热点概要:WordPress 4.8.1存在存储型XSS漏洞、ZNIU:首款利用Dirty COW漏洞的Android恶意软件、HP iLO远程代码执行漏洞分析、编写自己的JEB2插件、Derbycon 2017视频
国内热词(以下内容部分来自:http://www.solidot.org/ )
如果数据是新时代的石油,我们就白白的被科技公司抢劫?
微软首次同时发布 Windows 和 Linux 版的 SQL Server
技术类:
WordPress 4.8.1存在存储型XSS漏洞
https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
ZNIU:首款利用Dirty COW漏洞的Android恶意软件
中文翻译见:http://bobao.360.cn/learning/detail/4484.html
HP iLO远程代码执行漏洞分析
https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html
编写自己的JEB2插件
http://mp.weixin.qq.com/s/oz2Wf8TA6aVmLbg_2NISSg
Sysdig Inspect:容器故障排除和安全排查的图形化程序
https://sysdig.com/blog/sysdig-inspect/
Meteor allow/deny漏洞分析
https://blog.meteor.com/meteor-allow-deny-vulnerability-disclosure-baf398f47b25
Derbycon 2017视频
http://www.irongeek.com/i.php?page=videos/derbycon7/mainlist
Linux/x86_64 – mkdir() 'evil' Shellcode (30 bytes)
https://www.exploit-db.com/exploits/42791/
ProcDOT:可视化恶意软件分析
https://n0where.net/visual-malware-analysis-procdot/
Time Travel Debugging现在在WinDbg Preview版中已经可以使用了
https://blogs.msdn.microsoft.com/windbg/2017/09/25/time-travel-debugging-in-windbg-preview/
NodeJS Debugger命令注入exp(Metasploit模块)
https://www.exploit-db.com/exploits/42793/
McAfee Labs威胁报告(2017年9月)
https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-sept-2017.pdf
通过Debuggers攻击Android应用程序
https://blog.netspi.com/attacking-android-applications-with-debuggers/
Revealing the content of the address bar (IE)
https://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/
DNS Tunneling with Burp Collaborator
https://blog.netspi.com/dns-tunneling-with-burp-collaborator/
Metasploitable 3: Exploiting HTTP PUT
http://www.hackingtutorials.org/exploit-tutorials/metasploitable-3-exploiting-http-put/
CVE-2017-1000253:Linux PIE/stack corruption
https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
通过Twitter构建CC服务器
https://pentestlab.blog/2017/09/26/command-and-control-twitter/
用Instana监控Python