安全路透社
当前位置:安全路透社 > 安全客 > 正文

【知识】9月29日 – 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:Mac OS X本地Javascript隔离绕过,可实现任意文件读取、BlueBorne 蓝牙漏洞深入分析与PoC、DerbyCon 2017 CTF Write Up 、tinfoleak:获取有关Twitter用户活动的详细信息、黑帽SEO剖析之手法篇、CVE-2017-8046: RCE in PATCH requests in Spring Data REST、Powershell安全最佳实践、Browser hacking for 280 character tweets 

国内热词(以下内容部分来自:http://www.solidot.org/ )


新浪微博招募千名监督员

中国比特币玩家转战海外

技术类:


Mac OS X本地Javascript隔离绕过,可实现任意文件读取

https://www.wearesegment.com/research/Mac-OS-X-Local-Javascript-Quarantine-Bypass.html 

中文版:http://bobao.360.cn/learning/detail/4496.html 

tinfoleak:获取有关Twitter用户活动的详细信息

https://github.com/vaguileradiaz/tinfoleak 

在Linux 4.13和Go中玩转内核TLS

https://blog.filippo.io/playing-with-kernel-tls-in-linux-4-13-and-go/ 


BlueBorne 蓝牙漏洞深入分析与PoC

http://bobao.360.cn/learning/detail/4495.html 


Dawnscanner:针对ruby应用的源码安全扫描器

https://github.com/thesp0nge/dawnscanner 

未授权访问漏洞总结

https://www.secpulse.com/archives/61101.html 

黑帽SEO剖析之手法篇

https://thief.one/2017/09/28/1/ 

BLEACH简单介绍

https://www.evilsocket.net/2017/09/23/This-is-not-a-post-about-BLE-introducing-BLEAH/ 

针对NFS服务的渗透测试指南

https://pentestacademy.wordpress.com/2017/09/20/nfs/ 

Win-Sec:Windows下自动化加固脚本

http://seclist.us/win-sec-windows-automation-system-hardening-scripts.html 

btproxy:蓝牙中间人分析工具

https://github.com/conorpp/btproxy 

每一个安全从业者都应该知道的10个nmap命令

https://www.peerlyst.com/posts/top-10-nmap-commands-every-hacker-should-know?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_resource 

Subverting Trust in Windows

https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf 

DerbyCon 2017 CTF Write Up 

https://labs.nettitude.com/blog/derbycon-2017-ctf-write-up/ 

Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing 

https://arxiv.org/pdf/1611.06952.pdf 

银行木马企图窃取Brazillion$ 

http://blog.talosintelligence.com/2017/09/brazilbanking.html 

这个Spring高危漏洞,你修补了吗?

https://mp.weixin.qq.com/s/uTiWDsPKEjTkN6z9QNLtSA 


CVE-2017-8046: RCE in PATCH requests in Spring Data REST

https://pivotal.io/security/cve-2017-8046 

利用Apple设备上的Wi-Fi协议栈

https://googleprojectzero.blogspot.de/2017/09/over-air-vol-2-pt-1-exploiting-wi-fi.html 

TLS 1.2 Session Tickets浅谈

https://blog.filippo.io/we-need-to-talk-about-session-tickets/ 

借用Microsoft代码签名证书

https://blog.conscioushacker.io/index.php/2017/09/27/borrowing-microsoft-code-signing-certificates/ 

Browser hacking for 280 character tweets 

http://blog.erratasec.com/2017/09/browser-hacking-for-280-character-tweets.html 

form-grabber恶意代码分析

https://thisissecurity.stormshield.com/2017/09/28/analyzing-form-grabber-malware-targeting-browsers/ 

Powershell安全最佳实践

https://www.digitalshadows.com/blog-and-research/powershell-security-best-practices/  

Exploring Robotics with the Hedgehog Robotics Controller

http://www.deviceplus.com/inspire/exploring-robotics-with-the-hedgehog-robotics-controller/?src=designspark 

Evasive Malware Campaign Abuses Free Cloud Service, Targets Korean Speakers

http://blog.fortinet.com/2017/09/20/evasive-malware-campaign-abuses-free-cloud-service-targets-korean-speakers?elq_source=socialmedia&utm_source=TWITTER&utm_id=70186&linkId=42854335 

Getting the goods with CrackMapExec: Part 1

https://byt3bl33d3r.github.io/getting-the-goods-with-crackmapexec-part-1.html 

Botnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions

https://arxiv.org/pdf/1709.09577.pdf 

Server-side browsing considered harmful

http://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf 

CVE-2017-12166: out of bounds write in key-method 1

https://community.openvpn.net/openvpn/wiki/CVE-2017-12166 

Chromium RCE Vulnerability Fix

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix 

MIT Tool Lets Programmers Port Source Code Between Incompatible Projects

https://www.bleepingcomputer.com/news/technology/mit-tool-lets-programmers-port-source-code-between-incompatible-projects/ 


本文地址:http://bobao.360.cn/learning/detail/4498.html

未经允许不得转载:安全路透社 » 【知识】9月29日 – 每日安全知识热点

赞 (0)
分享到:更多 ()

评论 0

评论前必须登录!

登陆 注册