2017年3月18日 星期六

2017/3/18 資安晨摘

資安新聞:
1.俄罗斯间谍是如何入侵雅虎的

2.手机充电桩变身个人信息盗取器

3.人脸识别滑铁卢?拆解“变脸炸弹”急救包 

4.A single picture could have been used by attackers to hack the popular secure messaging applications WhatsApp and Telegram

5.INTEL, MICROSOFT ANNOUNCE NEW BUG BOUNTIES

6.Samsung Leaking Customer Information

7.自动化的下一代网络安全将基于“意图”


漏洞分析:
1.二进制漏洞利用中的ROP技术研究与实例分析

2.Roundcube 邮件正文存储型XSS(CVE-2017-6820)

3.Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc 

4.浅析Kerberos 约束委派SPN的安全漏洞

5.cve-2017-0065

6.Penetrating PornHub – XSS vulns galore 

7.Windows DVD Maker XML External Entity Injection 

8.Windows: COM Session Moniker EoP

9.Microsoft Edge: Undefined behavior on some getters

10.Microsoft Windows "LoadUvsTable()" Heap-based Buffer Overflow Vulnerability (Update 2016-12-14)

11.CVE-2017-0012:Microsoft Edge / IE 浏览器欺骗漏洞


惡意軟體分析:
1.挖矿木马ddg分析

2.Attackers Leverage Excel, PowerShell and DNS in Latest Non-Malware Attack


PT姿勢:
1.绕过DVWA所有安全级别的XSS Payload

2.Gargoyle——内存扫描逃逸技术

3.Windows 10 UAC Bypass Uses Backup and Restore Utility

4.ATTACKING RDP How to Eavesdrop on Poorly Secured RDP Connections


防禦姿勢:
1.Pass-the-Hash is Dead:Long Live LocalAccountTokenFilterPolicy

2.osquery For Security — Part 1

3.osquery for Security — Part 2


Mobile安全
1.HACKING ANDROID APPS WITH FRIDA II - CRACKME


防禦姿勢:
1.Windows/Linux用户态监控进程启动事件方法


基礎概念教學:
1..NET serialiception


CTF:
1.iCTF Rocket Science


工具:
1.CrabStick - Automatic remote/local file inclusion vulnerablity analysis and exploit tool

2.The Best Hacking Tools

3.Sn1per - Automated Pentest Recon Scanner

沒有留言:

張貼留言