热点概要:海莲花团伙的活动新趋势、无弹窗渗透测试实验、如何构建自己的渗透测试实验环境、SDN渗透测试实践、Radium-Keylogger:基于Python的多功能键盘记录器、监控Windows控制台活动、FFMPEG任意文件读取漏洞靶场搭建过程
资讯类:
中国黑客组织DragonOK被指采用新的传播技术
http://www.securityweek.com/china-linked-khrat-operators-adopt-new-delivery-techniques
技术类:
海莲花团伙的活动新趋势
http://bobao.360.cn/learning/detail/4353.html
无弹窗渗透测试实验
https://xianzhi.aliyun.com/forum/read/2061.html
WMI探索
http://community.idera.com/powershell/powertips/b/tips/posts/explore-wmi
如何构建自己的渗透测试实验环境
https://www.deepdotweb.com/2017/09/04/setup-pentest-lab
SDN渗透测试实践
http://nss.kaist.ac.kr/?page_id=50
http://www.kitploit.com/2017/09/sdnpwn-sdn-penetration-testing-toolkit.html
VulnHub Boot2Root/CTF – Samba 2.2.x RCE
https://www.jimwilbur.com/2017/09/kioptrix-level-1-walkthrough-vulnhub/
KCon 2017 PPT(部分议题)
https://github.com/knownsec/KCon/tree/master/2017
基于Web的OSINT和主动侦察工具包
https://github.com/ex0dus-0x/D0xk1t
Radium-Keylogger:基于Python的多功能键盘记录器
https://github.com/mehulj94/Radium-Keylogger
监控Windows控制台活动
Open-Source DFIR Made Easy: The Setup
http://cyberforensicator.com/2017/09/04/open-source-dfir-made-easy-the-setup/
A journey into Radare 2 – Part 2: Exploitation
https://www.megabeets.net/a-journey-into-radare-2-part-2/
Injecting missing methods at runtime
https://www.hopperapp.com/blog/?p=219
OSCE/CTP Prep Guide
Tokyo Westerns CTF 2017 writeup
https://github.com/scwuaptx/CTF/tree/master/2017-writeup/twctf
DLL Injection with SetThreadContext
https://blogs.microsoft.co.il/pavely/2017/09/05/dll-injection-with-setthreadcontext/
FFMPEG任意文件读取漏洞靶场搭建过程
http://www.4hou.com/vulnerable/7538.html
从MS08-067到永恒之蓝