2017-10-13 10:54:39
阅读:1872次
点赞(0)
收藏
来源: 安全客
作者:童话
热点概要:Yahoo Bug Bounty:利用OAuth配置错误来接管Flickr帐户、BurpSuite扩展用于自动化授权强制检测、Kernel Pool Overflow Exploitation In Real World(windows 7、10)、Typecho SSRF漏洞分析和利用、渗透测试学习笔记之案例五
国内热词(以下内容部分来自:http://www.solidot.org/)
卡巴斯基被指修改软件以帮助俄罗斯窃取 NSA 机密
比特币币值再次突破 5000 美元,创造新的历史记录
资讯类:
Outlook加密有bug 会在用户发送的加密邮件后附加明文版本
https://www.theregister.co.uk/2017/10/11/outlook_smime_bug/
技术类:
Yahoo Bug Bounty:利用OAuth配置错误来接管Flickr帐户
https://mishresec.wordpress.com/2017/10/12/yahoo-bug-bounty-exploiting-oauth-misconfiguration-to-takeover-flickr-accounts/
BurpSuite扩展用于自动化授权强制检测
https://github.com/Quitten/Autorize
atomic-red-team:Small and highly portable detection tests mapped to the Mitre ATT&CK Framework.
https://github.com/redcanaryco/atomic-red-team
德国选举是在9月24日,但垃圾邮件发送者已经投票了(德国大选时,大量垃圾邮件干扰投票结果)
https://www.proofpoint.com/us/threat-insight/post/german-elections-are-september-24-spammers-have-already-cast-their-votes
Over The Air - Vol. 2, Pt. 3:利用苹果设备上的Wi-Fi协议栈
https://googleprojectzero.blogspot.com/2017/10/over-air-vol-2-pt-3-exploiting-wi-fi.html
Kernel Pool Overflow Exploitation In Real World – Windows 7
http://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/
Kernel Pool Overflow Exploitation In Real World – Windows 10
http://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/
Typecho SSRF漏洞分析和利用
https://joychou.org/web/typecho-ssrf-analysis-and-exploit.html
DependencyCheck OWASP出品,一款检查Java相关库缺陷的工具。用于查找依赖库中已存在的公开漏洞,支持Maven,gradle,jenkins,ant等打包方式(from廖新喜)
https://github.com/jeremylong/DependencyCheck
Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra
http://www.openwall.com/lists/oss-security/2017/10/12/1
未授权FLIR(Lorex)云访问
https://depthsecurity.com/blog/unauthorized-flir-cloud-access
代码审计新姿势,从任意读到任意重置用户密码
https://xianzhi.aliyun.com/forum/read/2209.html
渗透测试学习笔记之案例五
https://xianzhi.aliyun.com/forum/read/2206.html
Exploding Git Repositories
https://kate.io/blog/git-bomb/
自动删除旧的Gmail电子邮件
https://room362.com/post/2017/automatically-deleting-old-gmail-mail/
反击爬虫,前端工程师的脑洞可以有多大?
http://litten.me/2017/07/09/prevent-spiders/
clrinject:Injects C# EXE or DLL Assembly into any CLR runtime and AppDomain of another process.
https://github.com/jonatan1024/clrinject
awesome-adversarial-machine-learning
https://github.com/yenchenlin/awesome-adversarial-machine-learning
反汇编和运行时分析
http://blog.talosintelligence.com/2017/10/disassembler-and-runtime-analysis.html?utm_source=dlvr.it&utm_medium=twitter&utm_campaign=Feed%3A+feedburner%2FTalos+%28Talos+Blog%29
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4539.html