热点概要:大疆推出无人机漏洞奖励计划、利用PowerShell代码注入漏洞绕过Constrained Language模式、comission:白盒CMS分析(目前支持Wordpress、Drupal)、XSS脑图分享、Kronos恶意软件分析(part 2)
资讯类:
大疆推出无人机漏洞奖励计划
https://threatpost.com/dji-launches-drone-bug-bounty-program/127696/
为了应对国际制裁,朝鲜选择窃取比特币?
http://www.securityweek.com/north-korea-accused-stealing-bitcoin-bolster-finances
技术类:
利用PowerShell代码注入漏洞绕过Constrained Language模式
http://www.exploit-monday.com/2017/08/exploiting-powershell-code-injection.html
comission:白盒CMS分析(目前支持Wordpress、Drupal)
https://github.com/Intrinsec/comission
基于Powershell的Windows安全审计工具箱
https://github.com/A-mIn3/WINspect
TLS握手协议分析与理解——某HTTPS请求流量包分析
XSS脑图分享
https://raw.githubusercontent.com/jhaddix/XSS.png/master/XSS2.png
360烽火实验室:“WireX Botnet”事件Android样本分析报告
http://bobao.360.cn/learning/detail/4326.html
【安全工具】LANs.py:注入代码,jam wifi,监控wifi用户
https://github.com/DanMcInerney/LANs.py
Kronos恶意软件分析(part 2)
https://blog.malwarebytes.com/cybercrime/2017/08/inside-kronos-malware-p2/
x64dbg:针对Windows的开源x64/x32debugger
Vulnerable Docker VM
https://www.notsosecure.com/vulnerable-docker-vm/
WordPress SQLi
https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
Telling Your Secrets Without Page Faults:Stealthy Page Table-Based Attacks on Enclaved Execution
https://argp.github.io/public/b81efa3a4c5826fa441852bd63a402c6.pdf
Disabling Intel ME 11 via undocumented mode
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
Inside the Massive 711 Million Record Onliner Spambot Dump
https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/
restic cryptography
https://blog.filippo.io/restic-cryptography/
Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-sanchez-rola.pdf