热点概要:安全客2017季刊-第2期、IBM Informix DB-Access 缓冲区溢出漏洞、CVE-2017-4918:VMware Horizon的macOS客户端代码注入漏洞分析、Pwn2Own: Safari沙盒绕过实现macOS 10.12.4本地权限提升、多用户共享主机托管服务MongoDB可能存在的安全问题解析
资讯类:
【重磅推荐】安全客2017季刊-第2期,定制好礼等你拿!
http://bobao.360.cn/news/detail/4217.html
技术类:
多用户共享主机托管服务MongoDB可能存在的安全问题解析
https://medium.com/@alexbyk/mongodb-at-shared-hosting-security-surprises-c441ecb84b54
Pwn2Own: Safari沙盒绕过实现macOS 10.12.4本地权限提升
https://phoenhex.re/2017-07-06/pwn2own-sandbox-escape
使用.NET汇编编译方法绕过设备防护(Device Guard)
http://www.exploit-monday.com/2017/07/bypassing-device-guard-with-dotnet-methods.html
安全客2017季刊-第2期
http://bobao.360.cn/download/book/security-geek-2017-q2.pdf
Oracle OAM 10g 会话劫持
https://krbtgt.pw/oracle-oam-10g-session-hijacking/
IBM Informix DB-Access 缓冲区溢出漏洞
http://www.defensecode.com/advisories/DC-2017-04-001_IBM_Informix_DB-Access_Buffer_Overflow.pdf
利用JS加载.Net程序
WinPayloads:一个可以绕过安全检查的Windows payload生成器
https://charliedean.github.io/Winpayloads/
LFISuite:自动化LFI(本地文件包含)利用工具(反弹shell)+漏洞扫描
https://github.com/D35m0nd142/LFISuite
Adopting and Reducing Challenges of Content Security Policy (CSP) with Sentry
https://medium.com/sourceclear/content-security-policy-with-sentry-efb04f336f59
Categorisation is not a Security Boundary
https://www.mdsec.co.uk/2017/07/categorisation-is-not-a-security-boundary/
在glibc malloc中线程本地缓存
http://tukan.farm/2017/07/08/tcache/
King Phisher:钓鱼活动工具包
https://n0where.net/phishing-campaign-toolkit-king-phisher/
CVE-2017-4918:VMware Horizon的macOS客户端代码注入漏洞分析
https://bogner.sh/2017/07/cve-2017-4918-code-injection-in-vmware-horizons-macos-client/
如何删除文件的Metadata