热点概要:Tor启动Bug赏金计划、暗网著名黑市HANSA和Aiphabay被查查封、PandwaRF vs PandwaRF Rogue: 暴力破解攻击、如何分析CTF中逆向和Pwn题目、REcon 2017 议题PPT下载、WPScan 2.9.3 released!、BrowserBackdoor
资讯类:
Tor启动Bug赏金计划
http://thehackernews.com/2017/07/tor-bug-bounty-program.html
暗网著名黑市HANSA和Aiphabay被查查封
http://thehackernews.com/2017/07/alphabay-hansa-darkweb-markets-seized.html
技术类:
PandwaRF vs PandwaRF Rogue: 暴力破解攻击
https://www.youtube.com/watch?v=zKXKO7Zsa4Y
如何分析CTF中逆向和Pwn题目
https://github.com/jaybosamiya/security-notes
看我如何用假私钥欺骗赛门铁克
https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
使用CSP Auditor构建内容安全策略配置
http://gosecure.net/2017/07/20/building-a-content-security-policy-configuration-with-csp-auditor/
Android O中的Seccomp过滤器
https://android-developers.googleblog.com/2017/07/seccomp-filter-in-android-o.html
REcon 2017 议题PPT下载
https://recon.cx/2017/montreal/slides/
Some Ways To Create An Interactive Shell On Windows
http://reverse-tcp.xyz/2017/05/27/Some-Ways-To-Create-An-Interactive-Shell-On-Windows/
Breaking backwards compatibility: a 5 year old bug deep within Window
http://www.triplefault.io/2017/07/breaking-backwards-compatibility-5-year.html
Windows 10上的Device Guard
https://tyranidslair.blogspot.co.uk/2017/07/device-guard-on-windows-10-s_20.html
CVE to Exploit – CVE-2017-[0037 and 0059]
https://redr2e.com/cve-to-exploit-cve-2017-0037-and-0059/
WPScan 2.9.3 released!
https://github.com/wpscanteam/wpscan/releases/tag/2.9.3
MobSF:Mobile Security Framework
https://github.com/MobSF/Mobile-Security-Framework-MobSF
Debugging with GDB
https://azeria-labs.com/debugging-with-gdb-introduction/
GoodSAM – CSRF/Stored XSS Chain Full Disclosure
https://blog.jameshemmings.co.uk/2017/07/17/goodsam-csrfxss-chain-full-disclosure/
BrowserBackdoor
https://github.com/IMcPwn/browser-backdoo
Info Gathering via User Browser: Kunai
https://n0where.net/info-gathering-via-user-browser/
Windows security hole – the “Orpheus’ Lyre” attack explained
https://nakedsecurity.sophos.com/2017/07/19/windows-security-hole-the-orpheus-lyre-attack-explained/