热点概要:AutoTriageBot:针对hackerone的自动化验证漏洞报告开源项目、一个用于智能设备安全测试的BLE(Bluetooth Low Energy)扫描器、BaRMIe:枚举并且工具Java RMI (Remote Method Invocation)的开源工具、PHP7的安全模块、如何hook LuaJIT、当你像一个攻击者一样去思考时你将会成为一个优秀的Threat Hunter
国内热词(以下内容部分来自:http://www.solidot.org/ )
WhatsApp 被屏蔽
互联网上的黑暗角落
中国黑客攻击引起德国警觉
利用电源管理入侵 ARM TrustZone
资讯类:
谷歌测试5款主流浏览器 Safari最不安全
技术类:
AutoTriageBot:针对hackerone的自动化验证漏洞报告开源项目
https://engineering.salesforce.com/open-sourcing-autotriagebot-deced9933cd7
一个用于智能设备安全测试的BLE(Bluetooth Low Energy)扫描器
https://github.com/evilsocket/bleah
BaRMIe:枚举并且攻击Java RMI (Remote Method Invocation)的开源工具
https://github.com/NickstaDB/BaRMIe
PHP7的安全模块:Killing bugclasses and virtual-patching the rest!
https://snuffleupagus.readthedocs.io/
Great Hacking related Humble book Bundle
https://www.humblebundle.com/books/hacking-reloaded-books
Solidity anti-patterns: Fun with inheritance DAG abuse
https://pdaian.com/blog/solidity-anti-patterns-fun-with-inheritance-dag-abuse/
ROP介绍
https://medium.com/@iseethieves/intro-to-rop-rop-emporium-split-9b2ec6d4db08
Broadcom:处理802.11v WNM睡眠模式响应时存在堆溢出漏洞
https://bugs.chromium.org/p/project-zero/issues/detail?id=1288
[会议视频]Don't Google 'PowerShell Hunting'
https://www.youtube.com/watch?v=1mfVPLPxKTc
redsails:基于Python的后渗透测试工具,可以绕过安全监控和日志记录
https://github.com/BeetleChunks/redsails
如何hook LuaJIT
https://nickcano.com/hooking-luajit/
当你像一个攻击者一样去思考时你将会成为一个优秀的Threat Hunter
OSCP认证