【知识】5月17日 - 每日安全知识热点

360安全客 安全知识 64757 4

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:一波未平一波又起!影子经纪人宣称每月将定期出售NSA黑客工具为什么钓鱼攻击能够成功您的ePub阅读器是否足够安全?分析Microsoft Office的攻击面Hidden Alternative Data Streams的进阶利用技巧利用互斥体阻断想哭蠕虫,实现联网升级、您的ePub阅读器是否足够安全?


资讯类:

“影子经纪人”将放出更多0day漏洞 支持月度付款

http://thehackernews.com/2017/05/shodow-brokers-wannacry-hacking.html

贝尔加拿大公司遭入侵:神秘黑客席卷200万账户详情

http://www.theregister.co.uk/2017/05/16/bell_canada_quieting_fears_post_data_heist/

技术类:

一波未平一波又起!影子经纪人宣称每月将定期出售NSA黑客工具

http://bobao.360.cn/news/detail/4169.html 

https://steemit.com/shadowbrokers/@theshadowbrokers/oh-lordy-comey-wanna-cry-edition

PVS-Studio团队公开表示愿意改善Tizen项目的安全性

https://developer.tizen.org/forums/general-support/pvs-studio-team-willing-work-on-improving-tizen-project-open-letter

为什么钓鱼攻击能够成功

https://ttmm.io/tech/why-phishing-attacks-succeed/

SSH 中间人工具 v1.0

https://github.com/jtesta/ssh-mitm

渗透测试亚马逊简单存储服务AMAZON S3

https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-storage/

您的ePub阅读器是否足够安全?

https://shhnjk.blogspot.jp/2017/05/is-your-epub-reader-secure-enough.html

MacroMeter – VBA Reversed TCP Meterpreter Stager

https://github.com/Cn33liz/MacroMeter/blob/master/MacroMeter.vba

你需要知道的http header中的安全属性

https://blog.appcanary.com/2017/http-security-headers.html

web开发者的安全书单

https://simplesecurity.sensedeep.com/web-developer-security-checklist-f2e4f43c9c56

hack虚拟内存:malloc,堆和程序中断

https://blog.holbertonschool.com/hack-the-virtual-memory-malloc-the-heap-the-program-break/

sniffROM:一个用于被动式数据捕获和串行闪存芯片的工具

https://github.com/alainiamburg/sniffROM

在VBA中使用DLL改善宏的攻击功能

https://labs.mwrinfosecurity.com/blog/dll-tricks-with-vba-to-improve-offensive-macro-capability/

分析Microsoft Office的攻击面

https://0b3dcaf9-a-62cb3a1a-s-sites.googlegroups.com/site/zerodayresearch/Analysis_of_the_Attack_Surface_of_Microsoft_Office_from_User_Perspective_final.pdf

利用互斥体阻断想哭蠕虫,实现联网升级

http://www.4hou.com/technology/4793.html

WSSiP:WebSocket操作代理

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/may/wssip-a-websocket-manipulation-proxy/

Burp中的美化json的工具

https://blog.netspi.com/beautifying-json-in-burp/

法国总统选举:跟踪MACRONGATE的来源

https://www.qurium.org/alerts/france/tracing_macrongate_source/

iOS 10.3.2修复了大量CVE漏洞

https://support.apple.com/en-us/HT207798

MySQL SQL Injection速查表

http://www.sqlinjectionwiki.com/Categories/2/mysql-sql-injection-cheat-sheet/

Hidden Alternative Data Streams的进阶利用技巧

http://www.4hou.com/technology/4783.html

Adobe Flash: Out-of-bounds read in getting TextField width

https://bugs.chromium.org/p/project-zero/issues/detail?id=1211

Adobe Flash: Out-of-bounds read in AVC deblocking

https://bugs.chromium.org/p/project-zero/issues/detail?id=1171

Adobe Flash: Heap Corruption in Margin Handling

https://bugs.chromium.org/p/project-zero/issues/detail?id=1174

Adobe Flash: Out-of-bounds write in hit test

https://bugs.chromium.org/p/project-zero/issues/detail?id=1210

(完)