当前位置:安全客 >> 知识详情

【知识】5月11日 - 每日安全知识热点

2017-05-11 09:56:54 阅读:13250次 收藏 来源: 安全客 作者:adlab_puky

http://p6.qhimg.com/t017313015b51e6034e.png


热点概要:通过socket包利用Linux内核漏洞Edge:SOP bypass\ UXSS 窃取凭据和Cookie方程式泄漏的工具catflap存在缓冲区漏洞可以在终端玩彩虹猫游戏Linux Kernel ExploitationDOUBLEPULSAR用户模式分析: 通用反射DLL Loader逆向分析apple定位服务协议越界访问(CVE:2017-0234)和一个释放后重用(CVE:2017-0236)漏洞分析


资讯类:


苹果修复icloud keychain的中间人漏洞

http://securityaffairs.co/wordpress/58948/hacking/icloud-keychain-vulnerability.html


Google直到今年第三季度发布Android O版本才会修复“screen hijack”漏洞

http://thehackernews.com/2017/05/android-permissions-vulnerability.html


技术类:


通过socket包利用Linux内核漏洞

https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html


Edge:SOP bypass\ UXSS 窃取凭据和Cookie

https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/


方程式泄漏的工具catflap存在缓冲区漏洞可以在终端玩彩虹猫游戏

https://www.hurricanelabs.com/blog/overflow-exploit-catflap-zero-day


Git Shell Bypass By Abused Less(CVE-2017-8386)

https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/


华硕路由器的多个漏洞CVE-2017-5891和CVE-2017-5892

https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/


Linux Kernel Exploitation

https://github.com/xairy/linux-kernel-exploitation


DOUBLEPULSAR用户模式分析: 通用反射DLL Loader

https://countercept.com/our-thinking/doublepulsar-usermode-analysis-generic-reflective-dll-loader/


逆向分析apple定位服务协议

https://appelsiini.net/2017/reverse-engineering-location-services/


Cisco DPC3928 路由器任意文件读取

https://blogs.securiteam.com/index.php/archives/3039


.NET Core & ASP.NET Core提权和拒绝服务漏洞的issue

https://github.com/dotnet/announcements/issues/12


Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010)

https://www.exploit-db.com/exploits/41987/


Adobe Flash Player修复多个可以导致RCE的漏洞

https://helpx.adobe.com/security/products/flash-player/apsb17-15.html


SAP SAPCAR 721.510堆缓冲区溢出

https://www.exploit-db.com/exploits/41991/


越界访问(CVE:2017-0234)和一个释放后重用(CVE:2017-0236)漏洞分析

https://media.weibo.cn/article?id=2309404105928097034074


Analysis of 0ctf 2015 simple.apk

http://www.ikey4u.com/blog/0ctf-2015-simpleapk/partA-learn-smali/ 

http://www.ikey4u.com/blog/0ctf-2015-simpleapk/partB-analysis-solib/


Firefox53 & Edge40 Browsers CSP Bypass

https://www.n0tr00t.com/2017/05/10/Firefox-and-Edge-Browsers-CSP-Bypass.html



本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/3838.html

参与讨论,请先 | 注册 | 匿名评论
发布
用户评论
Ping溢出大神 2017-05-11 12:28:47
回复 |  点赞

每日热点这种有奖励吗

聪明的狗子 2017-05-11 11:01:55
回复 |  点赞

有奖励有稿费哇!

360U1442656530 2017-05-11 10:21:42
回复 |  点赞

翻译有奖励吗😁

聪明的狗子 2017-05-11 11:01:55
回复 |  点赞

有奖励有稿费哇!

360U1442656530 2017-05-11 10:21:42
回复 |  点赞

翻译有奖励吗😁

360U1442656530 2017-05-11 10:21:42
回复 |  点赞

翻译有奖励吗😁

查看更多