Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

【知识】9月29日 - 每日安全知识热点

0
0
【知识】9月29日 - 每日安全知识热点

2017-09-29 10:27:13

阅读:539次
点赞(0)
收藏
来源: 安全客





【知识】9月29日 - 每日安全知识热点

作者:童话





【知识】9月29日 - 每日安全知识热点

热点概要:Mac OS X本地javascript隔离绕过,可实现任意文件读取、BlueBorne 蓝牙漏洞深入分析与PoC、DerbyCon 2017 CTF Write Up 、tinfoleak:获取有关Twitter用户活动的详细信息、黑帽SEO剖析之手法篇、CVE-2017-8046: RCE in PATCH requests in Spring Data REST、Powershell安全最佳实践、Browser hacking for 280 character tweets


国内热词(以下内容部分来自:http://www.solidot.org/)

新浪微博招募千名监督员

中国比特币玩家转战海外


技术类:

Mac OS X本地Javascript隔离绕过,可实现任意文件读取

https://www.wearesegment.com/research/Mac-OS-X-Local-Javascript-Quarantine-Bypass.html

中文版:http://bobao.360.cn/learning/detail/4496.html


tinfoleak:获取有关Twitter用户活动的详细信息

https://github.com/vaguileradiaz/tinfoleak


linux 4.13和Go中玩转内核TLS

https://blog.filippo.io/playing-with-kernel-tls-in-linux-4-13-and-go/


BlueBorne 蓝牙漏洞深入分析与PoC

http://bobao.360.cn/learning/detail/4495.html


Dawnscanner:针对ruby应用的源码安全扫描器

https://github.com/thesp0nge/dawnscanner


未授权访问漏洞总结

https://www.secpulse.com/archives/61101.html


黑帽SEO剖析之手法篇

https://thief.one/2017/09/28/1/


BLEACH简单介绍

https://www.evilsocket.net/2017/09/23/This-is-not-a-post-about-BLE-introducing-BLEAH/


针对NFS服务的渗透测试指南

https://pentestacademy.wordpress.com/2017/09/20/nfs/


Win-Sec:windows下自动化加固脚本

http://seclist.us/win-sec-windows-automation-system-hardening-scripts.html


防火墙工作原理浅析

https://forum.reverse4you.org/showthread.php?t=2627


btproxy:蓝牙中间人分析工具

https://github.com/conorpp/btproxy


每一个安全从业者都应该知道的10个nmap命令

https://www.peerlyst.com/posts/top-10-nmap-commands-every-hacker-should-know?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_resource


Subverting Trust in Windows

https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf


DerbyCon 2017 CTF Write Up

https://labs.nettitude.com/blog/derbycon-2017-ctf-write-up/#top


Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing

https://arxiv.org/pdf/1611.06952.pdf


银行木马企图窃取Brazillion$

http://blog.talosintelligence.com/2017/09/brazilbanking.html


这个Spring高危漏洞,你修补了吗?

https://mp.weixin.qq.com/s/uTiWDsPKEjTkN6z9QNLtSA


CVE-2017-8046: RCE in PATCH requests in Spring Data REST

https://pivotal.io/security/cve-2017-8046


利用Apple设备上的Wi-Fi协议栈

https://googleprojectzero.blogspot.de/2017/09/over-air-vol-2-pt-1-exploiting-wi-fi.html


TLS 1.2 Session Tickets浅谈

https://blog.filippo.io/we-need-to-talk-about-session-tickets/


借用Microsoft代码签名证书

https://blog.conscioushacker.io/index.php/2017/09/27/borrowing-microsoft-code-signing-certificates/


Browser hacking for 280 character tweets

http://blog.erratasec.com/2017/09/browser-hacking-for-280-character-tweets.html#.WczQl8a-uUk


form-grabber恶意代码分析

https://thisissecurity.stormshield.com/2017/09/28/analyzing-form-grabber-malware-targeting-browsers/


Powershell安全最佳实践

https://www.digitalshadows.com/blog-and-research/powershell-security-best-practices/


Exploring Robotics with the Hedgehog Robotics Controller

http://www.deviceplus.com/inspire/exploring-robotics-with-the-hedgehog-robotics-controller/?src=designspark


Evasive Malware Campaign Abuses Free Cloud Service, Targets Korean Speakers

http://blog.fortinet.com/2017/09/20/evasive-malware-campaign-abuses-free-cloud-service-targets-korean-speakers?elq_source=socialmedia&utm_source=TWITTER&utm_id=70186&linkId=42854335


Getting the goods with CrackMapExec: Part 1

https://byt3bl33d3r.github.io/getting-the-goods-with-crackmapexec-part-1.html


Botnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions

https://arxiv.org/pdf/1709.09577.pdf


Server-side browsing considered harmful

http://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf


CVE-2017-12166: out of bounds write in key-method 1

https://community.openvpn.net/openvpn/wiki/CVE-2017-12166


Chromium RCE Vulnerability Fix

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix


MIT Tool Lets Programmers Port Source Code Between Incompatible Projects

https://www.bleepingcomputer.com/news/technology/mit-tool-lets-programmers-port-source-code-between-incompatible-projects/



【知识】9月29日 - 每日安全知识热点
【知识】9月29日 - 每日安全知识热点
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4498.html

Viewing all articles
Browse latest Browse all 12749