热点概要:如何通过恶意插件在Atom中植入后门、Google CTF 2017 Quals Write-up、从用户模式读取内核内存、CVE-2017-8625:使用CHM bypass 设备防护UMCI、检测和缓解CVE-2017-0005权限提升exploit、CVE-2017-1000112:Linux local root exploit、读取64位进程中的内存信息
国内热词(以下内容部分摘自http://www.solidot.org/ ):
科学家创造基于 DNA 的计算机系统漏洞利用
Google 向扩展开发者警告钓鱼攻击
固件更新将智能锁变砖
资讯类:
APT28使用EternalBlue攻击欧洲、中东的酒店
https://threatpost.com/apt28-using-eternalblue-to-attack-hotels-in-europe-middle-east/127419/
技术类:
如何通过恶意插件在Atom中植入后门
http://blog.thinkst.com/2017/08/all-your-devs-are-belong-to-us-how-to.html
恶意软件分析:ElmersGlue勒索软件可以直接解锁而无需支付赎金
http://www.ringzerolabs.com/2017/07/elmersglue3exe.html
Google CTF 2017 Quals Write-up
https://drive.google.com/drive/folders/0BwMPuUHZOj0nZ2dGZS1KbWNGN0E
从用户模式读取内核内存
https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/
逆向恶意软件教程
https://securedorg.github.io/RE102/
https://securedorg.github.io/RE101/
钓鱼网站异常AES加密设计
http://www.ringzerolabs.com/2017/08/aes-encrypted-phishing-site.html
CVE-2017-8625:使用CHM bypass 设备防护UMCI
检测和缓解CVE-2017-0005权限提升exploit
适用于Linux/FreeBSD的漏洞扫描程序
https://github.com/future-architect/vuls
PowerSAP: PowerShell SAP安全审计工具
http://pentestit.com/powersap-sap-security-assessment/
读取64位进程中的内存信息
https://blog.didierstevens.com/2017/08/13/reading-memory-of-64-bit-processes/
CVE-2017-1000112:Linux local root exploit(includes KASLR and SMEP bypasses)
https://github.com/xairy/kernel-exploits/blob/master/CVE-2017-1000112/poc.c
WinREPL:x86 and x64 assembly "read-eval-print loop" for Windows
https://github.com/zerosum0x0/WinREPL
The end of the billion-user Password:Impossible
https://www.benthamsgaze.org/2017/08/11/the-end-of-the-billion-user-passwordimpossible/
When a web application SSRF causes the cloud to rain credentials & more
SQL Injection CTF with a difference
http://sqli-ctf.pajhome.org.uk/
Week of Evading Microsoft ATA – Day 5 – Attacking ATA, Closing thoughts and Microsoft's response
http://www.labofapenetrationtester.com/2017/08/week-of-evading-microsoft-ata-day5.html