热点概要:再次认识Intel AMT漏洞、Ode to the use-after-free: one vulnerable function, a thousand possibilities、PHP-CGI远程代码执行漏洞(CVE-2012-1823)分析 、在iOS应用程序中使用Frida绕过越狱检测、详细解析PHP mail()函数漏洞利用技巧
资讯类:
法国总统大选在即 候选人马克龙9 GB 邮件遭曝光
技术类:
再次认识Intel AMT漏洞
https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
Qubes 安全公告:修复了与PV存储器相关的高危漏洞
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-030-2017.txt
Ode to the use-after-free: one vulnerable function, a thousand possibilities
https://scarybeastsecurity.blogspot.com/2017/05/ode-to-use-after-free-one-vulnerable.html
对Pawn Storm 网络间谍组织的跟踪分析
https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf
对移动设备安全性的研究
DNS的一个特性:DNSAdmin to DC compromise in one line
https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-one-line-a0f779b8dc83
端口扫描的小工具
https://github.com/vesche/scanless
CVE-2017-3305:mysql Client 和 Server端存在MITM漏洞
PHP-CGI远程代码执行漏洞(CVE-2012-1823)分析
https://www.leavesongs.com/PENETRATION/php-cgi-cve-2012-1823.html
TrustZone安全技术研究
XSS Bypass Cookbook ver 3.0
http://www.math1as.com/index.php/archives/426/
Ursnif反分析技术并绕过它们的方法
http://www.iij.ad.jp/en/company/development/iir/pdf/iir_vol34_EN.pdf
浏览器的XSS过滤器bypass表
https://github.com/masatokinugawa/filterbypass/wiki/Browser's-XSS-Filter-Bypass-Cheat-Sheet
CISO&SOC指南:检测和停止数据外带via DNS
BSidesCBR 2017 CTF Write-Up: Needleinahaystack
https://paulsec.github.io/blog/2017/05/06/bsidescbr-2017-ctf-write-up-needleinahaystack/
在iOS应用程序中使用Frida绕过越狱检测
http://blog.attify.com/2017/05/06/bypass-jailbreak-detection-frida-ios-applications/
维基解密发布“阿基米德”:用来攻击在办公室使用的局域网(LAN)中的计算机
https://wikileaks.org/vault7/#Archimedes
详细解析PHP mail()函数漏洞利用技巧
http://bobao.360.cn/learning/detail/3818.html
MySQL False注入及技巧总结