热点概要:Samba远程代码执行漏洞(CVE-2017-7494)分析、可靠的发现和利用Java反序列化漏洞、Pwn2own漏洞分享系列:利用macOS内核漏洞逃逸Safari沙盒 、macOS下Nylas邮件客户端的命令执行漏洞、ios开发中常见的安全漏洞 、chrome V8 越界读写漏洞分析、利用可信文档实现PDF UXSS、利用DNS隧道进行C&C通信
资讯类:
在Samba潜伏7年的可蠕虫的远程代码执行漏洞
技术类:
Samba远程代码执行漏洞(CVE-2017-7494)公告
https://lists.samba.org/archive/samba-announce/2017/000406.html
Samba远程代码执行漏洞(CVE-2017-7494)分析
http://bobao.360.cn/learning/detail/3900.html
可靠的发现和利用Java反序列化漏洞
对亚洲大型apt组织OceanLotus的跟踪分析
wordpress漏洞利用框架
https://github.com/rastating/wordpress-exploit-framework
Auto Hooks Spider
http://www.thinkings.org/2017/05/24/auto-hooks-spider.html
Pwn2own漏洞分享系列:利用macOS内核漏洞逃逸Safari沙盒
http://blogs.360.cn/blog/pwn2own-using-macos-kernel-vuln-escape-from-safari-sandbox/
macOS下Nylas邮件客户端的命令执行漏洞
http://elladodelnovato.blogspot.com.es/2017/05/nylas-mail-command-injection-on-macos.html
ios开发中常见的安全漏洞
https://github.com/felixgr/secure-ios-app-dev
那些你不知道的爬虫反爬虫套路
Linux查杀木马经验总结
http://qicheng0211.blog.51cto.com/3958621/1928738
chrome V8 越界读写漏洞分析
https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/
NTP,SSDP和DNS放大攻击简述
https://blog.cloudflare.com/reflections-on-reflections/
File2pcap:通过模拟流量并创建合适的pcap文件
http://blog.talosintelligence.com/2017/05/file2pcap.html
chrome V8 越界读写漏洞分析
https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/
如何加固你的网络环境
https://www.appsecconsulting.com/blog/get-back-to-basics-before-you-get-pwned
Trend Micro ServerProtect多个漏洞
https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities
利用可信文档实现PDF UXSS
http://insert-script.blogspot.co.at/2017/05/pdf-fdf-uxss-via-trusted-document.html
MS Edge:Exploiting MS16-145: MS Edge TypedArray.sort Use-After-Free (CVE-2016-7288)
Firefox:在Firefox中利用Cross-mmap溢出
https://saelo.github.io/posts/firefox-script-loader-overflow.html
Safari:Pwn2Own 2017: UAF in JSC::CachedCall (WebKit)
https://phoenhex.re/2017-05-04/pwn2own17-cachedcall-uaf
Chrome:Out-of-bounds read in V8 Array.concat
https://bugs.chromium.org/p/chromium/issues/detail?id=682194
利用DNS隧道进行C&C通信
https://securelist.com/blog/research/78203/use-of-dns-tunneling-for-cc-communications/
libtiff发布更新修复OSS-Fuzz报送的11个bug
http://www.simplesystems.org/libtiff/v4.0.8.html
Windows Kernel Pool Spraying
http://trackwatch.com/windows-kernel-pool-spraying/
WebKit: UXSS via Editor::Command::execute
https://bugs.chromium.org/p/project-zero/issues/detail?id=1133