5月18日-每日安全知识热点

http://p0.qhimg.com/t01f7ef32da341925d2.jpg

Magento:非认证远程代码执行漏洞

http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/

价值5000美金的GOOGLE存储型XSS

https://blog.it-securityguard.com/bugbounty-sleeping-stored-google-xss-awakens-a-5000-bounty/

Chrome XSS Auditor绕过。

https://html5sec.org/xssauditor/bypasses-052016?xss=%3Clink%20rel=import%20href=https:html5sec.org/

跟踪黑客第一部分

https://dfir-blog.com/2016/05/17/funny-honey-tracking-hackers-in-cyberspace-part1/

searchgiant_cli:命令行下针对云服务器的(Google Drive/Gmail/Dropbox等)的图像取证工具

https://github.com/jadacyrus/searchgiant_cli

AppleCronPrank:通过cron控制MACOX的工具

https://github.com/01010101/AppleCronPrank

CVE-2016-1287 POC: IKEv1/v2 缓冲区溢出POC,技术文档原来推动送过,在https://blog.exodusintel.com/2016/02/10/firewall-hacking/

https://github.com/exodusintel/disclosures/blob/master/CVE_2016_1287_PoC

当恶意软件遇到rootkit

https://www.symantec.com/avcenter/reference/when.malware.meets.rootkits.pdf

新的Angler挂马家族黑了19个站点,包括UltraVNC

http://www.cyphort.com/angler-hacks-vnc/

Django, ELB health checks and continuous delivery

http://tech.octopus.energy/2016/05/05/django-elb-health-checks.html

通过反向工程智能手环实现控制无人机

https:[email protected][email protected]rs-to-control-a-drone-on-a-nasa-d8aad8532dde#.fq8lircne

Windows – gdi32.dll Heap-Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)

https://www.exploit-db.com/exploits/39834/

分析foxit reader的堆溢出

https://scoding.de/analsysis-of-a-heap-overflow-in-foxit-reader

Volatility Framework 框架插件用于提取 BitLocker FVEK (Full Volume Encryption Key)

https://github.com/elceef/bitlocker

使用VOLATILITY发现高级的恶意软件

https://eforensicsmag.com/finding-advanced-malware-using-volatility/

介绍x64汇编

https://software.intel.com/sites/default/files/m/d/4/1/d/8/Introduction_to_x64_Assembly.pdf

linux-insides系列:信号量

https://github.com/0xAX/linux-insides/blob/master/SyncPrim/sync-5.md

一个内存访问冲突问题可导致Symantec Antivirus 奔溃你的windows系统

https://andreafortuna.org/a-memory-access-violation-in-symantec-antivirus-engine-could-crash-your-windows-system-db7813cae8a9#.eohd19rlf

钓鱼邮件攻击:组合office和pdf漏洞

https://www.trustwave.com/Resources/SpiderLabs-Blog/Earlier-Flaws-Revisited–MS-Office-and-PDF-Combo-Attack/?utm_content=buffer51cf8&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

#WindowsServer 2016 Nano的新powershell安全cmdlets替代SecEdit和AuditPol

https://blogs.msdn.microsoft.com/powershell/2016/05/09/new-security-cmdlets-in-nano-server/

我如何再一次绕过facbook csrf

http://pouyadarabi.blogspot.tw/2016/05/how-i-bypassed-facebook-csrf-in-2016.html

本文由 360安全播报 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/news/detail/3057.html

先进的网络信息安全文化

猜您喜欢

举办岗前技能培训 促进新员工稳定就业
网络安全行业迎高速增长期 http://e365.learnatchina.com/2016051723844.html
兴业银行开展防范 电信诈骗知识培训
网络信息安全实验室
MYLAND 95EPAY
网络安全从业人员需仔细学习中央“依法治国”精神
中国教育学会中山市安全教育实验区今日启动