记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

【知识】9月6日 - 每日安全知识热点

2017-09-06 14:50
2017-09-06 10:55:00 阅读:1392次 收藏 来源: 安全客 作者:童话

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:【漏洞预警】Apache Struts2插件高危漏洞(S2-052)、Struts2 S2-052 RCE分析与利用、Mastercard互联网网关服务:Hashing设计缺陷、Solaris to Linux Migration 2017ToorCon 19 - 2017 议题视频滥用可写Windows服务


资讯类:


【漏洞预警】Apache Struts2插件高危漏洞(S2-052)

http://bobao.360.cn/news/detail/4291.html 


技术类:


Mastercard互联网网关服务:Hashing设计缺陷

http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/ 


DIY监控程序: 滥用Apple的Call Relay协议

http://www.martinvigo.com/diy-spy-program-abusing-apple-call-relay-protocol/ 


High Sierra安全内核扩展加载存在安全隐患

https://objective-see.com/blog/blog_0x21.html 


ToorCon 19 - 2017 议题视频

https://www.youtube.com/playlist?list=PLR6Acteg0QHE0Yjs3jK2zzWjmGhUgsYUp 


滥用可写Windows服务

https://blog.didierstevens.com/2017/09/05/abusing-a-writable-windows-service/ 


使用QL去发现Apache Struts的远程代码执行漏洞(CVE-2017-9805)

https://lgtm.com/blog/apache_struts_CVE-2017-9805 

译文:

https://xianzhi.aliyun.com/forum/read/2067.html 


WiseGiga NAS多个漏洞

https://blogs.securiteam.com/index.php/archives/3402 


Struts2 S2-052 RCE分析与利用

https://mp.weixin.qq.com/s/PedD0NG2KLAKWbupzU8lrw 


通过静态分析检测Python Web应用程序中漏洞

https://github.com/python-security/pyt 


C# DLL注入指南

http://www.codingvision.net/miscellaneous/c-inject-a-dll-into-a-process-w-createremotethread 


Graftor - But I Never Asked for This

http://blog.talosintelligence.com/2017/09/graftor-but-i-never-asked-for-this.html 


Flattened MITRE ATT&CK Matrix

http://www.austintaylor.io/mitre/attack/matrix/flattened/threat/actor/mapping/2017/09/05/flattened-mitre-attack-matrix/ 


Flash Dumping - Part I 

https://blog.quarkslab.com/flash-dumping-part-i.html 


Re-enjoying the ActiveX (and others) Fun in Chinese Customized Browsers 

https://justhaifei1.blogspot.com/2017/09/re-enjoying-activex-and-others.html 


Solaris to Linux Migration 2017

http://www.brendangregg.com/blog/2017-09-05/solaris-to-linux-2017.html 


security things in Linux v4.13

https://outflux.net/blog/archives/2017/09/05/security-things-in-linux-v4-13/ 


Footprints of FIN7: Tracking Actor Patterns (Part 1)

https://www.icebrg.io/blog/footprints-of-fin7-tracking-actor-patterns 


本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://www.hackdig.com/09/hack-48692.htm

知识来源: bobao.360.cn/learning/detail/4368.html

阅读:68103 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“【知识】9月6日 - 每日安全知识热点”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云

本页关键词