3月5日安全热点 - SgxSpectre攻击/3万多个易攻击的以太坊智能合约

 

资讯类

研究人员发现34,200个易受攻击的以太坊智能合约

https://news.hitb.org/content/researchers-find-34200-vulnerable-ethereum-smart-contracts

 

SgxSpectre攻击可以从英特尔SGX Enclaves中提取数据

https://www.bleepingcomputer.com/news/security/sgxspectre-attack-can-extract-data-from-intel-sgx-enclaves/

 

【企业安全】企业安全项目-前端绕过专项整改

https://mp.weixin.qq.com/s/0zWcGrZwB5siMNDeFUJcEg

 

PASETO介绍——JOSE标准的安全替代品

https://paragonie.com/blog/2018/03/paseto-platform-agnostic-security-tokens-is-secure-alternative-jose-standards-jwt-etc

 

EclecticIQ Fusion Center报告：来自Memcached服务器的DDoS攻击

https://www.eclecticiq.com/resources/report-ddos-attack-stemming-memcached-servers-github?type=intel-report

Massive DDoS attack washes over GitHub

 

技术类

Java反序列化漏洞学习实践一：从Serializbale接口开始，先弹个计算器

http://www.polaris-lab.com/index.php/archives/447/

 

Java反序列化漏洞学习实践二：Java的反射机制（Java Reflection）

http://www.polaris-lab.com/index.php/archives/450/

 

Writeup – El33t Articles Hub (Pragyan CTF)

https://advancedpersistentjest.com/2018/03/04/writeup-el33t-articles-hub-pragyan-ctf/

 

subprocess 参数绑定与命令注入

https://strcpy.me/index.php/archives/787/

 

渗透的本质是信息搜集（第一季）

https://www.secpulse.com/archives/68959.html

 

漏洞分析与实践之基于SAML实现的单点登录系统

http://avfisher.win/archives/906

 

绕过某cms自定义检查函数的sql注入

https://xianzhi.aliyun.com/forum/topic/2094

 

Hacking into NET router for fun and profit

https://mthbernardes.github.io/persistence/2018/03/02/hacking-into-NET-router-for-fun-and-profit.html

 

CrawlBox – Easy Way To Brute-Force Web Directory.

https://www.kitploit.com/2018/03/crawlbox-easy-way-to-brute-force-web.html?utm_content=buffere18ed&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

 

WAScan – Web Application Scanner

https://www.kitploit.com/2018/02/wascan-web-application-scanner.html

 

OSINT工具：为LinkedIn上的公司生成用户名单

https://github.com/initstring/linkedin2username