当前位置:安全客 >> 知识详情

【知识】9月13日 - 每日安全知识热点

2017-09-13 10:17:42 阅读:447次 收藏 来源: 安全客 作者:77caikiki

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:Strust2漏洞影响多个Cisco产品、三星发布漏洞赏金计划,最高赏金可达20万美元、【IoT】BlueBorne攻击:无需用户交互黑客即可仅通过蓝牙接管Android设备、CURL会有后门吗、如何制作一个GSM基站、ARM exploitation for IoT、渗透测试工具备忘录


资讯类:


Strust2漏洞影响多个Cisco产品

http://thehackernews.com/2017/09/apache-struts-flaws-cisco.html


【hackernews】三星发布漏洞赏金计划,最高赏金可达20万美元

http://thehackernews.com/2017/09/samsung-bug-bounty-program.html 

技术类:


【IoT】BlueBorne攻击:无需用户交互黑客即可仅通过蓝牙接管Android设备(影响主流移动,桌面,IoT操作系统以及任何使用蓝牙的设备)。BlueBorne攻击可使攻击者完全接管设备,并通过受感染的设备传播恶意软件。

https://threatpost.com/wireless-blueborne-attacks-target-billions-of-bluetooth-devices/127921/ 

视频demo:https://www.bilibili.com/video/av14413847/ 


【exploit-db】tcprewrite Heap-Based Buffer Overflow

https://www.exploit-db.com/exploits/42652/ 


【exploit-db】PHP Dashboards NEW 4.4 - SQL Injection

https://www.exploit-db.com/exploits/42654/ 


【exploit-db】PHP Dashboards NEW 4.4 - Arbitrary File Read

https://www.exploit-db.com/exploits/42653/ 


Windows Event Forwarding for Network Defense

https://medium.com/@palantir/windows-event-forwarding-for-network-defense-cb208d5ff86f


Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 2)

https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-2/ 

part 1: https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/ 


Malware Analysis - Triaging Java JAR Files视频分析

https://www.bilibili.com/video/av14414854/ 


CURL会有后门吗?

https://daniel.haxx.se/blog/2017/09/12/the-backdoor-threat/ 


ARM exploitation for IoT - part 2

https://quequero.org/2017/09/arm-exploitation-iot-episode-2/ 

传送门part 1: https://quequero.org/2017/07/arm-exploitation-iot-episode-1/ 


渗透测试工具备忘录

https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ 


Windows kernel pool spraying fun - Part 2 - More objects

http://theevilbit.blogspot.jp/2017/09/windows-kernel-pool-spraying-fun-part-2.html 


How to hide your browser 0-days in an encrypted ninja fashion!

https://github.com/Mrgeffitas/Ironsquirrel 


如何制作一个GSM基站

https://n0where.net/build-gsm-base-station/ 


exploitations of Uninitialized Uses on macOS Sierra

https://www.usenix.org/system/files/conference/woot17/woot17-paper-xu.pdf 


本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4410.html

参与讨论,请先 | 注册 | 匿名评论
发布
用户评论
呆萌的叶星 2017-09-13 11:21:39
回复 |  点赞

//@77ca1k1k1:转发微博

查看更多