安全路透社
当前位置:安全路透社 > 安全客 > 正文

【知识】5月8日 – 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:再次认识Intel AMT漏洞Ode to the use-after-free: one vulnerable function, a thousand possibilitiesPHP-CGI远程代码执行漏洞(CVE-2012-1823)分析 、在iOS应用程序中使用Frida绕过越狱检测详细解析PHP mail()函数漏洞利用技巧


资讯类:


法国总统大选在即 候选人马克龙9 GB 邮件遭曝光 

http://www.theregister.co.uk/2017/05/06/hackers_release_9gb_of_email_from_macron_two_days_before_french_presidential_election/

技术类:


再次认识Intel AMT漏洞

https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability

Qubes 安全公告:修复了与PV存储器相关的高危漏洞

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-030-2017.txt

Ode to the use-after-free: one vulnerable function, a thousand possibilities

https://scarybeastsecurity.blogspot.com/2017/05/ode-to-use-after-free-one-vulnerable.html

对Pawn Storm 网络间谍组织的跟踪分析

https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf

对移动设备安全性的研究

https://www.dhs.gov/sites/default/files/publications/DHS%20Study%20on%20Mobile%20Device%20Security%20-%20April%202017-FINAL.pdf

DNS的一个特性:DNSAdmin to DC compromise in one line

https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-one-line-a0f779b8dc83

端口扫描的小工具

https://github.com/vesche/scanless

CVE-2017-3305:mysql Client 和 Server端存在MITM漏洞

http://again.riddle.link/

PHP-CGI远程代码执行漏洞(CVE-2012-1823)分析

https://www.leavesongs.com/PENETRATION/php-cgi-cve-2012-1823.html

TrustZone安全技术研究

http://mp.weixin.qq.com/s?src=3&timestamp=1494204662&ver=1&signature=mV84SMCvF0EvZTPVNDWofzOR5jyZ1BFzQB0jBE4GSnLM-3fp52wQf5H8GnAi3EQHObZSzPw6FBvafA4E0kxSPeuHuQp-SGUUowFmrqvae13r43AD0PcP80hO2B-2sWsjX36kGLjNSUQ*Wjo0PCxd4GrtlFJuXHujiw-MWDadi6I=

XSS Bypass Cookbook ver 3.0

http://www.math1as.com/index.php/archives/426/

Ursnif反分析技术并绕过它们的方法

http://www.iij.ad.jp/en/company/development/iir/pdf/iir_vol34_EN.pdf

浏览器的XSS过滤器bypass表

https://github.com/masatokinugawa/filterbypass/wiki/Browser's-XSS-Filter-Bypass-Cheat-Sheet

CISO&SOC指南:检测和停止数据外带via DNS

https://www.peerlyst.com/posts/ciso-and-soc-guide-detecting-and-stopping-data-exfiltration-via-dns-s-delano

BSidesCBR 2017 CTF Write-Up: Needleinahaystack

https://paulsec.github.io/blog/2017/05/06/bsidescbr-2017-ctf-write-up-needleinahaystack/

在iOS应用程序中使用Frida绕过越狱检测

http://blog.attify.com/2017/05/06/bypass-jailbreak-detection-frida-ios-applications/

维基解密发布“阿基米德”:用来攻击在办公室使用的局域网(LAN)中的计算机

https://wikileaks.org/vault7/

详细解析PHP mail()函数漏洞利用技巧

http://bobao.360.cn/learning/detail/3818.html

MySQL False注入及技巧总结

http://bobao.360.cn/learning/detail/3804.html


本文地址:http://bobao.360.cn/learning/detail/3820.html

未经允许不得转载:安全路透社 » 【知识】5月8日 – 每日安全知识热点

赞 (0)
分享到:更多 ()

评论 0

评论前必须登录!

登陆 注册