安全路透社
当前位置:安全路透社 > 安全客 > 正文

【知识】9月7日 – 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:影子经济人回归,再度售卖黑客工具、Apache Struts2–052 漏洞分析预警、S2-052漏洞分析及官方缓解措施无效验证、如何制作基础认证钓鱼页面、Uber Bug Bounty:如何获取内部聊天系统的访问权限、十年磨一剑:恶意程序Snowball(雪球)的前世今生、S2-052 exp、Command and Control – DNS 、IPTables工作原理分析

资讯类:


影子经济人回归,再度售卖黑客工具 

http://bobao.360.cn/news/detail/4293.html 


黑客免费提供的Cobian RAT中暗藏后门

http://thehackernews.com/2017/09/backdoored-hacking-tools.html 


技术类:


【漏洞分析】Apache Struts2–052 漏洞分析预警

http://bobao.360.cn/learning/detail/4372.html 

S2-052漏洞分析及官方缓解措施无效验证

http://xxlegend.com/2017/09/06/S2-052%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%8F%8A%E5%AE%98%E6%96%B9%E7%BC%93%E8%A7%A3%E6%8E%AA%E6%96%BD%E6%97%A0%E6%95%88%E9%AA%8C%E8%AF%81/ 

NSAppTransportSecurity,NSAlwaysArbitraryLoads和应用程序传输安全(ATS)异常安全分析指南

https://www.nowsecure.com/blog/2017/08/31/security-analysts-guide-nsapptransportsecurity-nsallowsarbitraryloads-app-transport-security-ats-exceptions/ 

如何制作基础认证钓鱼页面

https://securitycafe.ro/2017/09/06/phishy-basic-authentication-prompts/ 

CFire介绍:绕过CloudFlare安全保护

https://rhinosecuritylabs.com/cloud-security/cloudflare-bypassing-cloud-security/ 

Uber Bug Bounty:如何获取内部聊天系统的访问权限

http://blog.mish.re/index.php/2017/09/06/uber-bug-bounty-gaining-access-to-an-internal-chat-system/ 

如何绕过Microsoft Edge、Google Chrome和Apple Safari的内容安全策略

http://blog.talosintelligence.com/2017/09/vulnerability-spotlight-content.html 

十年磨一剑:恶意程序Snowball(雪球)的前世今生

https://researchcenter.paloaltonetworks.com/2017/09/unit42-analysing-10-year-old-snowball/ 

Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 1)

https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/ 

S2-052 exp

https://github.com/rapid7/metasploit-framework/pull/8924/commits/5ea83fee5ee8c23ad95608b7e2022db5b48340ef 

Binary Rewriting With Syzygy, Pt. I

https://doar-e.github.io/blog/2017/08/05/binary-rewriting-with-syzygy/ 

JavaScript WebSocket Backdoor: 浏览器后门

https://n0where.net/javascript-websocket-backdoor-browserbackdoor/ 

A2billing 2.x – SQL Injection

https://www.exploit-db.com/exploits/42615/ 

kernel-exploits

https://github.com/xairy/kernel-exploits 

Java-Deserialization-Cheat-Sheet

https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet 

Command and Control – DNS 

https://pentestlab.blog/2017/09/06/command-and-control-dns/ 

Hunting With Active Directory Replication Metadata

https://posts.specterops.io/hunting-with-active-directory-replication-metadata-1dab2f681b19 

IPTables工作原理分析

https://n0where.net/how-does-it-work-iptables/ 

SubDomain TakeOver Scanner

https://github.com/antichown/subdomain-takeover 


本文地址:http://bobao.360.cn/learning/detail/4375.html

未经允许不得转载:安全路透社 » 【知识】9月7日 – 每日安全知识热点

赞 (0)
分享到:更多 ()

评论 0

评论前必须登录!

登陆 注册