记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

【知识】8月9日 - 每日安全知识热点

2017-08-10 02:15
2017-08-09 11:00:57 阅读:3377次 收藏 来源: 安全客 作者:童话

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:高通加解密引擎提权漏洞解析、在IE、Edge浏览器中走私HTA文件、Hunting恶意npm包 、Nmap Cheat Sheet、BoopSuite:基于Python的无线审计、安全测试套件、人工智能、机器学习在信息安全领域中的应用[FREE]、Windows漏洞利用技巧:从任意目录创建到任意文件读取


国内热词(以下内容部分摘自http://www.solidot.org/ ):


比特币的日常交易功能正在丧失


资讯类:


Microsoft针对25个关键漏洞发布安全补丁

http://thehackernews.com/2017/08/microsoft-security-patch.html 


技术类:


Windows漏洞利用技巧:从任意目录创建到任意文件读取

https://googleprojectzero.blogspot.com/2017/08/windows-exploitation-tricks-arbitrary.html 


高通加解密引擎提权漏洞解析 

http://www.iceswordlab.com/2017/08/07/qualcomm-crypto-engine-vulnerabilities-exploits/ 


在IE、Edge浏览器中走私HTA文件

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/smuggling-hta-files-in-internet-exploreredge/ 


人工智能、机器学习在信息安全领域中的应用[FREE]

http://defense.ballastsecurity.net/static/IntroductionToArtificialIntelligenceForSecurityProfessionals_Cylance.pdf 


Hunting恶意npm包 

https://duo.com/blog/hunting-malicious-npm-packages 


F-Secure Anti-Virus: Arbitrary Free Vulnerability via TNEF

https://landave.io/2017/08/f-secure-anti-virus-arbitrary-free-vulnerability-via-tnef/ 


Week of Evading Microsoft ATA - Day 2 

http://www.labofapenetrationtester.com/2017/08/week-of-evading-microsoft-ata-day2.html 


CVE-2017-8620:Windows Search远程代码执行漏洞

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8620 


如何使用rsyslog监控对基础设施的攻击

https://posts.specterops.io/attack-infrastructure-log-aggregation-and-monitoring-345e4173044e 


Nmap Cheat Sheet

https://s3-us-west-2.amazonaws.com/stationx-public-download/nmap_cheet_sheet_0.6.pdf 


Creating Real Looking User Accounts in AD Lab

https://www.darkoperator.com/blog/2016/7/30/creating-real-looking-user-accounts-in-ad-lab 


uEmu(IDA插件):a tiny cute emulator plugin for IDA based on unicorn engine

https://github.com/alexhude/uEmu 


Adobe Reader DC解析器混淆漏洞

http://blog.talosintelligence.com/2017/08/adobe-reader-dc-parser.html 


Hooking COM Classes

http://blogs.microsoft.co.il/pavely/2017/08/07/hooking-com-classes/ 


Android银行木马滥用accessibility服务

http://b0n1.blogspot.it/2017/08/android-banking-trojan-misuses.html 


Xssing Web With Unicodes

Part 1:http://blog.rakeshmane.com/2016/11/xssing-web-part-1.html    

Part 2:http://blog.rakeshmane.com/2017/08/xssing-web-part-2.html 


Defeating the VB5 Packer

https://r3mrum.wordpress.com/2017/06/07/defeating-the-vb5-packer/ 


D-Link 850L多个漏洞

https://blogs.securiteam.com/index.php/archives/3364 


MAC osx、iOS常见安全工具汇总

https://github.com/ashishb/osx-and-ios-security-awesome 


BoopSuite:基于Python的无线审计、安全测试套件

https://github.com/MisterBianco/BoopSuite 


本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://www.hackdig.com/08/hack-48006.htm

知识来源: bobao.360.cn/learning/detail/4226.html

阅读:138501 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“【知识】8月9日 - 每日安全知识热点”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

推广

标签云

本页关键词