热点概要:官方Python包仓库中存在多款恶意软件库、在Windows中枚举进程,线程和映像加载通知回调例程、针对Flash应用程序的渗透测试、githubscan:GitHub敏感信息扫描工具、Cobalt Strike over external C2 – beacon home in the most obscure ways、Xdebug: A Tiny Attack Surface、
国内热词(一下内容部分来自:http://www.solidot.org/ )
PyPI 官方库被发现混入了名字相似的恶意模块
工程师因提供翻墙服务被拘留三天
报道称比特币平台负责人被限制离京
资讯类:
通过iCloud和iTunes解锁iPad/iPhone密码
https://www.facebook.com/groupflexi/videos/1473971595986171/
技术类:
pyDHE:一个完整的Python Diffie-Hellman库
https://github.com/deadPix3l/pyDHE
在Windows中枚举进程,线程和映像加载通知回调例程
http://www.triplefault.io/2017/09/enumerating-process-thread-and-image.html
官方Python包仓库中存在多款恶意软件库
http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/
针对Flash应用程序的渗透测试
https://privsec.blog/penetration-testing-flash-apps-aka-how-to-cheat-at-blackjack/
Wandering through the Shady Corners of VMware Workstation/Fusion
https://comsecuris.com/blog/posts/vmware_vgpu_shader_vulnerabilities/
githubscan:GitHub敏感信息扫描工具
https://github.com/lianfeng30/githubscan
Xdebug: A Tiny Attack Surface
https://ricterz.me/posts/Xdebug%3A%20A%20Tiny%20Attack%20Surface
挖漏洞的高级方法
http://jackson.thuraisamy.me/finding-vulnerabilities.html
解码器改进的Burp Suite插件发布
通过提升.NET应用实现UAC绕过
https://offsec.provadys.com/UAC-bypass-dotnet.html
LaZagne:浏览器密码凭证获取
https://github.com/AlessandroZ/LaZagne
Cobalt Strike over external C2 – beacon home in the most obscure ways
CVE-2016-0040:Privilege Escalation Exploit For WMI Receive Notification Vulnerability (x86-64)