安全路透社
当前位置:安全路透社 > 安全客 > 正文

【知识】7月28日 – 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:美国黑帽大会上披露Cisco Autonomic Networking漏洞、维基解密公布CIA开发的针对MacOS和Linux系统的黑客工具、Black Hat USA 2017 议题PPT下载(部分)、CVE-2017-5698 (Intel AMT) exploit、看雪CTF2017学习记录整理系列5


资讯类:


维基解密公布CIA开发的针对MacOS和Linux系统的黑客工具

http://thehackernews.com/2017/07/linux-macos-hacking-tools.html 

技术类:


美国黑帽大会上披露Cisco Autonomic Networking漏洞

http://www.securityweek.com/unpatched-cisco-autonomic-networking-flaws-disclosed-black-hat 

WiFi渗透测试电子书

https://rootsh3ll.com/product/kali-linux-wireless-pentesting-security-ebook/ 

Cracking the Lens:针对HTTP的隐藏攻击面

http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html 

Awesome Web Security

https://github.com/qazbnm456/awesome-web-security 

Black Hat USA 2017 议题PPT下载(部分)

https://www.blackhat.com/us-17/briefings.html 

CVE-2017-8464:LNK Remote Code Execution Vulnerability,Python exp

https://github.com/nixawk/labs/blob/master/CVE-2017-8464/exploit_CVE-2017-8464.py 

Web cache deception Attack

https://www.blackhat.com/docs/us-17/wednesday/us-17-Gil-Web-Cache-Deception-Attack-wp.pdf 

Morten Schenk在Black Hat 2017披露Windows 10 内核利用

https://github.com/MortenSchenk/BHUSA2017/blob/master/us-17-Schenk-Taking-Windows-10-Kernel-Exploitation-To-The-Next-Level%E2%80%93Leveraging-Write-What-Where-Vulnerabilities-In-Creators-Update-wp.pdf 

跨站点请求伪造(CSRF)你必须要知道的知识点

https://www.darknet.org.uk/2017/07/all-you-need-to-know-about-cross-site-request-forgery-csrf/ 

CLR-Injection

https://github.com/3gstudent/CLR-Injection 

BlueSpoof:跨平台magstripe欺骗工具

https://salmg.net/2017/06/13/bluespoof/ 

A New Era of SSRF-Exploiting URL Parser in Trending Programming Languages!

https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf 

攻击用户Docker容器隐藏、权限维持、植入恶意软件

https://threatpost.com/attack-uses-docker-containers-to-hide-persist-plant-malware/126992/ 

CVE-2017-5698 (Intel AMT) exploit

https://github.com/embedi/amt_auth_bypass_poc 

Supervisor Authenticated远程代码执行漏洞

https://blogs.securiteam.com/index.php/archives/3348 

阿里云安骑士 webshell规则逆向

https://mp.weixin.qq.com/s?__biz=MzI4NjYwMTQ1Ng==&mid=2247483697&idx=1&sn=f36f1420fe39f51ca648e1de5b5431b2 

腾讯云 webshell检测规则逆向

https://mp.weixin.qq.com/s?__biz=MzI4NjYwMTQ1Ng==&mid=2247483708&idx=1&sn=e8548a85d75584cc93fd2379f591c634 

Docker Security最佳实践电子书

https://www.sqreen.io/resources/docker-security-best-practices 

Metasploit for Machine Learning: Deep-Pwning

https://n0where.net/metasploit-for-machine-learning-deep-pwning/ 

看雪CTF2017学习记录整理系列5

https://weiyiling.cn/one/pediy_ctf2017-5 


本文地址:http://bobao.360.cn/learning/detail/4165.html

未经允许不得转载:安全路透社 » 【知识】7月28日 – 每日安全知识热点

赞 (0)
分享到:更多 ()

评论 0

评论前必须登录!

登陆 注册