热点概要:ShadowBrokers再一次回归,只要10万欧元(500 ZEC)就可以获得十月度的漏洞利用工具、Basics of Tracking WMI Activity、BlackBerry Workspaces服务器远程代码执行漏洞分析、Passionfruit:iOS应用黑盒评估工具、Exploiting on CVE-2016-6787、利用内存破坏实现Python沙盒逃逸
国内热词(以下内容部分来自:http://www.solidot.org/ )
KRACK 攻击能解密 Android 设备传输的数据,OpenBSD 提前释出补丁
世人不再嘲笑朝鲜的网络战力量
WPA2 协议漏洞让 Wi-Fi 流量能被攻击者监听
资讯类:
ShadowBrokers再一次回归,只要10万欧元(500 ZEC)就可以获得十月度的漏洞利用工具
https://steemit.com/shadowbrokers/@theshadowbrokers/october-price-adjustment
技术类:
Basics of Tracking WMI Activity
https://www.darkoperator.com/blog/2017/10/14/basics-of-tracking-wmi-activity
利用内存破坏实现Python沙盒逃逸
https://mp.weixin.qq.com/s/s9fAskmp4Bb42OYsiQJFaw
BlackBerry Workspaces服务器远程代码执行漏洞分析
ROCA: Vulnerable RSA generation (CVE-2017-15361)
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
BlackOasis APT和利用0day的新目标攻击
https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/
https://exchange.xforce.ibmcloud.com/collection/9ffcf4ce159e932cfe597695c1f44fe8?from=timeline
Vulnerability Patched in Democratic Donor Database
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
https://papers.mathyvanhoef.com/ccs2017.pdf
Call for WPA3 – what's wrong with WPA2 security and how to fix it
https://github.com/d33tah/call-for-wpa3/blob/master/README.md?t=1
Passionfruit:iOS应用黑盒评估工具
https://github.com/chaitin/passionfruit
Windows Kernel pool memory disclosure in nt!RtlpCopyLegacyContextX86
https://bugs.chromium.org/p/project-zero/issues/detail?id=1311
Exploiting on CVE-2016-6787
https://hardenedlinux.github.io/system-security/2017/10/16/Exploiting-on-CVE-2016-6787.html