【知识】9月6日 - 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:【漏洞预警】Apache Struts2插件高危漏洞(S2-052)、Struts2 S2-052 RCE分析与利用、Mastercard互联网网关服务:Hashing设计缺陷、Solaris to Linux Migration 2017ToorCon 19 – 2017 议题视频滥用可写Windows服务

资讯类:

【漏洞预警】Apache Struts2插件高危漏洞(S2-052)

http://bobao.360.cn/news/detail/4291.html 

技术类:

Mastercard互联网网关服务:Hashing设计缺陷

http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/ 

DIY监控程序: 滥用Apple的Call Relay协议

http://www.martinvigo.com/diy-spy-program-abusing-apple-call-relay-protocol/ 

High Sierra安全内核扩展加载存在安全隐患

https://objective-see.com/blog/blog_0x21.html 

ToorCon 19 – 2017 议题视频

https://www.youtube.com/playlist?list=PLR6Acteg0QHE0Yjs3jK2zzWjmGhUgsYUp 


滥用可写Windows服务

https://blog.didierstevens.com/2017/09/05/abusing-a-writable-windows-service/ 


使用QL去发现Apache Struts的远程代码执行漏洞(CVE-2017-9805)

https://lgtm.com/blog/apache_struts_CVE-2017-9805 

译文:

https://xianzhi.aliyun.com/forum/read/2067.html 


WiseGiga NAS多个漏洞

https://blogs.securiteam.com/index.php/archives/3402 


Struts2 S2-052 RCE分析与利用

https://mp.weixin.qq.com/s/PedD0NG2KLAKWbupzU8lrw 


通过静态分析检测Python Web应用程序中漏洞

https://github.com/python-security/pyt 


C# DLL注入指南

http://www.codingvision.net/miscellaneous/c-inject-a-dll-into-a-process-w-createremotethread 


Graftor – But I Never Asked for This

http://blog.talosintelligence.com/2017/09/graftor-but-i-never-asked-for-this.html 

Flattened MITRE ATT&CK Matrix

http://www.austintaylor.io/mitre/attack/matrix/flattened/threat/actor/mapping/2017/09/05/flattened-mitre-attack-matrix/ 

Flash Dumping – Part I 

https://blog.quarkslab.com/flash-dumping-part-i.html 

Re-enjoying the ActiveX (and others) Fun in Chinese Customized Browsers 

https://justhaifei1.blogspot.com/2017/09/re-enjoying-activex-and-others.html 

Solaris to Linux Migration 2017

http://www.brendangregg.com/blog/2017-09-05/solaris-to-linux-2017.html 

security things in Linux v4.13

https://outflux.net/blog/archives/2017/09/05/security-things-in-linux-v4-13/ 


Footprints of FIN7: Tracking Actor Patterns (Part 1)

https://www.icebrg.io/blog/footprints-of-fin7-tracking-actor-patterns 

(完)