2017-09-30 10:51:44
阅读:1461次
点赞(0)
收藏
来源: 安全客
作者:童话
热点概要:Mac固件安全研究、AttifyOS:一款针对IoT的渗透测试系统(集成常用工具)、Gen2 UHF RFID Reader、Spring Data Rest服务器PATCH请求远程代码执行漏洞CVE-2017-8046补充分析、CVE-2017-11282:0patching Flash Player远程内存破坏漏洞
国内热词(以下内容部分来自:http://www.solidot.org/)
在中国之后,韩国也宣布禁止ICO
莫斯科的监控网络部署面部识别技术
资讯类:
谷歌研究员发布攻破iPhone博通无线芯片的PoC利用代码
https://thehackernews.com/2017/09/apple-iphone-wifi-hacking.html
两年时间,linux内核bug变成潜在的本地权限提升缺陷
https://thehackernews.com/2017/09/linux-kernel-hacking.html
技术类:
Mac固件安全研究
https://duo.com/blog/the-apple-of-your-efi-mac-firmware-security-research
安全圈关系可视化分析【安全圈也许就这么大续集】
http://mp.weixin.qq.com/s/lIOSV5JOs9VvIcSnf_gbAQ
AttifyOS:一款针对IoT的渗透测试系统(集成常用工具)
https://github.com/adi0x90/attifyos
如何保护关键任务域名(域名安全)
https://blendle.engineering/protecting-our-mission-critical-domain-names-e9807db9d84c
Gen2 UHF RFID Reader
https://github.com/nikosl21/Gen2-UHF-RFID-Reader
Spring Data Rest服务器PATCH请求远程代码执行漏洞CVE-2017-8046补充分析
https://xianzhi.aliyun.com/forum/read/2186.html
电子邮件跟踪的隐私启示
https://senglehardt.com/papers/pets18_email_tracking.pdf
4.13 KASLR bypass via virtually seccomp-proof 144 byte infoleak
fix:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed976543d252c4eaf4be9
exploit:https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c
Qmail SMTP Bash Environment Variable Injection (Shellshock)
https://packetstormsecurity.com/files/144424
介绍Cloudflare Warp:隐藏在Edge之后
https://blog.cloudflare.com/introducing-cloudflare-warp/
SolarWinds Network Performance Monitor 12.0.15300.90 Denial Of Service
https://packetstormsecurity.com/files/144412
CVE-2017-11282:0patching Flash Player远程内存破坏漏洞
https://www.youtube.com/watch?v=6iZnIQbRf5M&feature=youtu.be
0patching the "Immortal" CVE-2017-7269
http://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4505.html