【知识】9月25日 - 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:Python PyYAML反序列化漏洞实验和Payload构造、FLIR系统存在多处漏洞、Sentora/ZPanel密码重置漏洞、beef+msf实现内网渗透 、我是如何拿到google 13337刀赏金的

国内热词(以下内容部分来自:http://www.solidot.org/ )

微软和 Canonical 合作构建定制 Linux 内核

Adobe 安全团队不小心公开了他们的私钥


技术类:

Python PyYAML反序列化漏洞实验和Payload构造

http://www.polaris-lab.com/index.php/archives/375/ 

Python反序列化漏洞浅析与利用(pickle模块)

https://dan.lousqui.fr/explaining-and-exploiting-deserialization-vulnerability-with-python-en.html 

FLIR系统存在多处漏洞

https://blogs.securiteam.com/index.php/archives/3411 

CLKSCREW: 可持续能源管理暴露的安全风险

https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/tang 

Sentora/ZPanel密码重置漏洞

https://blogs.securiteam.com/index.php/archives/3386 


向运行的Python进程中注入代码

https://github.com/lmacken/pyrasite

我是如何拿到google 13337刀赏金的

https://thesecurityexperts.wordpress.com/2017/09/24/how-i-got-13337-bounty-from-google/ 

Linux堆漏洞利用系列:1字节溢出

https://sensepost.com/blog/2017/linux-heap-exploitation-intro-series-the-magicians-cape-1-byte-overflow/ 

在社交平台(Facebook)上发布登机牌的信息可能导致你的账户信息被盗用

https://www.michalspacek.com/post-a-boarding-pass-on-facebook-get-your-account-stolen 

beef+msf实现内网渗透 

http://foreversong.cn/archives/470 

A web viewer for RF spectrum data

https://github.com/acg/spectool-web 

Starting in cybersecurity?Here are my few tips on how to get started on the technical side of computer hacking

https://blog.0day.rocks/starting-in-cybersecurity-5b02d827fb54 

dbghost.exe – Ghost And The Darkness 

http://subt0x10.blogspot.co.uk/2017/09/dbghostexe-ghost-in-darkness.html 

(完)