热点概要:Spring WebFlow 远程代码执行漏洞分析(CVE-2017-4971)、警惕!黑客开始使用SambaCry漏洞入侵Linux系统、针对Symantec Messaging Gateway的漏洞挖掘,从弱口令到远程代码执行、从Linux到AD,读取SAMBA服务账号的几种方式、
资讯类:
警惕!黑客开始使用SambaCry漏洞入侵Linux系统
http://thehackernews.com/2017/06/linux-samba-vulnerability.html
技术类:
意外之旅#5:针对Symantec Messaging Gateway的漏洞挖掘,从弱口令到远程代码执行
https://pentest.blog/unexpected-journey-5-from-weak-password-to-rce-on-symantec-messaging-gateway/
如何通过WiFi热点实施网络钓鱼
http://xeushack.com/phishing-with-a-rogue-wifi-access-point
Pwn2Own: Safari sandbox part 1 – Mount yourself a root shell
https://phoenhex.re/2017-06-09/pwn2own-diskarbitrationd-privesc
从Linux到AD,读取SAMBA服务账号的几种方式
https://medium.com/@br4nsh/from-linux-to-ad-10efb529fae9
渗透测试实验环境搭建:通过Proxmox VE构建域环境
https://sethsec.blogspot.tw/2017/06/pentest-home-lab-0x2-building-your-ad.html
在Mac OS X中安装GNURadio
https://github.com/cfriedt/gnuradio-for-mac-without-macports
Spring WebFlow 远程代码执行漏洞分析(CVE-2017-4971)
https://threathunter.org/topic/593d562353ab369c55425a90
Linux增强型BPF(eBPF)跟踪工具
http://www.brendangregg.com/ebpf.html
Kali中优秀Wifi hacking工具TOP 10
http://www.hackingtutorials.org/wifi-hacking-tutorials/top-10-wifi-hacking-tools-in-kali-linux/
国外案例:通过登录受害者社交账号实施网络诈骗
https://badcyber.com/from-full-facebook-account-takeover-to-an-empty-bank-account/
HellRaiser漏洞扫描器
https://github.com/m0nad/HellRaiser
RED_HAWK:基于PHP实现的信息收集、SQL注入漏洞扫描工具