热点概要:如何利用GitHub Enterprise的4个漏洞,从SSRF到远程代码执行、sThisLegit、Phinn:新型开源钓鱼工具、如何使用Burp Suite模糊测试SQL注入、XSS、命令执行漏洞、CVE-2016-6195:vBulletin插件forumrunner(默认开启)SQL注入漏洞exp、DEFCON25会议PPT下载、Breaking Bitcoin Hardware Wallets
国内热词(以下内容部分摘自http://www.solidot.org/ ):
机器人半小时内破解保险箱密码
资讯类:
通过一个15美元的磁铁hacking价值1500美元的“智能手枪”
http://thehackernews.com/2017/07/smart-gun-hacking.html
技术类:
Skype-Type:一款keyboard acoustic eavesdropping工具
https://github.com/SPRITZ-Research-Group/Skype-Type
如何使用Burp Suite模糊测试SQL注入、XSS、命令执行漏洞
http://www.hackingarticles.in/fuzzing-sqlxss-command-injection-using-burp-suite/
如何利用GitHub Enterprise的4个漏洞,从SSRF到远程代码执行
http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
Breaking the x86 ISA
https://github.com/xoreaxeaxeax/sandsifter/blob/master/references/domas_breaking_the_x86_isa_wp.pdf
sThisLegit、Phinn:新型开源钓鱼工具
https://duo.com/blog/new-open-source-phishing-tools-isthislegit-and-phinn
Brida:使用Frida进行移动应用渗透测试
Augur REP Token严重漏洞披露
https://blog.zeppelin.solutions/augur-rep-token-critical-vulnerability-disclosure-3d8bdffd79d2
Email身份认证失败
https://www.grepular.com/Email_Authentication_Failure
Searching For Phrases in Base64-encoded Strings
https://michaelveenstra.com/2017/07/27/searching-for-phrases-in-base64-encoded-strings/
spacebin:a proof-of-concept malware that exfiltrates data (from No Direct Internet Access environments) via triggering AV on the endpoint and then communicating back from the AV's cloud component.
https://github.com/SafeBreach-Labs/spacebin
CVE-2016-6195:vBulletin插件forumrunner(默认开启)SQL注入漏洞exp
https://github.com/drewlong/vbully/blob/master/vbully
DEFCON25会议PPT下载
https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/
Petya 内网传播分析
http://purpleroc.com/MD/2017-06-28@How%20does%20Petya%20spread%20in%20LAN.html
如何使用Fuzzing挖掘ImageMagick的漏洞
Man-in-the-middle wireless access point inside a docker container
https://github.com/brannondorsey/mitm-router
Breaking Bitcoin Hardware Wallets
arm64汇编crash课程
https://github.com/Siguza/ios-resources/blob/master/bits/arm64.md