安全路透社
当前位置:安全路透社 > 安全客 > 正文

【知识】8月25日 – 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:安全研究人员发布iOS内核漏洞的漏洞利用代码、由正则引起的Wecenter拒绝服务漏洞、渗透测试常用脚本收集、0patching福昕阅读器的漏洞(CVE-2017-10952)、Knock Subdomain Scan v.4.1.0(子域名扫描器)、CTF Writeup – Flare-On 2016 – 10: flava、pentest-tools:渗透测试常用脚本收集。

资讯类:


安全研究人员发布iOS内核漏洞的漏洞利用代码

https://www.bleepingcomputer.com/news/security/researcher-releases-fully-working-exploit-code-for-ios-kernel-vulnerability/


技术类:


DeLuxe版本:在eLux Thin 客户机操作系统上获取root权限

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/delux-edition-getting-root-privileges-on-the-elux-thin-client-os/

利用xwizard.exe加载dll

http://www.4hou.com/technology/6969.html

由正则引起的Wecenter拒绝服务漏洞

http://www.0aa.me/index.php/archives/139/

comission: 白盒CMS分析 

https://github.com/Intrinsec/comission

https://securite.intrinsec.com/2017/08/16/comission-whitebox-cms-analysis/

0patching福昕阅读器的漏洞(CVE-2017-10952)

https://0patch.blogspot.com/2017/08/0patching-foxit-readers-saveas-0day-cve.html

Knock Subdomain Scan v.4.1.0(子域名扫描器)

https://github.com/guelfoweb/knock

MFA Slipstream:用于O365钓鱼多因子认证的PoC

https://github.com/decidedlygray/mfa_slipstream_poc/

CTF Writeup – Flare-On 2016 – 10: flava

http://vulnerablespace.blogspot.jp/2016/11/ctf-writeup-flare-on-2016-10-flava.html

UMCI与Internet Explorer:探索CVE-2017-8625

https://posts.specterops.io/umci-vs-internet-explorer-exploring-cve-2017-8625-3946536c6442

Salamandra:封闭环境中检测和定位spy microphones的工具

https://github.com/eldraco/Salamandra

DECONSTRUCTING A WINNING WEBKIT PWN2OWN ENTRY

https://www.zerodayinitiative.com/blog/2017/8/24/deconstructing-a-winning-webkit-pwn2own-entry

Needle in a haystack of .jar files [username enumeration]

http://sheepsec.com/blog/username_enumeration_via_jar.html

pentest-tools:渗透测试常用脚本收集

https://github.com/gwen001/pentest-tools

The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity

https://www.crowdstrike.com/blog/french-connection-french-aerospace-focused-cve-2014-0322-attack-shares-similarities-2012/

WMI查询:ReturnValue vs uValue(和一些远程注册表)

https://blogs.technet.microsoft.com/positivesecurity/2017/08/24/wmi-queries-returnvalue-vs-uvalue-and-some-remote-registry/

Guilt by Association: Large Scale Malware Detection by Mining File-relation Graphs

https://www.cc.gatech.edu/~dchau/papers/14_kdd_aesop.pdf

分析Ruby中内存使用的Crash案例

https://robots.thoughtbot.com/a-crash-course-in-analyzing-memory-usage-in-ruby


本文地址:http://bobao.360.cn/learning/detail/4315.html

未经允许不得转载:安全路透社 » 【知识】8月25日 – 每日安全知识热点

赞 (1)
分享到:更多 ()

评论 0

评论前必须登录!

登陆 注册