5月12日-每日安全知识热点

http://p0.qhimg.com/t01f7ef32da341925d2.jpg

多个7ZIP漏洞

http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html

FACEBOOK开源CTF平台代码

https://github.com/facebook/fbctf

featherduster:自动化,模块化的密码分析工具

https://github.com/nccgroup/featherduster

wordpress flashmediaelement.swf文件的XSS漏洞

https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c

Jenkins 发布新版本,修复多个漏洞

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

关于"ImageTragick"漏洞的一些错误概念说明

https://lcamtuf.blogspot.com/2016/05/clearing-up-some-misconceptions-around.html

MS16-066 – 第一个公开的 VSM 漏洞 (HVCI 功能绕过) 

https://technet.microsoft.com/en-us/library/security/ms16-066

https://www.blackhat.com/us-16/briefings/schedule/index.html#analysis-of-the-attack-surface-of-windows-10-virtualization-based-security-3666

微软从WIN10中移除WIFI密码共享功能

小技巧,通过echo "bios.bootdelay = 20000" >> *.vmx, 将延迟启动VM的BIOS,方便测试

https://blogs.windows.com/windowsexperience/2016/05/10/announcing-windows-10-insider-preview-build-14342/

通过Javascript和COM,不使用powershell.exe执行powershell命令

https://gist.github.com/subTee/68749aa53d7ce0fb02e0a64b89615767

Bad USB攻击演示,类似Mr. Robot电视剧里的场景

https://www.youtube.com/watch?v=hEpk56Qy5W0&utm_content=28336556&utm_medium=social&utm_source=twitter

CVE-2016-0801 POC:通过WIFI实现远程LINUX/Android内核栈溢出

https://github.com/abdsec/CVE-2016-0801/blob/master/PoC.c

chrome扩展:用于计算各种哈希算法

https://github.com/s12v/hasher

使用netsh开启network Trace功能

https://blogs.msdn.microsoft.com/canberrapfe/2012/03/30/capture-a-network-trace-without-installing-anything-capture-a-network-trace-of-a-reboot/

(Pwn2Own) Microsoft Windows PFFOBJ::bDeleteLoadRef Font Use-After-Free Privilege Escalation Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-16-281/

Win32/Nymaim的混淆和Win32/Silcon看起来差不多

https://www.virustotal.com/en/file/a19e80ce5f793c62cbc447cc8c8e6dabd7351e01a5a90075531e5cfd7aa0ee62/analysis/

瘦客户端应用渗透测试快速入门

http://www.slideshare.net/nullbind/thick-application-penetration-testing-crash-course

SIEM Kung Fu [New Paper]

https://securosis.com/blog/siem-kung-fu-new-paper

regsvr32 sct 配合 metasploit web delivery使用

http://carnal0wnage.attackresearch.com/2016/05/subtee-regsrv32-sct-with-metasploit-web.html

免责声明:文章内容不代表本站立场,本站不对其内容的真实性、完整性、准确性给予任何担保、暗示和承诺,仅供读者参考,文章版权归原作者所有。如本文内容影响到您的合法权益(内容、图片等),请及时联系本站,我们会及时删除处理。查看原文

为您推荐