当前位置:安全客 >> 知识详情

【知识】5月17日 - 每日安全知识热点

2017-05-17 09:50:04 阅读:17654次 收藏 来源: 安全客 作者:adlab_puky

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:一波未平一波又起!影子经纪人宣称每月将定期出售NSA黑客工具为什么钓鱼攻击能够成功您的ePub阅读器是否足够安全?分析Microsoft Office的攻击面Hidden Alternative Data Streams的进阶利用技巧利用互斥体阻断想哭蠕虫,实现联网升级、您的ePub阅读器是否足够安全?


资讯类:


“影子经纪人”将放出更多0day漏洞 支持月度付款

http://thehackernews.com/2017/05/shodow-brokers-wannacry-hacking.html


贝尔加拿大公司遭入侵:神秘黑客席卷200万账户详情

http://www.theregister.co.uk/2017/05/16/bell_canada_quieting_fears_post_data_heist/


技术类:


一波未平一波又起!影子经纪人宣称每月将定期出售NSA黑客工具

http://bobao.360.cn/news/detail/4169.html 

https://steemit.com/shadowbrokers/@theshadowbrokers/oh-lordy-comey-wanna-cry-edition


PVS-Studio团队公开表示愿意改善Tizen项目的安全性

https://developer.tizen.org/forums/general-support/pvs-studio-team-willing-work-on-improving-tizen-project-open-letter


为什么钓鱼攻击能够成功

https://ttmm.io/tech/why-phishing-attacks-succeed/


SSH 中间人工具 v1.0

https://github.com/jtesta/ssh-mitm


渗透测试亚马逊简单存储服务AMAZON S3

https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-storage/


您的ePub阅读器是否足够安全?

https://shhnjk.blogspot.jp/2017/05/is-your-epub-reader-secure-enough.html


MacroMeter - VBA Reversed TCP Meterpreter Stager

https://github.com/Cn33liz/MacroMeter/blob/master/MacroMeter.vba


你需要知道的http header中的安全属性

https://blog.appcanary.com/2017/http-security-headers.html


web开发者的安全书单

https://simplesecurity.sensedeep.com/web-developer-security-checklist-f2e4f43c9c56


hack虚拟内存:malloc,堆和程序中断

https://blog.holbertonschool.com/hack-the-virtual-memory-malloc-the-heap-the-program-break/


sniffROM:一个用于被动式数据捕获和串行闪存芯片的工具

https://github.com/alainiamburg/sniffROM


在VBA中使用DLL改善宏的攻击功能

https://labs.mwrinfosecurity.com/blog/dll-tricks-with-vba-to-improve-offensive-macro-capability/


分析Microsoft Office的攻击面

https://0b3dcaf9-a-62cb3a1a-s-sites.googlegroups.com/site/zerodayresearch/Analysis_of_the_Attack_Surface_of_Microsoft_Office_from_User_Perspective_final.pdf


利用互斥体阻断想哭蠕虫,实现联网升级

http://www.4hou.com/technology/4793.html


WSSiP:WebSocket操作代理

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/may/wssip-a-websocket-manipulation-proxy/


Burp中的美化json的工具

https://blog.netspi.com/beautifying-json-in-burp/


法国总统选举:跟踪MACRONGATE的来源

https://www.qurium.org/alerts/france/tracing_macrongate_source/


iOS 10.3.2修复了大量CVE漏洞

https://support.apple.com/en-us/HT207798


MySQL SQL Injection速查表

http://www.sqlinjectionwiki.com/Categories/2/mysql-sql-injection-cheat-sheet/


Hidden Alternative Data Streams的进阶利用技巧

http://www.4hou.com/technology/4783.html


Adobe Flash: Out-of-bounds read in getting TextField width

https://bugs.chromium.org/p/project-zero/issues/detail?id=1211


Adobe Flash: Out-of-bounds read in AVC deblocking

https://bugs.chromium.org/p/project-zero/issues/detail?id=1171


Adobe Flash: Heap Corruption in Margin Handling

https://bugs.chromium.org/p/project-zero/issues/detail?id=1174


Adobe Flash: Out-of-bounds write in hit test

https://bugs.chromium.org/p/project-zero/issues/detail?id=1210



本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/3862.html

参与讨论,请先 | 注册 | 匿名评论
发布
用户评论
无任何评论