEssentialTestFrameworkforScala.html
CVE-2016-10190详细分析
https://nandynarwhals.org/cve-2016-10190/
在Windows上编译Classic POSIX子系统的可执行文件
https://blog.ret2.io/2017/09/20/subsystem-posix/
浅析Python对象注入
http://defencely.com/blog/defencely-clarifies-python-object-injection-exploitation/
metasploit low-level overview (encoders/paylaods review)
https://www.exploit-db.com/docs/18532.pdf
CSP bypass by setting innerHTML on a same-origin page lacking CSP
https://bugs.chromium.org/p/chromium/issues/detail?id=764518
Controlling an RC car using GNU Radio and HackRF
https://www.youtube.com/watch?v=IOKOJIK2kU8&feature=youtu.be
OS X Kernel Exploit (OS X 10.12 Sierra)
http://theori.io/research/korean/osx-kernel-exploit-1
Email attachment using CVE-2017-8759 exploit targets Argentina
https://isc.sans.edu/diary.html
dorkbot:Command-line tool to scan Google search results for vulnerabilities
https://github.com/utiso/dorkbot
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4461.html
