热点概要:WordPress Core -RCE PoC Exploit (video) 无需插件和认证、Android应用逆向101、Windows提权思路总结、英特尔®AMT,英特尔®SBA或支持
热点概要:WordPress Core -RCE PoC Exploit (video) 无需插件和认证、Android应用逆向101、Windows提权思路总结、英特尔®AMT,英特尔®SBA或支持英特尔®ISM功能的系统存在权限提升漏洞、Apple iOS 10.3控制面板拒绝服务漏洞、上周jenkins修的反序列化RCE的漏洞细节和POC、恶意样本分析手册——工具篇、UAC bypass的研究总结、Mehdi Talbi & Paul Fariello – VM escape – QEMU Case Study
国内热词(以下内容部分摘自http://www.solidot.org/):
WordPress Core被爆远程代码执行
在未能敲诈 Netflix 后黑客公开尚未上映的剧集
英国破解恐怖袭击枪手的加密 WhatsApp 信息
俄罗斯电信公司劫持金融服务的网络流量
资讯类:
Apple撤销OSX / Dok恶意软件使用的证书
https://threatpost.com/apple-revokes-certificate-used-by-osxdok-malware/125322/
因为Netflix没有支付赎金,黑客威胁泄漏更多的节目
http://thehackernews.com/2017/04/Orange-is-the-new-black-season-5-episodes.html
技术类:
WordPress Core -RCE PoC Exploit (video) 无需插件和认证
https://youtu.be/ZFt_S5pQPX0
比较“81端口的botnet”和 MIRAI 之间的联系
http://blog.netlab.360.com/the_difference_between_http81_botnet_and_mirai/
Android应用逆向101
https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/
内网安全——利用NSA Smbtouch批量检测内网
https://3gstudent.github.io/3gstudent.github.io/%E5%86%85%E7%BD%91%E5%AE%89%E5%85%A8-%E5%88%A9%E7%94%A8NSA-Smbtouch%E6%89%B9%E9%87%8F%E6%A3%80%E6%B5%8B%E5%86%85%E7%BD%91/
Mehdi Talbi & Paul Fariello – VM escape – QEMU Case Study
http://www.phrack.org/papers/vm-escape-qemu-case-study.html
Windows提权思路总结
http://blog.mokirin.com/2017/04/27/windows%E6%8F%90%E6%9D%83%E6%80%9D%E8%B7%AF%E6%80%BB%E7%BB%93/
绕过ios锁屏漏洞的总结
http://blog.dinosec.com/2014/09/bypassing-ios-lock-screens.html
编写高质量的Windows Shellcode
https://dimitrifourny.github.io/2017/04/28/optimized-windows-shellcode/
CVE-2017-8073 POC :WeeChat 1.7.1之前远程crash
/exec -o /bin/echo -e "x01DCC SEND " 1.2.3.4 1337 1×01
雅虎为 Flickr 账户劫持漏洞(三处漏洞结合使用)支付7000刀
http://blog.mish.re/index.php/2017/04/29/yahoo-bug-bounty-chaining-3-minor-issues-to-takeover-flickr-accounts/
Apple iOS 10.3控制面板拒绝服务漏洞
https://www.vulnerability-lab.com/get_content.php?id=2059
十五种方式打破RSA的安全性
https://github.com/comaeio/OPCDE/blob/master/15_ways_to_break_RSA_Security/opcde2017-ds-lifchitz-break_rsa.pdf
UAC bypass的研究总结
https://www.peerlyst.com/posts/wiki-uac-bypasses-and-uac-bypass-research-nic-cancellari
利用.NET管理DCOM对象模型
https://googleprojectzero.blogspot.in/2017/04/exploiting-net-managed-dcom.html
英特尔®AMT,英特尔®SBA或支持英特尔®ISM功能的系统存在权限提升漏洞
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
defcon 2017 liberty writeup
https://github.com/deroko/liberty
一个漏洞信息检索网站
https://vulners.com/
如何使用Nmap与Meterpreter双剑合璧
http://www.blackhillsinfosec.com/?p=5897
上周jenkins修的反序列化RCE的漏洞细节和POC
https://blogs.securiteam.com/index.php/archives/3171
2017年5月 Android安全公告
https://source.android.com/security/bulletin/2017-05-01
UIUCTF 2017 – ZippyPic Writeup
https://jbzteam.github.io/web/UIUC2017-ZippyPics
AMSI bypass via COM hijacking
https://gist.githubusercontent.com/enigma0x3/00990303951942775ebb834d5502f1a6/raw/783a9b43f52f8f65f30edea707c79d9914b6f6f5/amsi_bypass.reg
在C中使用LoadLibrary进行DLL注入
https://arvanaghi.com/blog/dll-injection-using-loadlibrary-in-C/
Outlook:从表单到获取shell
https://sensepost.com/blog/2017/outlook-forms-and-shells/
Sanic Web框架任意文件读取漏洞分析
https://mp.weixin.qq.com/s?__biz=MzIxODIzNzgwMw==&mid=2654056186&idx=1&sn=ae10828fcc1a0308e2563367e709c85d
恶意样本分析手册——工具篇
http://blog.nsfocus.net/malicious-sample-analysis-manual-tool-1/
http://blog.nsfocus.net/malicious-sample-analysis-manual-tool-2/
HookCase是一个用于在MacOS上进行调试和逆向工程应用的工具
https://github.com/steven-michaud/HookCase
Running programs via Proxy & jumping on a EDR-bypass trampoline
http://www.hexacorn.com/blog/2017/05/01/running-programs-via-proxy-jumping-on-a-edr-bypass-trampoline/
绕过Windows附件管理器
http://www.rvrsh3ll.net/blog/informational/bypassing-windows-attachment-manager/
DEFCON CTF QUALIFIERS 2017 – Crackme 2000
https://github.com/sinfocol/ctfs/tree/master/writeups/2017/defcon-qualifiers/crackme-2000
leakbase.pw泄漏的访问日志
http://siph0n.net/exploits.php?id=4976
在Metasploit中远程利用Eternalblue和Dualpulsar Exploit
http://www.hackingarticles.in/exploit-remote-windows-pc-eternalblue-doublepulsar-exploit-metasploit/
京公网安备 11010802041100号