安全路透社
当前位置:安全路透社 > 安全客 > 正文

【知识】6月1日 – 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:Joomla Core 3.x后台getshell、Chrome缺陷导致网站秘密记录音频和视频、Windows内核池喷射、sudo-CVE-2017-1000367漏洞利用程序、趋势科技深度安全防护6.5 – XML外部实体注入/本地特权升级/远程执行代码、Split Tunnel SMTP漏洞解析、绕过无线网络的MAC过滤、使用数据格式混淆绕过NGFW/WAFs 


资讯类:


影子经纪人响应团队正在为NSA泄露工具的分析进行公开众筹

https://www.patreon.com/shadowbrokers_crisis_team

网络安全法今天落地执行

http://www.miit.gov.cn/n1146295/n1146557/n1146614/c5345009/content.html

技术类:


Joomla Core 3.x后台getshell

https://howucan.gr/vulnerabilities/joomla-exploits/2215-joomla-core-3-x-poc-vulnerability-shell-upload

Chrome缺陷导致网站秘密记录音频和视频

http://bobao.360.cn/news/detail/4183.html

Windows内核池喷射

http://bobao.360.cn/learning/detail/3921.html

sudo-CVE-2017-1000367漏洞利用程序

https://github.com/c0d3z3r0/sudo-CVE-2017-1000367

XSS on any Shopify shop via abuse of the HTML5 structured clone algorithm in postMessage listener on "/:id/digital_wallets/dialog"

https://hackerone.com/reports/231053

A Dissection of the “EsteemAudit” Windows Remote Desktop Exploit

http://researchcenter.paloaltonetworks.com/2017/05/unit42-dissection-esteemaudit-windows-remote-desktop-exploit/

在移动设备上实现Energy攻击

https://arxiv.org/pdf/1704.04464.pdf

趋势科技深度安全防护6.5 – XML外部实体注入/本地特权升级/远程执行代码

https://www.exploit-db.com/exploits/42089/

macOS上FileVault软件破解工具 

https://github.com/macmade/FileVaultCracker/blob/master/README.md

Sophisticated Google Play BankBot Trojan campaigns

https://www.securify.nl/blog/SFY20170502/sophisticated_google_play_bankbot_trojan_campaigns.html

(Pwn2Own) Apple Safari WebSQL matchinfo型混淆远程代码执行漏洞

http://www.zerodayinitiative.com/advisories/ZDI-17-369/

Split Tunnel SMTP漏洞解析

https://blog.securolytics.io/2017/05/split-tunnel-smtp-exploit-explained/

绕过无线网络的MAC过滤

http://www.hackingtutorials.org/wifi-hacking-tutorials/bypass-mac-filtering-on-wireless-networks/

使用数据格式混淆绕过NGFW/WAFs 

https://medium.com/@d0znpp/bypassing-ngfw-wafs-using-data-format-obfuscations-188351ea9e73

How to bootstrap self-service continuous fuzzing

https://www.fastly.com/blog/how-bootstrap-self-service-continuous-fuzzing

儿童节快乐


本文地址:http://bobao.360.cn/learning/detail/3928.html

未经允许不得转载:安全路透社 » 【知识】6月1日 – 每日安全知识热点

赞 (1)
分享到:更多 ()

评论 0

评论前必须登录!

登陆 注册