热点概要:DHS团队成功黑掉波音757、CVE-2017-13089 Wget HTTP整数溢出、通过搜索控件预览缓存获取私密推特、伪造密码段绕过浏览器安全警告、数据线间谍设备、子域名渗透测试手册、Tor网络的信息收集、Powershell脚本的混淆与反混淆。
资讯类:
Web扩展与其安全性浅谈
https://palant.de/2017/11/11/on-web-extensions-shortcomings-and-their-impact-on-add-on-security
勒索软件周报:Cobra,Lockcrypt等
https://www.bleepingcomputer.com/news/security/new-cobra-crysis-ransomware-variant-released/
DHS团队成功黑掉波音757
https://www.bleepingcomputer.com/news/security/dhs-team-hacks-a-boeing-757/
技术类:
Powershell之劫持数字签名
https://pentestlab.blog/2017/11/08/hijack-digital-signatures-powershell-script/
CVE-2017-13089 Wget HTTP整数溢出
https://xorl.wordpress.com/2017/11/11/cve-2017-13089-wget-http-integer-overflow/
子域名渗透测试手册
https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6
Tor网络的信息收集
https://vallejo.cc/2017/11/11/using-gathering-information-tools-through-tor-network/
通过搜索控件预览缓存获取私密推特
https://hackerone.com/reports/263760
谷歌验证码破解实例
http://rickyhan.com/jekyll/update/2017/11/10/bypassing-recaptcha.html
Radiocarbon泄漏信息分析工具
https://github.com/Neo23x0/radiocarbon
Chrome List Item Marker RCE漏洞
https://bugs.chromium.org/p/chromium/issues/detail?id=684684
数据线间谍设备
https://ha.cking.ch/s8_data_line_locator/#s8-data-line-locator-capabilities
Powershell脚本的混淆与反混淆
伪造密码段绕过浏览器安全警告
https://www.troyhunt.com/bypassing-browser-security-warnings-with-pseudo-password-fields/