【知识】7月31日 - 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:如何利用GitHub Enterprise的4个漏洞,从SSRF到远程代码执行、sThisLegit、Phinn:新型开源钓鱼工具、如何使用Burp Suite模糊测试SQL注入、XSS、命令执行漏洞、CVE-2016-6195:vBulletin插件forumrunner(默认开启)SQL注入漏洞exp、DEFCON25会议PPT下载、Breaking Bitcoin Hardware Wallets


国内热词(以下内容部分摘自http://www.solidot.org/ ):

机器人半小时内破解保险箱密码

资讯类:

通过一个15美元的磁铁hacking价值1500美元的“智能手枪”

http://thehackernews.com/2017/07/smart-gun-hacking.html 

技术类:

Skype-Type:一款keyboard acoustic eavesdropping工具

https://github.com/SPRITZ-Research-Group/Skype-Type 

如何使用Burp Suite模糊测试SQL注入、XSS、命令执行漏洞

http://www.hackingarticles.in/fuzzing-sqlxss-command-injection-using-burp-suite/ 

如何利用GitHub Enterprise的4个漏洞,从SSRF到远程代码执行

http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html 

Breaking the x86 ISA

https://github.com/xoreaxeaxeax/sandsifter/blob/master/references/domas_breaking_the_x86_isa_wp.pdf 

sThisLegit、Phinn:新型开源钓鱼工具

https://duo.com/blog/new-open-source-phishing-tools-isthislegit-and-phinn 

Brida:使用Frida进行移动应用渗透测试

https://techblog.mediaservice.net/2017/07/brida-advanced-mobile-application-penetration-testing-with-frida/ 

Augur REP Token严重漏洞披露

https://blog.zeppelin.solutions/augur-rep-token-critical-vulnerability-disclosure-3d8bdffd79d2 

Email身份认证失败

https://www.grepular.com/Email_Authentication_Failure 

Searching For Phrases in Base64-encoded Strings

https://michaelveenstra.com/2017/07/27/searching-for-phrases-in-base64-encoded-strings/ 

spacebin:a proof-of-concept malware that exfiltrates data (from No Direct Internet Access environments) via triggering AV on the endpoint and then communicating back from the AV's cloud component. 

https://github.com/SafeBreach-Labs/spacebin 

CVE-2016-6195:vBulletin插件forumrunner(默认开启)SQL注入漏洞exp

https://github.com/drewlong/vbully/blob/master/vbully 

DEFCON25会议PPT下载

https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/ 


Petya 内网传播分析

http://purpleroc.com/MD/2017-06-28@How%20does%20Petya%20spread%20in%20LAN.html 

如何使用Fuzzing挖掘ImageMagick的漏洞

https://github.com/lcatro/Fuzzing-ImageMagick/blob/master/%E5%A6%82%E4%BD%95%E4%BD%BF%E7%94%A8Fuzzing%E6%8C%96%E6%8E%98ImageMagick%E7%9A%84%E6%BC%8F%E6%B4%9E.md 


Man-in-the-middle wireless access point inside a docker container

https://github.com/brannondorsey/mitm-router 

Breaking Bitcoin Hardware Wallets

https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Datko-and-Quartier-Breaking-Bitcoin-Hardware-Wallets.pdf 

arm64汇编crash课程

https://github.com/Siguza/ios-resources/blob/master/bits/arm64.md 

(完)