热点概要:rdp攻击手法:RDPInception、Eternal Champion Exploit分析、PhantomJS图片渲染XSS漏洞升级为SSRF/Local-File Read、Tomcat 源代码调试 – 看不见的 Shell 第二式之隐藏任意 Jsp 文件、hackerone今年有趣的6个漏洞、初学者的逆向指南:绕过SIGTRAP、读取IOS应用程序二进制文件、黑入Virgin Media Super Hub、
资讯类:
影子经纪人为月度漏洞计划发出第一轮漏洞
http://securityaffairs.co/wordpress/60525/hacking/shadow-brokers-june-dump.html
技术类:
RDPInception:一种的rdp攻击手法
https://www.mdsec.co.uk/2017/06/rdpinception/
RDPInception – The Dangers of TSCLIENT
https://www.youtube.com/watch?v=uLFBpdjrXx0
Eternal Champion Exploit分析
https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis/
读取IOS应用程序二进制文件
https://appscreener.us/blog/?code=reading-ios-app-binary-files
初学者的逆向指南:绕过SIGTRAP
https://0x00sec.org/t/re-guide-for-beginners-bypassing-sigtrap/2648
读取IOS应用程序二进制文件
https://appscreener.us/blog/?code=reading-ios-app-binary-files
PhantomJS图片渲染XSS漏洞升级为SSRF/Local-File Read
http://buer.haus/2017/06/29/escalating-xss-in-phantomjs-image-rendering-to-ssrflocal-file-read/
Tomcat 源代码调试 – 看不见的 Shell 第二式之隐藏任意 Jsp 文件
Offensive ICS Exploitation: A Description of an ICS CTF
https://labs.mwrinfosecurity.com/blog/offensive-ics-exploitation-a-technical-description
可以在Linux和macos下结束TCP连接的小工具
https://github.com/google/tcp_killer
hackerone今年有趣的6个漏洞
https://flexport.engineering/six-vulnerabilities-from-a-year-of-hackerone-808d8bfa0014
Python Meterpreter OSX Railgun
https://github.com/rapid7/metasploit-framework/pull/8631
黑入Virgin Media Super Hub