热点概要:【漏洞预警】Apache Struts2插件高危漏洞(S2-052)、Struts2 S2-052 RCE分析与利用、Mastercard互联网网关服务:Hashing设计缺陷、Solaris to Linux Migration 2017、ToorCon 19 – 2017 议题视频、滥用可写Windows服务
资讯类:
【漏洞预警】Apache Struts2插件高危漏洞(S2-052)
http://bobao.360.cn/news/detail/4291.html
技术类:
Mastercard互联网网关服务:Hashing设计缺陷
http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/
DIY监控程序: 滥用Apple的Call Relay协议
http://www.martinvigo.com/diy-spy-program-abusing-apple-call-relay-protocol/
High Sierra安全内核扩展加载存在安全隐患
https://objective-see.com/blog/blog_0x21.html
ToorCon 19 – 2017 议题视频
https://www.youtube.com/playlist?list=PLR6Acteg0QHE0Yjs3jK2zzWjmGhUgsYUp
滥用可写Windows服务
https://blog.didierstevens.com/2017/09/05/abusing-a-writable-windows-service/
使用QL去发现Apache Struts的远程代码执行漏洞(CVE-2017-9805)
https://lgtm.com/blog/apache_struts_CVE-2017-9805
译文:
https://xianzhi.aliyun.com/forum/read/2067.html
WiseGiga NAS多个漏洞
https://blogs.securiteam.com/index.php/archives/3402
Struts2 S2-052 RCE分析与利用
https://mp.weixin.qq.com/s/PedD0NG2KLAKWbupzU8lrw
通过静态分析检测Python Web应用程序中漏洞
https://github.com/python-security/pyt
C# DLL注入指南
http://www.codingvision.net/miscellaneous/c-inject-a-dll-into-a-process-w-createremotethread
Graftor – But I Never Asked for This
http://blog.talosintelligence.com/2017/09/graftor-but-i-never-asked-for-this.html
Flattened MITRE ATT&CK Matrix
Flash Dumping – Part I
https://blog.quarkslab.com/flash-dumping-part-i.html
Re-enjoying the ActiveX (and others) Fun in Chinese Customized Browsers
https://justhaifei1.blogspot.com/2017/09/re-enjoying-activex-and-others.html
Solaris to Linux Migration 2017
http://www.brendangregg.com/blog/2017-09-05/solaris-to-linux-2017.html
security things in Linux v4.13
https://outflux.net/blog/archives/2017/09/05/security-things-in-linux-v4-13/
Footprints of FIN7: Tracking Actor Patterns (Part 1)
https://www.icebrg.io/blog/footprints-of-fin7-tracking-actor-patterns