热点概要:Python PyYAML反序列化漏洞实验和Payload构造、FLIR系统存在多处漏洞、Sentora/ZPanel密码重置漏洞、beef+msf实现内网渗透 、我是如何拿到google 13337刀赏金的
国内热词(以下内容部分来自:http://www.solidot.org/ )
微软和 Canonical 合作构建定制 Linux 内核
Adobe 安全团队不小心公开了他们的私钥
技术类:
Python PyYAML反序列化漏洞实验和Payload构造
http://www.polaris-lab.com/index.php/archives/375/
Python反序列化漏洞浅析与利用(pickle模块)
https://dan.lousqui.fr/explaining-and-exploiting-deserialization-vulnerability-with-python-en.html
FLIR系统存在多处漏洞
https://blogs.securiteam.com/index.php/archives/3411
CLKSCREW: 可持续能源管理暴露的安全风险
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/tang
Sentora/ZPanel密码重置漏洞
https://blogs.securiteam.com/index.php/archives/3386
向运行的Python进程中注入代码
https://github.com/lmacken/pyrasite
我是如何拿到google 13337刀赏金的
https://thesecurityexperts.wordpress.com/2017/09/24/how-i-got-13337-bounty-from-google/
Linux堆漏洞利用系列:1字节溢出
在社交平台(Facebook)上发布登机牌的信息可能导致你的账户信息被盗用
https://www.michalspacek.com/post-a-boarding-pass-on-facebook-get-your-account-stolen
beef+msf实现内网渗透
http://foreversong.cn/archives/470
A web viewer for RF spectrum data
https://github.com/acg/spectool-web
Starting in cybersecurity?Here are my few tips on how to get started on the technical side of computer hacking
https://blog.0day.rocks/starting-in-cybersecurity-5b02d827fb54
dbghost.exe – Ghost And The Darkness
http://subt0x10.blogspot.co.uk/2017/09/dbghostexe-ghost-in-darkness.html