热点概要:美国黑帽大会上披露Cisco Autonomic Networking漏洞、维基解密公布CIA开发的针对MacOS和Linux系统的黑客工具、Black Hat USA 2017 议题PPT下载(部分)、CVE-2017-5698 (Intel AMT) exploit、看雪CTF2017学习记录整理系列5
资讯类:
维基解密公布CIA开发的针对MacOS和Linux系统的黑客工具
http://thehackernews.com/2017/07/linux-macos-hacking-tools.html
技术类:
美国黑帽大会上披露Cisco Autonomic Networking漏洞
http://www.securityweek.com/unpatched-cisco-autonomic-networking-flaws-disclosed-black-hat
WiFi渗透测试电子书
https://rootsh3ll.com/product/kali-linux-wireless-pentesting-security-ebook/
Cracking the Lens:针对HTTP的隐藏攻击面
http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html
Awesome Web Security
https://github.com/qazbnm456/awesome-web-security
Black Hat USA 2017 议题PPT下载(部分)
https://www.blackhat.com/us-17/briefings.html
CVE-2017-8464:LNK Remote Code Execution Vulnerability,Python exp
https://github.com/nixawk/labs/blob/master/CVE-2017-8464/exploit_CVE-2017-8464.py
Web cache deception Attack
https://www.blackhat.com/docs/us-17/wednesday/us-17-Gil-Web-Cache-Deception-Attack-wp.pdf
Morten Schenk在Black Hat 2017披露Windows 10 内核利用
跨站点请求伪造(CSRF)你必须要知道的知识点
https://www.darknet.org.uk/2017/07/all-you-need-to-know-about-cross-site-request-forgery-csrf/
CLR-Injection
https://github.com/3gstudent/CLR-Injection
BlueSpoof:跨平台magstripe欺骗工具
https://salmg.net/2017/06/13/bluespoof/
A New Era of SSRF-Exploiting URL Parser in Trending Programming Languages!
攻击用户Docker容器隐藏、权限维持、植入恶意软件
https://threatpost.com/attack-uses-docker-containers-to-hide-persist-plant-malware/126992/
CVE-2017-5698 (Intel AMT) exploit
https://github.com/embedi/amt_auth_bypass_poc
Supervisor Authenticated远程代码执行漏洞
https://blogs.securiteam.com/index.php/archives/3348
阿里云安骑士 webshell规则逆向
腾讯云 webshell检测规则逆向
Docker Security最佳实践电子书
https://www.sqreen.io/resources/docker-security-best-practices
Metasploit for Machine Learning: Deep-Pwning
https://n0where.net/metasploit-for-machine-learning-deep-pwning/
看雪CTF2017学习记录整理系列5
https://weiyiling.cn/one/pediy_ctf2017-5