热点概要:深入了解AWS S3访问控制机制、Eternal Synergy Exploit Analysis、使用Metasploit – Avast在OSX 10.11上绕过杀软、用于Rekall的Glibc堆分析插件、规避受保护的视图利用Excle文档进行网络钓鱼、BootStomp:关于移动设备中引导加载程序的安全性分析、CIA“摩天计划”如何在没有互联网的情况下窃取被入侵手机的信息
资讯类:
CIA“摩天计划”如何在没有互联网的情况下窃取被入侵手机的信息
http://thehackernews.com/2017/07/cia-smartphone-hacking-tool.html
三星的Tizen OS被爆在大量bug
http://thehackernews.com/2017/07/samsung-tizen-os-security.html
技术类:
深入了解AWS S3访问控制机制
使用Metasploit – Avast在OSX 10.11上绕过杀软
https://astr0baby.wordpress.com/2017/07/13/bypassing-antivirus-on-osx-10-11-with-metasploit-avast/
利用CVE-2017-7308解决后渗透问题
https://www.coresecurity.com/blog/solving-post-exploitation-issue-cve-2017-7308
CVE-2017-9417:利用nitayart的Broadpwn错误造成手机崩溃
http://boosterok.com/blog/broadpwn2/
Kerberos漏洞:Orpheus' Lyre
https://www.orpheus-lyre.info/
【安全工具】smap:Shellcode Mapper
https://github.com/suraj-root/smap
Windows: Bad Fix for COM Session Moniker EoP
https://bugs.chromium.org/p/project-zero/issues/detail?id=1224
规避受保护的视图利用Excle文档进行网络钓鱼
https://posts.specterops.io/phishing-against-protected-view-enigma0x3-on-wordpress-com-eed399fca512
逆向分析一行有趣的JavaScript代码
https://www.alexkras.com/reverse-engineering-one-line-of-javascript/
分析Torrent Repack恶意软件
http://mrexodia.cf/reversing/2017/07/12/Analyzing-torrent-repack-malware
CloudFlare, SSL and unhealthy security absolutism
https://www.troyhunt.com/cloudflare-ssl-and-unhealthy-security-absolutism/
BootStomp:关于移动设备中引导加载程序的安全性分析
http://cs.ucsb.edu/~yanick/publications/2017_sec_bootstomp.pdf
用于Rekall的Glibc堆分析插件
https://insinuator.net/2017/07/release-of-glibc-heap-analysis-plugins-for-rekall/
Captain Hook: Pirating AVs to Bypass Exploit Mitigations
https://www.slideshare.net/enSilo/captain-hook-pirating-avs-to-bypass-exploit-mitigations-64790333
Eternal Synergy Exploit Analysis
https://blogs.technet.microsoft.com/srd/2017/07/13/eternal-synergy-exploit-analysis/